Announcement Announcement Module
Collapse
No announcement yet.
Newbie - authz tag not displaying body content Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Newbie - authz tag not displaying body content

    This is my first attempt at using Acegi, so bare with me. I'm using the AuthenticationProcessingFilter and Jdbc authentication out of the box. The authenticated and screen redirection works fine. I'm using Tomcat 5.x. The log output is below:

    2005-02-04 10:21:24,325 DEBUG net.sf.acegisecurity.ui.AbstractProcessingFilter - Authentication success: net.sf.acegisecurity.providers.UsernamePasswordAut henticationToken@ac7121: Username: dhenry; Password: [PROTECTED]; Authenticated: false; Details: 127.0.0.1; Granted Authorities: ROLE_SUPERVISOR
    2005-02-04 10:21:24,326 DEBUG net.sf.acegisecurity.ui.AbstractProcessingFilter - Redirecting to target URL from HTTP Session (or default): /


    In my jsp I have the following:

    ...
    <authz:authorize ifAllGranted="ROLE_SUPERVISOR">
    SHOW ME IF IN ROLE_SUPERVISOR
    </authz:authorize>
    ...

    The body text never gets displayed, but it appears from the output that the user is in the correct role 'ROLE_SUPERVISOR'. My web.xml and applicationContext.xml is below.

    Thanks in advance.
    Code:
    <====== begin web.xml ======>
    
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http&#58;//java.sun.com/dtd/web-app_2_3.dtd">
    <web-app>
    
      <display-name>Buypower Online dataBase &#40;B.O.B.&#41;</display-name>
      <description>Buypower Online dataBase</description>
    
      <!-- START ACEGI SECURITY FOR SPRING --> 
       <!--
         - Location of the XML file that defines the root application context.
         - Applied by ContextLoaderServlet.
         -->
       <context-param>
          <param-name>contextConfigLocation</param-name>
          	<param-value>
             	/WEB-INF/applicationContext.xml
          	</param-value>
       </context-param>
    
       <context-param>
          <param-name>log4jConfigLocation</param-name>
          <param-value>/WEB-INF/classes/log4j.properties</param-value>
       </context-param>
    
       <!-- Responds to HTTP POSTs to j_acegi_security_check URI -->   
       <!-- Processes an authentication form.
          - Login forms must present two parameters to this filter&#58;
          - a username and password. The parameter names to use are contained
          - in the static fields ACEGI_SECURITY_FORM_USERNAME_KEY and
          - ACEGI_SECURITY_FORM_PASSWORD_KEY.  -->
        
       <filter>
           <filter-name>Acegi Authentication Processing Filter</filter-name>
           <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
           <init-param>
               <param-name>targetClass</param-name>
               <param-value>
                  net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter
               </param-value>
           </init-param>
       </filter>
       
       
        <filter-mapping>
           <filter-name>Acegi Authentication Processing Filter</filter-name>
           <url-pattern>/*</url-pattern>
       </filter-mapping>   
     
       
       <listener>
          <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
       </listener>   
      <!-- END ACEGI SECURITY FOR SPRING --> 
      
      <servlet>
        <servlet-name>action</servlet-name>
        <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
        <init-param>
          <param-name>config</param-name>
          <param-value>/WEB-INF/struts-config.xml</param-value>
        </init-param>
        <init-param>
          <param-name>debug</param-name>
          <param-value>2</param-value>
        </init-param>
        <init-param>
          <param-name>detail</param-name>
          <param-value>2</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
      </servlet>
      
      <!-- Action Servlet Mapping -->
      <servlet-mapping>
        <servlet-name>action</servlet-name>
        <url-pattern>*.do</url-pattern>
      </servlet-mapping>
    
      <error-page>
        <error-code>404</error-code>
        <location>/404.jsp</location>
      </error-page> 
    
      <error-page>
        <error-code>500</error-code>
        <location>/500.jsp</location>
      </error-page>
      
    	<taglib>
    		<taglib-uri>struts-bean.tld</taglib-uri>
    		<taglib-location>/WEB-INF/tld/struts-bean.tld</taglib-location>
    	</taglib>
    
    	<taglib>
    		<taglib-uri>struts-html.tld</taglib-uri>
    		<taglib-location>/WEB-INF/tld/struts-html.tld</taglib-location>
    	</taglib>
    
    	<taglib>
    		<taglib-uri>struts-logic.tld</taglib-uri>
    		<taglib-location>/WEB-INF/tld/struts-logic.tld</taglib-location>
    	</taglib>
    
      <taglib>
    		<taglib-uri>struts-template.tld</taglib-uri>
    		<taglib-location>/WEB-INF/tld/struts-template.tld</taglib-location>
    	</taglib>
    </web-app>
    
    <====== end web.xml ======>
    
    <====== begin applicationContext =======>
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd">
    
    <!--
      - Application context containing authentication, channel
      - security and web URI beans.
      -
      - Only used by "filter" artifact.
      -->
    
    <beans>
        <!-- define data source -->
         <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
            <property name="driverClassName">
                <value>oracle.jdbc.driver.OracleDriver</value>
            </property>
            <property name="url">
                <value>jdbc&#58;oracle&#58;thin&#58;@localhost&#58;1521&#58;ab</value>
            </property>
            <property name="username">
                <value>user</value>
            </property>
            <property name="password">
                <value>password</value>
            </property>
        </bean>
       
       <!-- we want to encode the passwords and add a little salt -->
       <bean id="passwordEncoder" class="net.sf.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
       
       <!-- use the jdbcDaoImpl provided by the acegi framework and pass an instance of the dataSource -->
       <bean id="jdbcDaoImpl" class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
          <property name="dataSource"><ref bean="dataSource"/></property>
       </bean>
       
       <!--  jdbc authentication should be listed as the provider -->
       <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
          <property name="authenticationDao"><ref local="jdbcDaoImpl"/></property>
          <!-- not caching credentials -->
          <!--<property name="userCache"><ref local="userCache"/></property>-->
          <!--<property name="passwordEncoder"><ref local="passwordEncoder"/></property>-->
          
       </bean>    
       
       <!-- create authentication manager with DAO Authentication as sole provider -->
       <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
          <property name="providers">
             <list>
                <ref local="daoAuthenticationProvider"/>
             </list>
          </property>
       </bean>   
       
        <bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
            <property name="authenticationManager">
                <ref bean="authenticationManager"/>
            </property>
            <property name="authenticationFailureUrl">
                <value>/logon.jsp</value>
            </property>
            <property  name="defaultTargetUrl">
                <value>/</value>
            </property>
            <property name="filterProcessesUrl">
                <value>/secure_logon</value>
            </property>
        </bean>   
    
    </beans>
    <====== end applicationContext =======>

  • #2
    You seem to be missing some filters.

    The AuthenticationProcessingFilter will cause the application events noted in your logging output, but these will only be placed into the HtpSession (see line 86 of AuthenticationProcessingFilter v 1.10 if interested). You need something to copy the Authentication from the HttpSession to ContextHolder, and back again at the end of each request. People typically use HttpSessionIntegrationFilter for this purpose (see sample).

    Most of the time, a minimal Acegi Security webapp contains (in this order):

    AuthenticationProcessingFilter (to response to FORM logins)
    HttpSessionIntegrationFilter (as discussed above)
    SecurityEnforcementFilter (to protect some web URIs)

    Comment

    Working...
    X