Announcement Announcement Module
Collapse
No announcement yet.
WebLogic 9.2 vs Basic Authentication Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • WebLogic 9.2 vs Basic Authentication

    We are introducing Acegi security into our application that runs under WebLogic Server 9.2 (Maintenance pack 1).

    Form-based authentication worked fine. Now we are introducing the use of basic authentication for use by HTTP Invoker remoting and are having a problem. It appears that when an "Authorization" header is present in a request, the request does not get sent through our Acegi filter chain for processing; instead it seems that WebLogic processes it internally somehow. WebLogic seems to looks up the provided credentials in it's default (LDAP-based) security realm and bypasses all of the Acegi magic.

    We verified this by using the contacts example as a testbed. The contacts example works fine in Tomcat 5.5 but fails in WebLogic 9.2 MP1.

    WEBLOGIC 9.2 MP1
    -------------------

    1. Create a new WLS domain using the configuration wizard
    2. Copy the exploded contacts war (acegi-security-sample-contacts-filter.war) into a directory in the autodeploy directory.
    3. Start webLogic
    4. The contacts app works just fine via the browser
    5. Run the ClientApplication using bill/wombat as the user/password and observe the following output:

    Code:
    Trying to find setUsername(String) method on: org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean
    This client proxy factory does not have a setUsername(String) method
    Trying to find setPassword(String) method on: org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean
    This client proxy factory does not have a setPassword(String) method
    Calling ContactManager 'httpInvokerProxy'
    Exception in thread "main" org.springframework.remoting.RemoteAccessException: Cannot access HTTP invoker remote service at [http://localhost:7001/acegi-security-sample-contacts-filter/remoting/ContactManager-httpinvoker]; nested exception is java.io.IOException: Did not receive successful HTTP response: status code = 401, status message = [Unauthorized]
    Caused by: java.io.IOException: Did not receive successful HTTP response: status code = 401, status message = [Unauthorized]
    	at org.springframework.remoting.httpinvoker.SimpleHttpInvokerRequestExecutor.validateResponse(SimpleHttpInvokerRequestExecutor.java:139)
    	at org.springframework.remoting.httpinvoker.SimpleHttpInvokerRequestExecutor.doExecuteRequest(SimpleHttpInvokerRequestExecutor.java:62)
    	at org.springframework.remoting.httpinvoker.AbstractHttpInvokerRequestExecutor.executeRequest(AbstractHttpInvokerRequestExecutor.java:119)
    	at org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptor.executeRequest(HttpInvokerClientInterceptor.java:145)
    	at org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptor.invoke(HttpInvokerClientInterceptor.java:122)
    	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
    	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
    	at $Proxy0.getAll(Unknown Source)
    	at sample.contact.ClientApplication.invokeContactManager(ClientApplication.java:85)
    	at sample.contact.ClientApplication.main(ClientApplication.java:131)
    	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    	at java.lang.reflect.Method.invoke(Method.java:585)
    	at com.intellij.rt.execution.application.AppMain.main(AppMain.java:90)
    TOMCAT 5.5
    ------------

    1. Copy the exploded contacts war (acegi-security-sample-contacts-filter.war) into a directory in the webapps directory.
    2. Start tomcat
    3. The contacts app works just fine via the browser
    5. Run the ClientApplication using bill/wombat as the user/password and observe the following output:

    Code:
    Trying to find setUsername(String) method on: org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean
    This client proxy factory does not have a setUsername(String) method
    Trying to find setPassword(String) method on: org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean
    This client proxy factory does not have a setPassword(String) method
    Calling ContactManager 'httpInvokerProxy'
    Contact: sample.contact.Contact@1a33d48: Id: 12; Name: Prue McTaggart; Email: [email protected]
    Contact: sample.contact.Contact@c68c3: Id: 15; Name: Adrian Smith; Email: [email protected]
    Contact: sample.contact.Contact@b2002f: Id: 16; Name: William Marwell; Email: [email protected]
    Contact: sample.contact.Contact@2a4983: Id: 17; Name: Darin Edwards; Email: [email protected]
    Contact: sample.contact.Contact@406199: Id: 18; Name: Adrian Carmichael; Email: [email protected]
    Contact: sample.contact.Contact@c7b00c: Id: 20; Name: Angela Edwards; Email: [email protected]
    Contact: sample.contact.Contact@1f6f296: Id: 21; Name: Richard Gray; Email: [email protected]
    Contact: sample.contact.Contact@1b09468: Id: 23; Name: Adrian Johnson; Email: [email protected]
    Contact: sample.contact.Contact@1df5a8f: Id: 24; Name: Matthew McTaggart; Email: [email protected]
    Contact: sample.contact.Contact@b2a2d8: Id: 28; Name: Jane Abbott; Email: [email protected]
    Contact: sample.contact.Contact@1e13d52: Id: 31; Name: Samantha Chi; Email: [email protected]
    Contact: sample.contact.Contact@80fa6f: Id: 32; Name: Phillip Brown; Email: [email protected]
    Contact: sample.contact.Contact@1b9ce4b: Id: 33; Name: Michael McTaggart; Email: [email protected]
    Contact: sample.contact.Contact@196c1b0: Id: 34; Name: Darin Giugni; Email: [email protected]
    Contact: sample.contact.Contact@861f24: Id: 35; Name: Richard Black; Email: [email protected]
    Contact: sample.contact.Contact@166aa18: Id: 38; Name: Prue McAlpine; Email: [email protected]
    Contact: sample.contact.Contact@1292d26: Id: 39; Name: Jeni Gray; Email: [email protected]
    Contact: sample.contact.Contact@5329c5: Id: 40; Name: Samantha Gray; Email: [email protected]
    Contact: sample.contact.Contact@1db699b: Id: 43; Name: Kirsty Carmichael; Email: [email protected]
    Contact: sample.contact.Contact@1f26605: Id: 46; Name: Adrian Marwell; Email: [email protected]
    Contact: sample.contact.Contact@107ebe1: Id: 48; Name: Melanie Sutherland; Email: [email protected]
    
    StopWatch '1 ContactManager call(s)': running time (millis) = 109
    -----------------------------------------
    ms     %     Task name
    -----------------------------------------
    00109  100%  httpInvokerProxy
    I've enabled full DEBUG logging for the contacts app when running in WebLogic 9.2. When I play with the webapp via the browser I get tons of log output from spring/acegi. When I run the ClientApplication (and receive the error above) I get no log output at all, reinforcing my belief that WebLogic is somehow intercepting the request and handling it without triggering acegi.

    Any suggestions?

    Thanks!

  • #2
    Basic Authentication issue in WebLogic

    I have the same issue when installing my application to WebLogic 9.2.
    To resolve the issue I used the following solution: How to fix Basic Authentication issue on WebLogic 9.2/10.0/10.3 when using Acegi/Spring Security

    Comment

    Working...
    X