Announcement Announcement Module
Collapse
No announcement yet.
Using Acegi Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
  • #16
    no i d'ont find the tutorial;
    my probleme lies in the form of authentification and particulary in “the action” of the form:
    <form name="form1" action="j_acegi_security_check" method="GET">
    this action must be, normally, intercepted by “authenticationProcessingFilter”:
    Code:
    <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">  
<property name="authenticationManager" ref="authenticationManager"/>  
<property name="authenticationFailureUrl" value="/index.jsp"/>  
<property name="defaultTargetUrl" value="/"/>  
<property name="filterProcessesUrl" value="/j_acegi_security_check"/>  
<property name="rememberMeServices" ref="rememberMeServices"/>  
</bean>
    however at the time of the sending nothing occurs, I would have error 404 rather. I will like to know if exist an additional configuration so that my action is intercepted (confuration in web.xml for example): my web.xml is the following:
    Code:
    <filter>
  <filter-name>Acegi Authentication Processing Filter</filter-name>
  <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
  <init-param>
    <param-name>targetClass</param-name>
    <param-value>org.acegisecurity.intercept.web.FilterSecurityInterceptor</param-value>
    <!--param-value>org.acegisecurity.util.FilterChainProxy</param-value-->
  </init-param>
</filter>

<filter-mapping>
  <filter-name>Acegi Authentication Processing Filter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
  <listener-class>
   org.springframework.web.context.ContextLoaderListener
  </listener-class>
</listener>
    it'is the normally configuration, but my authentification d'ont work.
    THINKS FOR HELP
    Thinks Amin for your interest

    Comment

    • #17
      Hmmm....one thing i would mention is that changing the method from GET to POST. Not sure if this makes a difference. Is it possible to have a look at the whole context file? The web.xml file looks (at a glance) the same as mine.

      It's shame as i'm at work at the moment otherwise i could load my laptop up and send u my example.

      The other thing you can try is looking at this url with a complete set up of acegi.
      http://blog.xebia.com/2007/03/04/how...egi-framework/

      This blog has all the set up and i took stuff from the example. Let me how it goes. Will be checking this site regularly!

      Comment

      • #18
        please where can i get th "acegi-security-sample-tutorial ": I don't fing it in http://www.acegisecurity.org.
        If you go to the Acegi site, there is a download link. If you download Acegi, there are two wars in the root folder. These are the two example application. I would really recommend taking a look at them.

        Comment

        • #19
          Hi there

          I'm slightly struggling here. I have pretty much copied the sample applicationContext.xml from the sample web app provided (i've excluded rememberme stuff) but i can't get it to work properly.

          I'm getting the following exception:
          Authentication object null.

          Here is my updated config.xml
          Code:
          <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value>
				<![CDATA[
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,logoutFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor
				]]>
			</value>
		</property>
	</bean>
	<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
	
	<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
		<constructor-arg value="/login.do"/> <!-- URL redirected to after logout -->
		<constructor-arg>
			<list>
				<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
			</list>
		</constructor-arg>

	</bean>



	<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
		<property name="authenticationManager" ref="authenticationManager"/>
		<property name="authenticationFailureUrl" value="/login.do?login_error=1"/>
		<property name="defaultTargetUrl" value="/secure/test.jsp"/>
		<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
	</bean>

	<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
	
	<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
		<property name="authenticationEntryPoint">
			<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
				<property name="loginFormUrl" value="/login.do"/>
				<property name="forceHttps" value="false"/>
			</bean>
		</property>
		<property name="accessDeniedHandler">
			<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
				<property name="errorPage" value="/login.do?login_error=1"/>
			</bean>
		</property>
	</bean>

	 <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
      <property name="allowIfAllAbstainDecisions"><value>false</value></property>
      <property name="decisionVoters">
         <list>
            <ref bean="roleVoter"/>
            <ref bean="authenticatedVoter" />
         </list>
      </property>
   </bean>
	<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />
   <bean id="authenticatedVoter" class="org.acegisecurity.vote.AuthenticatedVoter"/>
	
	<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
		<property name="authenticationManager" ref="authenticationManager"/>
		<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager" />
		<property name="objectDefinitionSource">
			<value><![CDATA[
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/secure/**=ROLE_SUPERVISOR
				]]>
			</value>
		</property>

	</bean>

	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref local="daoAuthenticationProvider"/>
			</list>

		</property>

	</bean>



	<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
		<property name="userDetailsService" ref="userDetailsService"/>
	</bean>



	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->

	<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
		<property name="userProperties">
			<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
				<property name="location" value="/WEB-INF/users.properties"/>
			</bean>
		</property>
	</bean>



	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->

	<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>



</beans>
          Any help would be much appreciated.

          Thanks
          Amin

          Comment

          • #20
            I've had a quick scan over it and I can't see anything that's obviously wrong.

            Comment

            • #21
              After considerable amount of hair pulling and banging my head on the table i managed to get it working.

              I just copied the entire project provided by acegi and replaced it with my stuff and it works!

              Comment

              • #22
                Hmmm interesting. Well it's working that's the main thing, now don't break it .

                Comment

                • #23
                  i think it may have been the web.xml configuration that was causing the problem. I want to take out the unnecessary stuff like rememberme ...but too scared to touch it now!

                  Comment

                  • #24
                    Well as long as you change something and then test that change, it's easy to track down the problems when you break it. I don't think you should need to change the web.xml though.

                    Comment

                    • #25
                      Originally posted by karldmoore View Post
                      If you go to the Acegi site, there is a download link. If you download Acegi, there are two wars in the root folder. These are the two example application. I would really recommend taking a look at them.
                      thinks Karl for answer, I downloaded the example and it goes, except that I must each time refresh the page (for example the page extreme/index.jsp) if not the result of the previous execution is posted. has exist acegi solution for that?
                      Last edited by badi007; Mar 19th, 2007, 12:45 PM.

                      Comment

                      • #26
                        I'm sorry I don't understand what you are getting at.

                        Comment

                        • #27
                          Originally posted by karldmoore View Post
                          I'm sorry I don't understand what you are getting at.
                          excuse me for my English,
                          I wanted to say that to see the authorizations of each account (admin or simple user) I must refresh each time the page in question in order to have the adequate result (authorized or not).
                          for example I reach the /secure/index.jsp page with the account of a simple user (Peter for example) but with the contents of the former user (admin for exmple). Only when I refresh the page at this time I would have “access denied”. thus i want to know if there is acegi solution which makes possible to refresh the pages automatically or to remove the user details after logout.
                          Last edited by badi007; Mar 20th, 2007, 06:25 AM.

                          Comment

                          • #28
                            Are you saying that your browser is caching the pages? That isn't something you would use Acegi to alter. It's a normal issue using GET requests with webapps and web servers. Most web frameworks allow you to configure them to set HTTP headers to prevent caching and if you are using HTTPS pages won't be cached either.

                            Comment

                            • #29
                              Originally posted by Luke View Post
                              Are you saying that your browser is caching the pages? That isn't something you would use Acegi to alter. It's a normal issue using GET requests with webapps and web servers. Most web frameworks allow you to configure them to set HTTP headers to prevent caching and if you are using HTTPS pages won't be cached either.
                              thinks for info

                              Comment

                              Previous 1 2
                              Working...
                              X