Announcement Announcement Module
Collapse
No announcement yet.
Need to modify web service app to accept HTTP auth... help :) Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Need to modify web service app to accept HTTP auth... help :)

    Hi all,

    I have an app that was designed around web service based authentication with Acegi 0.8.2 (using dao I think). I'd like to modify the filter list to include form-based authentication as an option against the same user list as well, for some new jsp-based services extending the app.

    The stumbling block I ran into is that it seems like the serviceFilterInvocationInterceptor bean can accept one type of accessDecisionManager or another -- I have no idea how to get it to use both httpRequestAccessDecisionManager and roleDecisionManager (which is what the current version is using) -- and I'm not even sure that's what I should be trying to do to begin with.

    I'm going to include my security xml here... any suggestions would be warmly welcomed.

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
    
    <!-- =================== ACEGI SECURITY CONFIGURATION ================== -->
    
    <beans>
    
      <bean id="filterChainProxy"
        class="net.sf.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
          <value>
            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
            \A.*/gateway\Z=sessionCreationFilter,httpSessionContextIntegrationFilter,rememberMeProcessingFilter,anonymousProcessingFilter
            \A.*/upload\Z=sessionCreationFilter,httpSessionContextIntegrationFilter,rememberMeProcessingFilter
          </value>
        </property>
      </bean>
    
      <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
        <property name="providers">
          <list>
            <ref local="daoAuthenticationProvider"/>
            <ref local="anonymousAuthenticationProvider"/>
            <ref local="rememberMeAuthenticationProvider"/>
            <ref local="runAsAuthenticationProvider"/>
          </list>
        </property>
      </bean>
    
      <bean id="userDao" class="someWebApp.security.UserDao">
        <property name="sessionFactory">
          <ref bean="sessionFactory"/>
        </property>
      </bean>
    
      <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <property name="authenticationDao"><ref bean="userDao"/></property>
        <property name="userCache"><ref local="userCache"/></property>
      </bean>
    
    <bean id="anonymousProcessingFilter" class="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
      <property name="key"><value>foobar</value></property>
      <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
    </bean>
    
    <bean id="anonymousAuthenticationProvider" class="net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
      <property name="key"><value>foobar</value></property>
    </bean>
    
      <!-- SERVICE AUTHENTICATION FOR APPLICATION ACCESS -->
      <bean id="serviceFilterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager"><ref local="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref local="roleDecisionManager"/></property>
        <property name="objectDefinitionSource">
          <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**/*=ROLE_ANONYMOUS,ROLE_USER,ROLE_INVITED_USER
          </value>
        </property>
      </bean>
    
      <bean id="serviceAuthenticationEntryPoint" class="someWebApp.security.DeadEndAuthenticationEntryPoint"/>
    
      <bean id="serviceEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
        <property name="filterSecurityInterceptor"><ref local="serviceFilterInvocationInterceptor"/></property>
        <property name="authenticationEntryPoint"><ref local="serviceAuthenticationEntryPoint"/></property>
      </bean>
      <!-- END FORM AUTHENTICATION -->
    
      <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
    
      <bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
        <property name="cacheManager">
          <ref local="cacheManager"/>
        </property>
        <property name="cacheName">
          <value>userCache</value>
        </property>
      </bean>
    
      <bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
        <property name="cache"><ref local="userCacheBackend"/></property>
      </bean>
    
      <bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
        <property name="context"><value>net.sf.acegisecurity.context.security.SecureContextImpl</value></property>
      </bean>
    
      <bean id="sessionCreationFilter" class="someWebApp.security.SessionCreationFilter">
      </bean>
    
      <bean id="roleDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
        <property name="allowIfAllAbstainDecisions"><value>false</value></property>
        <property name="decisionVoters">
          <list>
            <ref local="roleVoter"/>
          </list>
        </property>
      </bean>
    
      <bean id="rememberMeProcessingFilter" class="someWebApp.web.someWebAppRememberMeProcessingFilter">
        <property name="rememberMeServices"><ref local="rememberMeServices"/></property>
      </bean>
    
      <bean id="rememberMeServices" class="someWebApp.web.someWebAppRememberMeServices">
        <property name="authenticationDao"><ref bean="userDao"/></property>
        <property name="parameter"><value>remember</value></property>
        <property name="tokenValiditySeconds"><value>2592000</value></property>
        <property name="key"><value>someWebApp.service.authentication</value></property>
      </bean>
    
      <bean id="rememberMeAuthenticationProvider" class="net.sf.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
        <property name="key"><value>someWebApp.service.authentication</value></property>
      </bean>
      <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
    
