Announcement Announcement Module
Collapse
No announcement yet.
newbie help please Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • newbie help please

    hi,

    I'm trying to put together the most basic of basic implementations of Acegi. I've followed the quick-start, but still can't get this working.
    Code:
    example-helloworld
           -secure
                 secure_hello.html
           -WEB-INF
                  -lib
                  applicationContext.xml
                  web.xml 
            -acegilogin.jsp
            -hello.html
    web.xml and applicationContext.xml below. The protected url is just /helloworld/secure/secure_hello.html. Only marissa is authorized to see this.

    Basically, I wanted to use Basic Authentication to protect the secure directory (as in Contacts app secure/debug.jsp). All works fine with the config below using the acegilogin.jsp with AuthenticationProcessingFilter in the securityEnforcementFilter.

    However if I uncomment the securityEnforcementFilter which uses BasicAuthentication I can never authenticate properly.

    Can anyone see what's wrong?

    Thanks in advance
    James

    web.xml
    Code:
    <?xml version="1.0" encoding="ISO-8859-1"?>
    
    <!DOCTYPE web-app
        PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
        "http&#58;//java.sun.com/dtd/web-app_2_3.dtd">
    
    <web-app>
    
        <display-name>HelloWorld Example</display-name>
        <description>
          Example
        </description>
    
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>/WEB-INF/applicationContext.xml</param-value>
    	</context-param>	
    
    
        <filter>
            <filter-name>Acegi Authentication Processing Filter</filter-name>
            <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
            <init-param>
                <param-name>targetClass</param-name>
                <param-value>net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter</param-value>
            </init-param>
        </filter>
    
    
        <filter>
            <filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name>
            <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
            <init-param>
                <param-name>targetClass</param-name>
                <param-value>net.sf.acegisecurity.ui.AutoIntegrationFilter</param-value>
            </init-param>
        </filter>
    
        <filter>
            <filter-name>Acegi HTTP Request Security Filter</filter-name>
            <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
            <init-param>
                <param-name>targetClass</param-name>
                <param-value>net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter</param-value>
            </init-param>
        </filter>
    
        <filter>
            <filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
            <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
            <init-param>
                <param-name>targetClass</param-name>
                <param-value>net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter</param-value>
            </init-param>
        </filter>
    	
        <filter-mapping>
          <filter-name>Acegi Authentication Processing Filter</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
    
        <filter-mapping>
          <filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
        
        <filter-mapping>
          <filter-name>Acegi HTTP Request Security Filter</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
    
        <filter-mapping>
          <filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
    
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
    
    <welcome-file-list> 
    <welcome-file>hello.html</welcome-file>
    </welcome-file-list> 
    	
    
    </web-app>
    applicationContext.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd">
    
    <!--
      - These entries must be added to your EXISTING applicationContext.xml. 
      - This applicationContext.xml cannot be used in its current form. It only
      - contains fragments of a real applicationContext.xml.
      -
      - $Id&#58; applicationContext.xml,v 1.5 2004/09/24 00&#58;47&#58;51 benalex Exp $
      -->
    
    <beans>
    
    	<!-- =================== SECURITY BEANS YOU SHOULD CHANGE ================== -->
    	
    	<bean id="authenticationDao" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
      		<property name="userMap">
    			<value>
    				marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
    				dianne=emu,ROLE_TELLER
    				scott=wombat,ROLE_TELLER
    				peter=opal,disabled,ROLE_TELLER
    			</value>
    		</property>
    	</bean>
    
    	<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
    	     The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
    	     Accordingly, you should place MOST SPECIFIC &#40;ie a/b/c/d.*&#41; expressions first, with LEAST SPECIFIC &#40;ie a/.*&#41; expressions last -->
    	<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
        	<property name="authenticationManager"><ref local="authenticationManager"/></property>
        	<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
     		<property name="objectDefinitionSource">
    			<value>
    			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				\A/secure/.*\Z=ROLE_SUPERVISOR
    			</value>
    		</property>
    	</bean>
    
    	<!-- =================== SECURITY BEANS YOU WILL RARELY &#40;IF EVER&#41; CHANGE ================== -->
    	
    	<bean id="passwordEncoder" class="net.sf.acegisecurity.providers.encoding.Md5PasswordEncoder"/>	
    
       	<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
       	<bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
    
    	<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
         	<property name="authenticationDao"><ref local="authenticationDao"/></property>
         	<property name="userCache"><ref local="userCache"/></property>
    	</bean>
    	
    	<bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
    		<property name="minutesToIdle"><value>5</value></property>
    	</bean>
    
    	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
    		<property name="providers">
    		  <list>
    		    <ref local="daoAuthenticationProvider"/>
    		  </list>
    		</property>
    	</bean>
    
    	<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
    
    	<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
       		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
    		<property name="decisionVoters">
    		  <list>
    		    <ref local="roleVoter"/>
    		  </list>
    		</property>
    	</bean>
    
    
    	<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter"> 
    		<property name="authenticationManager"><ref local="authenticationManager"/></property> 
    		<property name="authenticationEntryPoint"><ref local="authenticationEntryPoint"/></property> 
    	</bean> 
    
    	<bean id="authenticationEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> 
    		<property name="realmName"><value>MyRealm</value></property> 
    	</bean>
    
    	<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
    		<property name="authenticationManager"><ref local="authenticationManager"/></property>
    		<property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
    		<property name="defaultTargetUrl"><value>/</value></property>
    		<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
    	</bean>
    
    	<bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    		<property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
    		<property name="forceHttps"><value>false</value></property>
    	</bean>
    
    <!--
    	<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
    		<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
    		<property name="authenticationEntryPoint"><ref local="authenticationEntryPoint"/></property>
    	</bean>
    -->
    	<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
    		<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
    		<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
    	</bean>
    
    	<bean id="autoIntegrationFilter" class="net.sf.acegisecurity.ui.AutoIntegrationFilter" />
    
    </beans>

  • #2
    clarification....

    if I uncomment the securityEnforcementFilter to use BasicAuthentication, that means I comment out the one using AuthenticationProcessingFilter :wink:

    Comment


    • #3
      It's a filter ordering issue. See http://forum.springframework.org/showthread.php?t=10989 for correct order.
      Last edited by robyn; May 19th, 2006, 05:56 AM.

      Comment

      Working...
      X