Announcement Announcement Module
Collapse
No announcement yet.
Odd Behaviour with Login Page Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Odd Behaviour with Login Page

    Hi Guys,

    I have two pages. One called login.jsp and another called loginx.jsp. They have exactly the same code, which is;

    Code:
    <%@ taglib prefix="core" uri="http://java.sun.com/jstl/core" %>
    
    
    <html>
      <head>
        <title>Login</title>
      </head>
    
      <body>
         <form action="<c:url value='j_acegi_security_check'/>" method="POST">
          <table>
            <tr><td>User:</td><td><input type='text' name='j_username'></td></tr>
            <tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
    
            <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
            <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
          </table>
    
        </form>
    
      </body>
    </html>
    login.jsp is defined as the loginFormUrl as shown in the servlet;

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
    
    <beans>
    
    	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
    		<property name="filterInvocationDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
    			</value>
    		</property>
    	</bean>
    
    	<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
    
    	<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
    		<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
    		<constructor-arg>
    			<list>
    				<ref bean="rememberMeServices"/>
    				<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
    			</list>
    		</constructor-arg>
    	</bean>
    
    	<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
    		<property name="authenticationManager" ref="authenticationManager"/>
    		<property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/>
    		<property name="defaultTargetUrl" value="/"/>
    		<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
    		<property name="rememberMeServices" ref="rememberMeServices"/>
    	</bean>
       
    	<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
    
    	<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
    		<property name="authenticationManager" ref="authenticationManager"/>
    		<property name="rememberMeServices" ref="rememberMeServices"/>
    	</bean>
    
    	<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
    		<property name="key" value="changeThis"/>
    		<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
    	</bean>
    
    	<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
    		<property name="authenticationEntryPoint">
    			<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    				<property name="loginFormUrl" value="/login.jsp"/>
    				<property name="forceHttps" value="false"/>
    			</bean>
    		</property>
    		<property name="accessDeniedHandler">
    			<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
    				<property name="errorPage" value="/accessDenied.jsp"/>
    			</bean>
    		</property>
    	</bean>
    
    	<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
    		<property name="authenticationManager" ref="authenticationManager"/>
    		<property name="accessDecisionManager">
    			<bean class="org.acegisecurity.vote.AffirmativeBased">
    				<property name="allowIfAllAbstainDecisions" value="false"/>
    				<property name="decisionVoters">
    					<list>
    						<bean class="org.acegisecurity.vote.RoleVoter"/>
    						<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
    					</list>
    				</property>
    			</bean>
    		</property>
    		<property name="objectDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/jsp/admin/**=ROLE_SUPERVISOR
    				/jsp/user/**=IS_AUTHENTICATED_REMEMBERED
    				/**=IS_AUTHENTICATED_ANONYMOUSLY
    			</value>
    		</property>
    	</bean>
    
    	<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
    		<property name="userDetailsService" ref="userDetailsService"/>
    		<property name="key" value="changeThis"/>
    	</bean>
    
    	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
    		<property name="providers">
    			<list>
    				<ref local="daoAuthenticationProvider"/>
    				<bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
    					<property name="key" value="changeThis"/>
    				</bean>
    				<bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
    					<property name="key" value="changeThis"/>
    				</bean>
    			</list>
    		</property>
    	</bean>
    
    	<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
    		<property name="userDetailsService" ref="userDetailsService"/>
    		<property name="userCache">
    			<bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
    				<property name="cache">
    					<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
    						<property name="cacheManager">
    							<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
    						</property>
    						<property name="cacheName" value="userCache"/>
    					</bean>
    				</property>
    			</bean>
    		</property>
    	</bean>
    
    	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
    	<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
    		<property name="userProperties">
    			<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
    				<property name="location" value="/WEB-INF/users.properties"/>
    			</bean>
    		</property>
    	</bean>
    
    	
    	<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
    	  
    
    </beans>
    Upon loading my webapp I clicked on a link in the index page, to get to a secured resource it retrieved the login.jsp page. I entered the correct principle credentials and on submit I got the following error;

    Code:
    HTTP Status 404 - /SpringAcegi/%3Cc:url%20value='j_acegi_security_check'/%3E
    
    type Status report
    
    message /SpringAcegi/%3Cc:url%20value='j_acegi_security_check'/%3E
    
    description The requested resource (/SpringAcegi/%3Cc:url%20value='j_acegi_security_check'/%3E) is not available.
    However, then I loaded the loginx.jsp by entering its address in the url directly. I entered the principles credentials and then on submit I was redirected to the accessdenied.jsp page. I cleaned my project, cleared out the cache in my browser, redeployed the project (several times over) and still I got the same result. Then I removed loginx.jsp from my project and tried to login with login.jsp and it still did not work. After this I placed loginx.jsp back into the project and now neither of them work. They both still have the same code.

    I am using tomcat server 5.5 with eclipse ide 3.2.1. The two jsp files are located in the webcontent directory. Im new to webapps, but im guessing that this is going to be a problem with my web container/IDE than anything to do with the way I have implemented acegi. However just so I can eliminate the possibility of bad code, can someone tell me if I have made a mistake with the coding in any way.

    Thanx

  • #2
    I would personally take a look at acegi-security-sample-tutorial that ships with Acegi. It's a great place to start and it works. Start from there and make the changes you want.

    Comment


    • #3
      Originally posted by karldmoore View Post
      I would personally take a look at acegi-security-sample-tutorial that ships with Acegi. It's a great place to start and it works. Start from there and make the changes you want.
      My example app was taken directly from the acegi sample tutorial. However instead of altering the sample directly, I attempted to build a new app with the sample's features. I did this because I wanted to integrate acegi with an existing spring app I have running.

      The sample tutorial works perfectly fine on my comp so I think I'll give it another go by altering that code directly. Thanks for the advice.

      Comment


      • #4
        Not a problem! I usually find try to do a quick diff between the two is the best approach. Saves hours of head scratching.

        Comment

        Working...
        X