      <bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
    
      <!--============ Role-based Service Authorization =================-->
    
      <bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
        <property name="key"><value>RunAsManagerKey</value></property>
      </bean>
    
      <bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider">
        <property name="key"><value>RunAsManagerKey</value></property>
      </bean>
    
      <!--
      - These settings enforce service level access by user role.
      - This interceptor is configured in the interceptor chain for all remote services.
      -
      - First we lock down each service to a role that no user has (ROLE_FORBIDDEN).
      - Then we open up service access to read-only users and more priviledged roles.
      -
        -->
      <bean id="roleAuthorizationInterceptor" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
        <property name="validateConfigAttributes"><value>true</value></property>
        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref bean="roleDecisionManager"/></property>
        <property name="runAsManager"><ref bean="runAsManager"/></property>
        <property name="objectDefinitionSource">
          <value>
            someWebApp.service.UserService.*=ROLE_FORBIDDEN
            someWebApp.service.UserService.find*=ROLE_USER,ROLE_INVITED_USER
            someWebApp.service.UserService.save*=ROLE_USER
            someWebApp.service.UserService.update*=ROLE_USER,ROLE_INVITED_USER
            someWebApp.service.UserService.add*=ROLE_USER
            someWebApp.service.UserService.remove*=ROLE_USER
            someWebApp.service.UserService.delete*=ROLE_USER
            someWebApp.service.UserService.get*=ROLE_USER,ROLE_INVITED_USER
    	someWebApp.service.UserService.getMessageById*=ROLE_USER,ROLE_INVITED_USER
    	someWebApp.service.UserService.public*=ROLE_ANONYMOUS,ROLE_USER,ROLE_INVITED_USER
            someWebApp.service.UserService.send*=ROLE_USER,ROLE_INVITED_USER
    
            someWebApp.service.GroupService.*=ROLE_FORBIDDEN
            someWebApp.service.GroupService.find*=ROLE_USER,ROLE_INVITED_USER
            someWebApp.service.GroupService.save*=ROLE_USER
            someWebApp.service.GroupService.update*=ROLE_USER
            someWebApp.service.GroupService.join*=ROLE_USER
            someWebApp.service.GroupService.create*=ROLE_USER
            someWebApp.service.GroupService.invite*=ROLE_USER
            someWebApp.service.GroupService.reinvite*=ROLE_USER
            someWebApp.service.GroupService.revoke*=ROLE_USER
            someWebApp.service.GroupService.check*=ROLE_USER
          </value>
        </property>
      </bean>
    
    </beans>
    Last edited by ciparis; Mar 30th, 2007, 11:28 AM.

  • #2
    This is a tough nut for me to crack -- I have little to go on here. The examples are not easily applicable to our acegi version, and I don't think porting our particular app to use the latest is very straightforward. I didn't implement it, but I have to maintain it, and I really don't know where to go from here -- I've made many attempts, and none of them work.


    The app just needs to have form-based authentication added, so I can authenticate with a form on a jsp page as well as with the existing service-based methods. I have no idea how to apply this. Any help would be very much appreciated -- I'll mail you a beer. Or a pizza. Really.

    Here's web.xml, to add to the above info.

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <web-app version="2.4"
             xmlns="http://java.sun.com/xml/ns/j2ee"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" >
    
      <context-param>
        <param-name>log4jConfigLocation</param-name>
        <param-value>classpath:log4j.properties</param-value>
      </context-param>
    
      <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
          classpath:xfire.xml
          classpath:application.xml
          classpath:application-security.xml
          classpath:application-server.xml
        </param-value>
      </context-param>
    
      <listener>
    		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
    	</listener>
    
      <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      </listener>
    
      <filter>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
          <param-name>targetClass</param-name>
          <param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value>
        </init-param>
      </filter>
    
      <filter>
        <filter-name>Session Detail Filter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
          <param-name>targetBeanName</param-name>
          <param-value>sessionDetailFilter</param-value>
        </init-param>
      </filter>
    
      <filter-mapping>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>
    
      <filter-mapping>
        <filter-name>Session Detail Filter</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>
    
      <servlet>
        <servlet-name>serviceDispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
      </servlet>
    	
      <servlet>
        <servlet-name>webDispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
      </servlet>
    
