Announcement Announcement Module
Collapse
No announcement yet.
newbie setup problem Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • newbie setup problem

    Hi,

    I am trying to get the most basic acegi setup going with my app - for now, just a requirement to log in before accessing any pages.

    I have taken my xml from an example posted by Savrak at:
    http://forum.springframework.org/sho...ati-acegi-web1

    I would have expected this setup to redirect a user to the login page, but instead it allows direct access without logging in. Can someone point out what I am missing?

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
    
    
    <beans>
    
       <!-- ======================== FILTER CHAIN ======================= -->
    
    	<!--  if you wish to use channel security, add "channelProcessingFilter," in front
    	      of "httpSessionContextIntegrationFilter" in the list below -->
    	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
          <property name="filterInvocationDefinitionSource">
             <value>
    		    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    		    PATTERN_TYPE_APACHE_ANT
                /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
             </value>
          </property>
        </bean>
    
       <!-- ======================== AUTHENTICATION ======================= -->
    
       <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
          <property name="providers">
             <list>
                <ref local="daoAuthenticationProvider"/>
             </list>
          </property>
       </bean>
    
       <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
          <property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property>
       </bean>
    
        <!-- Simplest mapping between user, password and roles -->
    	<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
          <property name="userMap">
            <value>
                marissa=koala,ROLE_USER
                dianne=emu,ROLE_SUPERVISOR
                scott=wombat,ROLE_USER,ROLE_SUPERVISOR
            </value>
         </property>
       </bean>
    
    
       <!-- Handles any AccessDeniedException and AuthenticationException thrown within the filter chain -->  
       <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
    
    
       <!-- ===================== ACCESS DECISION ==================== -->
        
       <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
          <property name="allowIfAllAbstainDecisions"><value>false</value></property>
          <property name="decisionVoters">
             <list>
                <ref bean="roleVoter"/>
             </list>
          </property>
       </bean>
    
       <!-- An access decision voter that reads ROLE_* configuration settings -->
       <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>
        
        
       <!-- Note the order that entries are placed against the objectDefinitionSource is critical.
            The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
            Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
       <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
          <property name="authenticationManager"><ref bean="authenticationManager"/></property>
          <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
          <property name="objectDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				
    				/admin/**=ROLE_ADMIN
    			</value>
    		</property>
       </bean>
    
    
       <!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
    
    
       <!-- ===================== HTTP REQUEST SECURITY ==================== -->
    
       <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
          <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
       </bean>
    
       <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
          <property name="authenticationManager"><ref bean="authenticationManager"/></property>
          <property name="authenticationFailureUrl"><value>/home/login.htm?login_error=1</value></property>
          <property name="defaultTargetUrl"><value>/</value></property>
          <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
       </bean>
    
       <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
          <property name="loginFormUrl"><value>/home/login.htm</value></property>
          <property name="forceHttps"><value>false</value></property>
       </bean>
    
        <!-- Allow the use of getRemoteUser(), getUserPrincipal(), etc on request for Acegi -->
        <!-- bean id="contextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/ -->
    
    </beans>
    And one other thing - how do I get acegi to put the usernames into a session?

    TIA,

    John

  • #2
    I added:

    /**=ROLE_USER

    to
    Code:
    <property name="objectDefinitionSource">
    		<value>
    			CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    			PATTERN_TYPE_APACHE_ANT
    			/**=ROLE_USER
    			/admin/**=ROLE_ADMIN
    		</value>
    </property>
    get this error in Firefox:

    The page isn't redirecting properly

    Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

    and have this in the log:

    Code:
     DEBUG http-8080-1 org.acegisecurity.util.FilterChainProxy - /home/login.htm at position 1 of 4 in additional filter chain; firing Filter: '[email protected]85b'
     DEBUG http-8080-1 org.acegisecurity.context.HttpSessionContextIntegrationFilter - HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder
     DEBUG http-8080-1 org.acegisecurity.util.FilterChainProxy - /home/login.htm at position 2 of 4 in additional filter chain; firing Filter: 'org.acegisecurity.ui.webapp.AuthenticationProcessingFilter@46f93'
     DEBUG http-8080-1 org.acegisecurity.util.FilterChainProxy - /home/login.htm at position 3 of 4 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@139358c'
     DEBUG http-8080-1 org.acegisecurity.util.FilterChainProxy - /home/login.htm at position 4 of 4 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@ea9bc8'
     DEBUG http-8080-1 org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap - Converted URL to lowercase, from: '/home/login.htm'; to: '/home/login.htm'
     DEBUG http-8080-1 org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap - Candidate is: '/home/login.htm'; pattern is /admin/**; matched=false
     DEBUG http-8080-1 org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap - Candidate is: '/home/login.htm'; pattern is /**; matched=true
     DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - Secure object: FilterInvocation: URL: /home/login.htm; ConfigAttributes: [ROLE_USER]
     DEBUG http-8080-1 org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in context [Root WebApplicationContext]: org.acegisecurity.event.authorization.AuthenticationCredentialsNotFoundEvent[source=FilterInvocation: URL: /home/login.htm]
     DEBUG http-8080-1 org.acegisecurity.ui.ExceptionTranslationFilter - Authentication exception occurred; redirecting to authentication entry point
     org.acegisecurity.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
    	at org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:339)
    	at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:254)
    	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:104)
    	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:72)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
    	at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:110)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
    	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:217)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
    	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:229)
    	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
    	at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:148)
    	at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:216)
    	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
    	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634)
    	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445)
    	at java.lang.Thread.run(Thread.java:619)
    DEBUG http-8080-1 org.acegisecurity.ui.ExceptionTranslationFilter - Authentication entry point being called; SavedRequest added to Session: SavedRequest[http://localhost:8080/starfriend/home/login.htm]
     DEBUG http-8080-1 org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint - Redirecting to: http://localhost:8080/starfriend/home/login.htm
     DEBUG http-8080-1 org.acegisecurity.context.HttpSessionContextIntegrationFilter - SecurityContextHolder set to new context, as request processing completed
    I thought getting a AuthenticationCredentialsNotFoundException would cuase a redirect to the login page.

    Comment


    • #3
      What about people who aren't yet authenticated? Don't you want to leave some URLs unprotected? I would really check out the examples that ship with Acegi. They are a great place to start!

      Comment

      Working...
      X