Announcement Announcement Module
Collapse
No announcement yet.
Using Acegi Security with Oracle's oc4j Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using Acegi Security with Oracle's oc4j

    I followed the instructions at
    http://raibledesigns.com/wiki/Wiki.j...Authentication for adding Acegi Security Framework for Spring to my appfuse based application. This works great when I deploy it to tomcat-4.1.31. However, when I deploy to Oracle's oc4j, the user is never authenticated. This is using 0.7.

    In both containers I am properly redirected to the login page. The debug output from tomcat after I submit the login page shows that the user has
    been authenticated:
    [mdr] DEBUG [http-8080-Processor5] LoginServlet.execute(231) | Authenticating user 'datat'
    [mdr] INFO [http-8080-Processor5] LoginServlet.execute(238) | Redirecting to: /mdr/j_security_check?j_username=datat&j_password=536c0 b339345616c1b33caf454
    454d8b8a190d6c&j_uri=/dmf.html
    [mdr] DEBUG [http-8080-Processor5] AbstractIntegrationFilter.doFilter(193) | ContextHolder does not contain any authentication information
    [mdr] DEBUG [http-8080-Processor4] AbstractProcessingFilter.doFilter(311) | Request is to process authentication
    [mdr] DEBUG [http-8080-Processor4] ProviderManager.doAuthentication(125) | Authentication attempt using
    net.sf.acegisecurity.providers.dao.DaoAuthenticati onProvider
    [mdr] DEBUG [http-8080-Processor4] AbstractProcessingFilter.doFilter(363) | Authentication success: net.sf.acegisecurity.providers.UsernamePasswordAut
    henticationToken@154ae5a: Username: datat; Password: [PROTECTED];
    Authenticated: false; Details: 127.0.0.1; Granted Authorities: Administrator
    [mdr] DEBUG [http-8080-Processor4] AbstractProcessingFilter.doFilter(381) | Redirecting to target URL from HTTP Session (or default): http://localhost
    :8080/mdr/dmf.html

    Attempting to submit the login page when deployed to oc4j results in:
    [mdr] DEBUG [HttpRequestHandler-27534041] LoginServlet.execute(231) | Authenticating user 'datat'
    [mdr] INFO [HttpRequestHandler-27534041] LoginServlet.execute(238) |
    Redirecting to: /mdr/j_security_check?j_username=datat&j_password=536c0 b339345616c1b33caf454454d8b8a190d6c&j_uri=/dmf.html
    [mdr] DEBUG [HttpRequestHandler-27534041] AbstractIntegrationFilter.doFilter(193) | ContextHolder does not contain any authentication information
    [mdr] DEBUG [HttpRequestHandler-27534041]
    AbstractIntegrationFilter.doFilter(164) | Authentication not added to
    ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)
    [mdr] DEBUG [HttpRequestHandler-20391510]
    AbstractIntegrationFilter.doFilter(164) | Authentication not added to
    ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)

    After that I end up right back at the login page, unauthenticated. It appears that the AuthenticationProcessingFilter, which is the first filter specified in my web.xml, is not being used when deploying to oc4j.

    Has anyone else run into this issue and found a way to solve it?

  • #2
    /mdr/j_security_check?j_username
    That's not a standard Acegi Security related URI.

    Can you deploy the Contacts Sample successfully? If so, that means take a closer look at your webapp configuration. If not, could you please post the log for a login attempt to the Contacts Sample.

    Comment


    • #3
      I deployed the 0.8 based Contacts Sample app successfully to oc4j. I then converted my app from Acegi Security version 0.7 to 0.8. It will now successfully deploy to oc4j also.

      Comment

      Working...
      X