      <servlet>
    		<servlet-name>DefaultGateway</servlet-name>
    		<display-name>DefaultGateway</display-name>
    		<description>DefaultGateway</description>
    		<servlet-class>org.openamf.DefaultGateway</servlet-class>
    		<init-param>
    			<param-name>OPENAMF_CONFIG</param-name>
    			<param-value>/WEB-INF/openamf-config.xml</param-value>
    			<description>Location of the OpenAMF config file.</description>
    		</init-param>
    	</servlet>
    
    	<servlet-mapping>
    		<servlet-name>DefaultGateway</servlet-name>
    		<url-pattern>/gateway</url-pattern>
    	</servlet-mapping>
    	
      <servlet-mapping>
        <servlet-name>serviceDispatcher</servlet-name>
        <url-pattern>/service/*</url-pattern>
      </servlet-mapping>
    
      <servlet-mapping>
        <servlet-name>webDispatcher</servlet-name>
        <url-pattern>/config.xml</url-pattern>
      </servlet-mapping>
    
      <servlet-mapping>
        <servlet-name>webDispatcher</servlet-name>
        <url-pattern>/web/*</url-pattern>
      </servlet-mapping>
    
    </web-app>
    and serviceDispatcher.xml:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
    
    <beans>
    
      <bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
        <property name="urlMap">
          <map>
            <entry key="/GroupService">
              <ref bean="GroupServiceExporter"/>
            </entry>
            <entry key="/UserService">
              <ref bean="userServiceExporter"/>
            </entry>
            <entry key="/LoginService">
              <ref bean="loginServiceExporter"/>
            </entry>
            <entry key="/upload">
              <ref bean="uploadController"/>
            </entry>
          </map>
        </property>
      </bean>
    
      <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="viewClass"><value>org.springframework.web.servlet.view.JstlView</value></property>
        <property name="prefix"><value>/WEB-INF/jsp/</value></property>
        <property name="suffix"><value>.jsp</value></property>
      </bean>
    
      <bean id="multipartResolver"
        class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
        <property name="maxUploadSize">
            <value>6000000</value>
        </property>
      </bean>
    
      <!-- Removes hibernate proxies from objects about to be translated -->
      <bean id="remotingInterceptor" class="com.carbonfive.hibernate.RemotingInterceptor"/>
    
      <!-- Declare a parent bean with all properties common to both services -->
      <bean id="loginServiceRemote" class="org.springframework.aop.framework.ProxyFactoryBean">
        <property name="proxyInterfaces">
          <value>someWebApp.service.LoginService</value>
        </property>
        <property name="target">
          <ref bean="loginService"/>
        </property>
        <property name="interceptorNames">
           <list>
              <idref local="remotingInterceptor"/>
           </list>
        </property>
      </bean>
    
      <bean id="loginServiceExporter" class="org.codehaus.xfire.spring.XFireExporter">
          <property name="serviceFactory">
              <ref bean="xfire.serviceFactory"/>
          </property>
          <property name="xfire">
              <ref bean="xfire"/>
          </property>
          <property name="service">
              <ref bean="loginServiceRemote"/>
          </property>
          <property name="serviceInterface">
              <value>someWebApp.service.LoginService</value>
          </property>
      </bean>
    
      <!-- Declare a parent bean with all properties common to both services -->
      <bean id="GroupServiceRemote" class="org.springframework.aop.framework.ProxyFactoryBean">
        <property name="proxyInterfaces">
          <value>someWebApp.service.GroupService</value>
        </property>
        <property name="target">
          <ref bean="GroupService"/>
        </property>
        <property name="interceptorNames">
           <list>
              <idref local="remotingInterceptor"/>
           </list>
        </property>
      </bean>
    
      <bean id="GroupServiceExporter" class="org.codehaus.xfire.spring.XFireExporter">
          <property name="serviceFactory">
              <ref bean="xfire.serviceFactory"/>
          </property>
          <property name="xfire">
              <ref bean="xfire"/>
          </property>
          <property name="service">
              <ref bean="GroupServiceRemote"/>
          </property>
          <property name="serviceInterface">
              <value>someWebApp.service.GroupService</value>
          </property>
      </bean>
    
      <!-- Declare a parent bean with all properties common to both services -->
      <bean id="userServiceRemote" class="org.springframework.aop.framework.ProxyFactoryBean">
        <property name="proxyInterfaces">
          <value>someWebApp.service.UserService</value>
        </property>
        <property name="target">
          <ref bean="userService"/>
        </property>
        <property name="interceptorNames">
           <list>
              <idref local="remotingInterceptor"/>
           </list>
        </property>
      </bean>
    
