Announcement Announcement Module
Collapse
No announcement yet.
2 days still not know why it do not protect my pages Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2 days still not know why it do not protect my pages

    In these 2 days, i try to use Acegi to protect my pages, based on the guideline, i build up the simple one, it work, but(it always but) it can not protect my all of the pages, it seems that the url-pattern doesn't work.

    For example, when type "http://localhost/acegitutorials/test.jsp", it would direct show the "test.jsp" page, even i have not do any login action, i make sure that i have restart the tomcat to refresh the session already.

    However, the page do work on the authentication, when i access the acegiLogin.jsp, it dump the authentication from the context, it work.

    Below is my configuration file. Any idea appreciated!

    Web.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>  
      <web-app>  
        
          <display-name>acegi Example of liuyxit</display-name>  
            
          <context-param>  
              <param-name>contextConfigLocation</param-name>  
              <param-value>  
                  classpath:applicationContext.xml  
              </param-value>  
          </context-param>  
    	<context-param>
    		<param-name>log4jConfigLocation</param-name>
    		<param-value>/WEB-INF/classes/log4j.properties</param-value>
    	</context-param>
    	    
        
          <filter>  
              <filter-name>Acegi Filter Chain Proxy</filter-name>  
              <filter-class>  
                  org.acegisecurity.util.FilterToBeanProxy  
              </filter-class>  
              <init-param>  
                  <param-name>targetClass</param-name>  
                  <param-value>  
                      org.acegisecurity.util.FilterChainProxy  
                  </param-value>  
              </init-param>  
          </filter>  
          
          <filter-mapping>  
              <filter-name>Acegi Filter Chain Proxy</filter-name>  
              <url-pattern>*.jsp</url-pattern>  
          </filter-mapping>  
          
          <!-- here try to define my own filter to verify the filter will work or not-->
        <filter>
    	   <filter-name>MyFilter</filter-name>
    	   <filter-class>acegi.MyFilter</filter-class>
    	</filter>
    
    	  <filter-mapping>
    	    <filter-name>MyFilter</filter-name>
    	    <url-pattern>*.jsp</url-pattern>
    	  </filter-mapping>
      
          <listener>  
              <listener-class>  
                  org.springframework.web.context.ContextLoaderListener  
              </listener-class>  
          </listener>  
      </web-app>

    Orginially i try to only use the authenticationProcessingFilter & exceptionTranslationFilter , for sure,it has the problem like i said. Then i try to add more filters, but it still not work.

    ApplicationContext.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>  
    <beans xmlns="http://www.springframework.org/schema/beans"  
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
           xmlns:aop="http://www.springframework.org/schema/aop"  
           xmlns:tx="http://www.springframework.org/schema/tx"  
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd  
               http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd  
               http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd"  
               default-autowire="byName" default-lazy-init="true">   
          
         <!--   ========================  FILTER CHAIN  =======================   -->   
         <bean id="filterChainProxy"   class="org.acegisecurity.util.FilterChainProxy" >   
           <property name="filterInvocationDefinitionSource" >   
              <value >   
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON  
                PATTERN_TYPE_APACHE_ANT  
                 /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,rememberMeProcessingFilter,exceptionTranslationFilter  
             </value>  
          </property>  
        </bean>     
        
        
         <!-- The first item in the Chain: httpSessionContextIntegrationFilter -->
       <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
       </bean>
    
        <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">  
            <property name="authenticationManager" ref="authenticationManager"/>  
            <property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>  
            <property name="defaultTargetUrl" value="/userinfo.jsp"/>  
            <property name="filterProcessesUrl" value="/j_acegi_security_check"/>  
        </bean>  
          
    
        <bean id="rememberMeProcessingFilter"  
              class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">  
            <property name="authenticationManager"  
                      ref="authenticationManager"/>  
            <property name="rememberMeServices" ref="rememberMeServices"/>  
        </bean>      
        <bean id="rememberMeServices"  
              class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">  
            <property name="userDetailsService" ref="inMemoryDaoImpl"/>  
            <property name="key" value="javargb"/>  
        </bean>    
        <bean id="rememberMeAuthenticationProvider"  
              class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">  
            <property name="key" value="javargb"/>  
        </bean>     
          
    
        <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">  
          <constructor-arg value="/acegilogin.jsp"/> <!-- URL redirected to after logout -->  
          <constructor-arg>  
             <list>  
                  <ref bean="rememberMeServices"/>  
                  <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>  
             </list>  
          </constructor-arg>  
       </bean>  
          
    
       <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">  
          <property name="providers">
             <list>  
                <ref local="daoAuthenticationProvider"/>  
                <ref local="rememberMeAuthenticationProvider"/>  
             </list>  
          </property>  
       </bean>     
        <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">  
            <property name="userDetailsService" ref="inMemoryDaoImpl"/>          
        </bean>      
        <!--   
        <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">  
            <property name="userProperties">  
                <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">  
                    <property name="location" value="classpath:acegi/users.properties"/>  
                </bean>  
            </property>  
        </bean>  
         -->  
         <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">    
            <property name="userMap">    
                <value>    
                    liuyxit=123,ROLE_SUPERVISOR  
                    user1user1=user1,ROLE_USER  
                    user2user2=user2,disabled,ROLE_USER     
                </value>    
            </property>    
        </bean>  
       <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
          <property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
          <property name="forceHttps"><value>false</value></property>
       </bean>
       
         
        <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">  
             <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>  
            <property name="accessDeniedHandler">  
                <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">  
                    <property name="errorPage" value="/accessDenied.jsp"/>  
                </bean>  
            </property>  
        </bean>      
       <!-- This bean automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
    	<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>  
    </beans>
    An empty one jsp file for test whether the filter work for protection
    test.jsp
    Code:
    It's the testing jsp

  • #2
    You haven't got a FilterSecurityInterceptor in the chain so it's not going to be protecting anything. I would have a look at the sample tutorial that ships with Acegi. It's the best way to start, that's where I always start from. You'll have to look at the one with 1.0.3 however, there's a problem with example in 1.0.4.
    Last edited by karldmoore; Aug 30th, 2007, 06:20 AM.

    Comment


    • #3
      Originally posted by karldmoore View Post
      You haven't got a FilterSecurityInterceptor in the chain so it's not going to be protecting anything. I would have a look at the sample tutorial that ships with Acegi. It's the best way to start, that's where I always start from. You'll have to look at the one with 1.0.3 however, there's a problem with example in 1.0.4.
      Thx, actually, i debug the acegi contact sample at today's morning, as you said, the FilterSecurityInterceptor control the URI security, thx for your kind suggestion.

      Comment

      Working...
      X