Announcement Announcement Module
Collapse
No announcement yet.
SecurityContext is lost Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SecurityContext is lost

    Hi,

    i got a strange problem here.

    I am using JSF 1.1 (Myfaces), Spring 2.0.5 and acegi 1.0.5

    When i restart my JBOSS Server, and then first login over my login Page i get logged in, but the SecurityContext is lost when i move to another page.

    If i log in a second time, the SecurityContext doesn't get lost again.


    Also, after restarting JBOSS, if i first click on a "normal" page and then log in, i don't have any problems at all.


    Thanks

    Here are my configuration Files

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    
    	<bean id="authenticationManager"
    		class="org.acegisecurity.providers.ProviderManager">
    		<property name="providers">
    			<list>
    				<ref bean="authenticationProvider" />
    			</list>
    		</property>
    	</bean>
    
    	<bean id="authenticationProvider"
    		class="com.weiglewilczek.wfoerd.sks.user.authentication.SksUserDetailsAuthenticationProvider">
    		<property name="userDetailsService" ref="userDetailsManager" />
    		<property name="forcePrincipalAsString" value="false" />
    	</bean>
    
    	<bean id="accessDecisionManager"
    		class="org.acegisecurity.vote.ConsensusBased">
    		<property name="allowIfAllAbstainDecisions" value="false" />
    		<property name="decisionVoters">
    			<list>
    				<bean class="org.acegisecurity.vote.RoleVoter"/>
    			</list>
    		</property>
    	</bean>
    
    	<bean id="autoProxyCreator"
    		class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
    		<property name="interceptorNames">
    			<list>
    				<value>securityInterceptor</value>
    			</list>
    		</property>
    		<property name="beanNames">
    			<list>
    				<value>searchFactory</value>
    			</list>
    		</property>
    		<property name="proxyTargetClass" value="true" />
    	</bean>
    
    	<bean id="securityInterceptor"
    		class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
    		<property name="validateConfigAttributes">
    			<value>false</value>
    		</property>
    		<property name="authenticationManager">
    			<ref bean="authenticationManager" />
    		</property>
    		<property name="accessDecisionManager">
    			<ref bean="accessDecisionManager" />
    		</property>
    <!-- 
    		<property name="runAsManager">
    			<ref bean="runAsManager" />
    		</property> 
    -->
    <!--
    		<property name="objectDefinitionSource">
    			<value>
    				com.weiglewilczek.wfoerd.sks.search.SearchFactory.saveSearch=ROLE_INSERENT
    			</value>
    		</property>
    -->
    		<property name="objectDefinitionSource" ref="objectDefinitionSource"/>
    	</bean>
    
     
    	<bean id="objectDefinitionSource"
    		class="org.acegisecurity.intercept.method.MethodDefinitionAttributes">
    		<property name="attributes">
    			<ref bean="attributes" />
    		</property>
    	</bean>
    
    
    	<bean id="attributes"
    		class="org.springframework.metadata.commons.CommonsAttributes" />
    </beans>
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    
    	<bean id="filterChainProxy"
    		class="org.acegisecurity.util.FilterChainProxy">
    		<property name="filterInvocationDefinitionSource">
    			<value>
    				<![CDATA[
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/**=channelProcessingFilter,httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,logoutFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
    			]]>
    			</value>
    		</property>
    	</bean>
    
    	<!--  ============== -->
    	<!--  AUTHENTICATION -->
    	<!--  ============== -->
    	<bean id="authenticationEntryPoint"
    		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    		<property name="loginFormUrl" value="/login.xhtml" />
    		<property name="forceHttps" value="true" />
    	</bean>
    
    	<bean id="httpSessionContextIntegrationFilter"
    		class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
    
    	<bean id="logoutFilter"
    		class="org.acegisecurity.ui.logout.LogoutFilter">
    		<constructor-arg value="/index.xhtml" />
    		<constructor-arg>
    			<list>
    				<ref bean="rememberMeServices" />
    				<bean
    					class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
    			</list>
    		</constructor-arg>
    		<property name="filterProcessesUrl" value="/j_acegi_logout" />
    	</bean>
    
    	<bean id="authenticationProcessingFilter"
    		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
    		<property name="authenticationManager"
    			ref="authenticationManager" />
    		<property name="authenticationFailureUrl" value="/login.xhtml" />
    		<property name="defaultTargetUrl" value="/" />
    		<property name="filterProcessesUrl"
    			value="/j_acegi_security_check" />
    		<property name="rememberMeServices" ref="rememberMeServices" />
    	</bean>
    
    	<bean id="securityContextHolderAwareRequestFilter"
    		class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
    
    	<bean id="rememberMeProcessingFilter"
    		class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
    		<property name="authenticationManager"
    			ref="authenticationManager" />
    		<property name="rememberMeServices" ref="rememberMeServices" />
    	</bean>
    
    	<bean id="anonymousProcessingFilter"
    		class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
    		<property name="key" value="changeThis" />
    		<property name="userAttribute"
    			value="anonymousUser,ROLE_ANONYMOUS" />
    	</bean>
    
    	<bean id="exceptionTranslationFilter"
    		class="org.acegisecurity.ui.ExceptionTranslationFilter">
    		<property name="authenticationEntryPoint"
    			ref="authenticationEntryPoint" />
    		<property name="accessDeniedHandler">
    			<bean
    				class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
    				<property name="errorPage" value="/error.xhtml" />
    			</bean>
    		</property>
    	</bean>
    