      <bean id="userServiceExporter" class="org.codehaus.xfire.spring.XFireExporter">
          <property name="serviceFactory">
              <ref bean="xfire.serviceFactory"/>
          </property>
          <property name="xfire">
              <ref bean="xfire"/>
          </property>
          <property name="service">
              <ref bean="userServiceRemote"/>
          </property>
          <property name="serviceInterface">
              <value>someWebApp.service.UserService</value>
          </property>
      </bean>
    
      <bean id="uploadController" class="someWebApp.service.ImageUploadController">
        <property name="userService" ref="userService"/>
        <property name="commandClass"><value>someWebApp.service.ImageUploadBean</value></property>
        <property name="formView"><value>upload</value></property>
        <property name="successView"><value>upload</value></property>
      </bean>
    </beans>
    Last edited by ciparis; Apr 5th, 2007, 03:17 PM.

    Comment


    • #3
      ... and dispatcher-servlet.xml:

      Code:
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
      
      <beans>
      
        <bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
          <property name="urlMap">
            <map>
              <entry key="/GroupService">
                <ref bean="GroupServiceExporter"/>
              </entry>
              <entry key="/UserService">
                <ref bean="userServiceExporter"/>
              </entry>
              <entry key="/LoginService">
                <ref bean="loginServiceExporter"/>
              </entry>
            </map>
          </property>
        </bean>
      
        <bean id="loginServiceExporter" class="org.codehaus.xfire.spring.XFireExporter">
            <property name="serviceFactory">
                <ref bean="xfire.serviceFactory"/>
            </property>
            <property name="xfire">
                <ref bean="xfire"/>
            </property>
            <property name="service">
                <ref bean="loginServiceRemote"/>
            </property>
            <property name="serviceInterface">
                <value>someWebApp.service.LoginService</value>
            </property>
        </bean>
      
        <bean id="GroupServiceExporter" class="org.codehaus.xfire.spring.XFireExporter">
            <property name="serviceFactory">
                <ref bean="xfire.serviceFactory"/>
            </property>
            <property name="xfire">
                <ref bean="xfire"/>
            </property>
            <property name="service">
                <ref bean="GroupServiceRemote"/>
            </property>
            <property name="serviceInterface">
                <value>someWebApp.service.GroupService</value>
            </property>
        </bean>
      
        <bean id="userServiceExporter" class="org.codehaus.xfire.spring.XFireExporter">
            <property name="serviceFactory">
                <ref bean="xfire.serviceFactory"/>
            </property>
            <property name="xfire">
                <ref bean="xfire"/>
            </property>
            <property name="service">
                <ref bean="userServiceRemote"/>
            </property>
            <property name="serviceInterface">
                <value>someWebApp.service.UserService</value>
            </property>
        </bean>
      </beans>

      ...and webDispatcher-servlet.xml:
      Code:
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
      
      <beans>
      
        <bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
          <property name="urlMap">
            <map>
              <entry key="/config.xml">
                <ref bean="configController"/>
              </entry>
              <entry key="/emailPrefs">
                <ref bean="emailPreferencesController"/>
              </entry>
              <entry key="/coppaPrefs">
                <ref bean="coppaPreferencesController"/>
              </entry>
             <entry key="/publicDirectory">
                <ref bean="publicDirectoryController"/>
              </entry>
              <entry key="/webappplayer">
                <ref bean="webappplayerController"/>
              </entry>
               <entry key="/Group">
                <ref bean="GroupController"/>
              </entry>
               <entry key="/widget">
                <ref bean="widgetController"/>
              </entry>
            </map>
          </property>
        </bean>
      
        <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
          <property name="viewClass"><value>org.springframework.web.servlet.view.JstlView</value></property>
          <property name="prefix"><value>/WEB-INF/jsp/</value></property>
          <property name="suffix"><value>.jsp</value></property>
        </bean>
      
        <bean id="configController" class="someWebApp.web.ConfigurationController">
      	  <property name="configuration" ref="configProperties"/>
        </bean>
      
        <bean id="publicDirectoryController" class="someWebApp.web.PublicDirectoryController">
          <property name="loginService" ref="loginService"/>
          <property name="commandClass"><value>someWebApp.web.PublicDirectoryBean</value></property>
          <property name="formView"><value>publicDirectory</value></property>
          <property name="host"><value>${application.url}</value></property>
        </bean>
        
          <bean id="webappplayerController" class="someWebApp.web.webappplayerController">
          <property name="userService" ref="userService"/>
          <property name="commandClass"><value>someWebApp.web.webappplayerBean</value></property>
          <property name="formView"><value>webappplayer</value></property>
          <property name="host"><value>${application.url}</value></property>
        </bean>
        
        <bean id="GroupController" class="someWebApp.web.GroupController">
          <property name="userService" ref="userService"/>
          <property name="commandClass"><value>someWebApp.web.GroupBean</value></property>
          <property name="formView"><value>Group</value></property>
          <property name="host"><value>${application.url}</value></property>
        </bean>
        
        <bean id="widgetController" class="someWebApp.web.WidgetController">
          <property name="userService" ref="userService"/>
          <property name="commandClass"><value>someWebApp.web.WidgetBean</value></property>
          <property name="formView"><value>widget</value></property>
          <property name="host"><value>${application.url}</value></property>
        </bean>
      
        <bean id="emailPreferencesController" class="someWebApp.web.EmailPreferencesController">
          <property name="emailAddressService" ref="emailAddressService"/>
          <property name="commandClass"><value>someWebApp.web.EmailPreferencesBean</value></property>
          <property name="formView"><value>emailPreferences</value></property>
          <property name="successView"><value>emailPreferencesSuccess</value></property>
          <property name="errorView"><value>emailPreferencesError</value></property>
        </bean>
      
        <bean id="coppaPreferencesController" class="someWebApp.web.CoppaPreferencesController">
          <property name="service" ref="adminService"/>
          <property name="commandClass"><value>someWebApp.web.CoppaPreferencesBean</value></property>
          <property name="formView"><value>coppaPreferences</value></property>
          <property name="successView"><value>coppaPreferencesSuccess</value></property>
          <property name="errorView"><value>coppaPreferencesError</value></property>
        </bean>
      </beans>
      Last edited by ciparis; Apr 5th, 2007, 03:24 PM.

      Comment


      • #4
        You should just be able to add the authenticationProcessingFilter to the chain.
        Code:
        	<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        		<property name="authenticationManager" ref="authenticationManager"/>
        		<property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
        		<property name="defaultTargetUrl" value="/"/>
        		<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
        		<property name="rememberMeServices" ref="rememberMeServices"/>
        	</bean>

        Comment


        • #5
          When I try that (changing "org.acegisecurity" to "net.sf.acegisecurity"), I can directly hit acegilogin.jsp, but on submit it returns acegilogin.jsp it returns a 401 (The requested resource (/someWebApp/j_acegi_security_check) is not available.)

          secure/debug.jsp gives:
          ContextHolder on ContextHolder is null.
          This indicates improper setup of the Acegi Security application. Refer to the reference documentation.

          Comment


          • #6
            It's hard to just look at the configuration. I would take a look at the acegi-security-sample-tutorial that ships with Acegi. It has a complete working example of what you want to do. All you need to do is compare what you have and integrate the missing pieces.

            Comment


            • #7
              Thanks, Karldmoore. The version that I'm using (0.8.2) came with contacts only. There is no other available directly applicable sample. I can run it just fine on its own, but I can not get any combination of the two (that one or our own much more complicated app) working such that they both do what they're supposed to do. There are too many overlapping-but-different parts. That's sort of what led to the original phrasing of the original post title (which I edited inside the thread later to try and make more sense).
              Last edited by ciparis; Apr 6th, 2007, 09:45 AM.

              Comment


              • #8
                Is it possible to see the complete Acegi applicationContext.xml file that isn't working?

                Comment


                • #9
                  The equivalent for that is the top one (called application-security.xml in our app). It works fine for what it does (web service based authentication), but I can't figure out how to add simple form based auth to it.

                  Comment


                  • #10
                    Is this request poorly worded? I am just trying to get a jsp page that can authenticate, in a large project that already has (Flash-based) web-service authentication working based on Acegi 0.8.2.

                    If someone thinks it'd be easier just to bite the bullet and upgrade this project to the current source, that'd be good to hear too

                    Comment


                    • #11
                      Originally posted by ciparis View Post
                      If someone thinks it'd be easier just to bite the bullet and upgrade this project to the current source, that'd be good to hear too
                      If it's feasible then I would always recommend working with something more upto date. If you look at the current examples that ship with Acegi they have the logon functionality you require. Once you've upgraded it should be simple to take the example code and put it in your application.

                      Comment


                      • #12
                        Those changes (to 0.9 and beyond) were fairly painful for an app as extensive as ours, from what I saw going through the update process docs once before and looking at the needed changes. It was a pretty messy transition compared to earlier and later changes.

                        Comment

                        Working...
                        X