    	<bean id="filterInvocationInterceptor"
    		class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
    		<property name="authenticationManager"
    			ref="authenticationManager" />
    		<property name="accessDecisionManager">
    			<bean class="org.acegisecurity.vote.AffirmativeBased">
    				<property name="allowIfAllAbstainDecisions"
    					value="false" />
    				<property name="decisionVoters">
    					<list>
    						<bean class="org.acegisecurity.vote.RoleVoter" />
    						<bean
    							class="org.acegisecurity.vote.AuthenticatedVoter" />
    					</list>
    				</property>
    			</bean>
    		</property>
    		<property name="objectDefinitionSource">
    			<value>
    				<![CDATA[
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/secure/extra/**=ROLE_ADMIN
    				/mysks/**=IS_AUTHENTICATED_REMEMBERED
    				/**=IS_AUTHENTICATED_ANONYMOUSLY
    			]]>
    			</value>
    		</property>
    	</bean>
    
    	<bean id="rememberMeServices"
    		class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
    		<property name="userDetailsService" ref="userDetailsManager" />
    		<property name="key" value="changeThis" />
    	</bean>
    
    	<!-- channelProcessingFilter -->
    	<bean id="channelProcessingFilter"
    		class="org.acegisecurity.securechannel.ChannelProcessingFilter">
    		<property name="channelDecisionManager"
    			ref="channelDecisionManager" />
    		<property name="filterInvocationDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/login.xhtml=REQUIRES_SECURE_CHANNEL
    				/mysks/**=REQUIRES_SECURE_CHANNEL
    				/j_acegi_security_check*=REQUIRES_SECURE_CHANNEL
    				/**=REQUIRES_INSECURE_CHANNEL
    			</value>
    		</property>
    	</bean>
    
    	<bean id="channelDecisionManager"
    		class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
    		<property name="channelProcessors">
    			<list>
    				<ref local="secureChannelProcessor" />
    				<ref local="insecureChannelProcessor" />
    			
    			</list>
    		</property>
    	</bean>
    
    
    	<!--SecureChannelProcessor -->
    	<bean id="secureChannelProcessor"
    		class="org.acegisecurity.securechannel.SecureChannelProcessor">
    		<property name="entryPoint">
    			<ref local="retryWithHttpsEntryPoint" />
    		</property>
    	</bean>
    	<bean id="retryWithHttpsEntryPoint"
    		class="org.acegisecurity.securechannel.RetryWithHttpsEntryPoint">
    		<property name="portMapper">
    			<ref local="portMapperImpl" />
    		</property>
    	</bean>
    
    	<!--InsecureChannelProcessor -->
    	<bean id="insecureChannelProcessor"
    		class="org.acegisecurity.securechannel.InsecureChannelProcessor">
    		<property name="entryPoint">
    			<ref local="retryWithHttpEntryPoint" />
    		</property>
    	</bean>
    	<bean id="retryWithHttpEntryPoint"
    		class="org.acegisecurity.securechannel.RetryWithHttpEntryPoint">
    		<property name="portMapper">
    			<ref local="portMapperImpl" />
    		</property>
    	</bean>
    
    	<bean id="portMapperImpl"
    		class="org.acegisecurity.util.PortMapperImpl">
    		<property name="portMappings">
    			<map>
    				<entry key="${sks.server.webport}">
    					<value>${sks.server.sslport}</value>
    				</entry>
    			</map>
    		</property>
    	</bean>
    			
    	<bean id="imageCaptchaService" class="com.octo.captcha.service.image.DefaultManageableImageCaptchaService" />
    
    
    </beans>
    Last edited by janblankenhorn; Jan 15th, 2008, 08:51 AM.

  • #2
    a little Note:

    I just found out that when i first use the login page the Security Context is this instance:
    org.acegisecurity.context.SecurityContextImpl@9057 2420

    After logging in it is this one:
    org.acegisecurity.context.SecurityContextImpl@dac3 681f

    After going one (when the Context is lost) it is this one.
    org.acegisecurity.context.SecurityContextImpl@9055 e4a6

    Shouln't this be the first again?

    Comment


    • #3
      no idea anyone?

      Comment


      • #4
        I'm not sure but your context is serialized/deserialized to whatever you configured in your server for your session management. So after reloading your instance it has a different memory address.

        Comment


        • #5
          sorry, i made a mistake above ...


          this is how the 3 SecurityContexts look like

          first one (after directly going to my login page)
          org.acegisecurity.context.SecurityContextImpl@9055 71d8:
          Authentication: org.acegisecurity.providers.anonymous.AnonymousAut henticationToken@905571d8:
          Username: anonymousUser; Password: [PROTECTED]; Authenticated: true;
          Details: org.acegisecurity.ui.WebAuthenticationDetails@0:
          RemoteIpAddress: 127.0.0.1; SessionId: 859E1BD27BA816F3341EDEA873814891; Granted Authorities: ROLE_ANONYMOUS
          beeing logged in
          org.acegisecurity.context.SecurityContextImpl@dbd8 f64a:
          Authentication: org.acegisecurity.providers.UsernamePasswordAuthen ticationToken@dbd8f64a:
          Username: com.weiglewilczek.wfoerd.sks.user.authentication.S ksUserDetails@1f60800: Username: jan; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_INSERENT; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_INSERENT
          after loosing SecurityContext
          org.acegisecurity.context.SecurityContextImpl@9055 e4a6:
          Authentication: org.acegisecurity.providers.anonymous.AnonymousAut henticationToken@9055e4a6:
          Username: anonymousUser; Password: [PROTECTED]; Authenticated: true;
          Details: org.acegisecurity.ui.WebAuthenticationDetails@957e :
          RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS

          Comment

          Working...
          X