Announcement Announcement Module
Collapse
No announcement yet.
Initial setup with 0.8.0 Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Initial setup with 0.8.0

    Hi Guys,

    I think i've missed something obvious here but I can't nut it out. Hopefully someone can set me straight. I had everything working in a previous version of acegi but when I built from CVS including the LDAP stuff i've found that some of the classes / packages have changed so i've started from scratch using the contacts example to get me going.

    I'm getting the following when I try to access a secure page. The login form appears fine but after I attempt to login it goes to a page not found error and no more debug messages appear in the console. Subsequent attempts to access a secured page result in the login page being presented so I know the authentication has not been successful.

    Code:
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(108) | Converted URL to lowercase, from: '/timesheet.do?method=list'; to: '/timesheet.do?method=list'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(119) | Candidate is: '/timesheet.do?method=list'; pattern is /**; matched=true
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(305) | /timesheet.do?method=list at position 1 of 4 in additional filter chain; firing Filter: '[email protected]1fbafbb'
    DEBUG - HttpSessionContextIntegrationFilter.doFilter(180) | Obtained from ACEGI_SECURITY_CONTEXT a valid Context and set to ContextHolder: 'net.sf.acegisecurity.context.security.SecureContextImpl@ce2c57: Authentication: net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@c91629: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ANONYMOUS'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(305) | /timesheet.do?method=list at position 2 of 4 in additional filter chain; firing Filter: '[email protected]18ae'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(305) | /timesheet.do?method=list at position 3 of 4 in additional filter chain; firing Filter: 'net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter@3b84ee'
    DEBUG - AnonymousProcessingFilter.doFilter(147) | ContextHolder not replaced with anonymous token, as ContextHolder already contained: 'net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@c91629: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ANONYMOUS'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(305) | /timesheet.do?method=list at position 4 of 4 in additional filter chain; firing Filter: '[email protected]314'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(108) | Converted URL to lowercase, from: '/timesheet.do?method=list'; to: '/timesheet.do?method=list'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(119) | Candidate is: '/timesheet.do?method=list'; pattern is /timesheet.do*; matched=true
    DEBUG - AbstractSecurityInterceptor.beforeInvocation(373) | Secure object: FilterInvocation: URL: /timesheet.do?method=list; ConfigAttributes: [ROLE_EMPLOYEE]
    DEBUG - ProviderManager.doAuthentication(156) | Authentication attempt using net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
    DEBUG - AbstractSecurityInterceptor.beforeInvocation(411) | Authenticated: net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@c91629: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ANONYMOUS
    DEBUG - SecurityEnforcementFilter.doFilter(197) | Access is denied (user is anonymous); redirecting to authentication entry point
    net.sf.acegisecurity.AccessDeniedException: Access is denied.
    	at net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:86)
    	at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:419)
    	at net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:81)
    	at net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter(SecurityEnforcementFilter.java:181)
    	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
    	at net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:153)
    	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
    	at net.sf.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:374)
    	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
    	at net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:217)
    	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
    	at net.sf.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:179)
    	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:125)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:233)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204)
    	at org.springframework.orm.hibernate.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:172)
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:233)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
    	at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
    	at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
    	at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:245)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:199)
    	at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
    	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:509)
    	at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
    	at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:195)
    	at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164)
    	at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
    	at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:156)
    	at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
    	at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
    	at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:972)
    	at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:211)
    	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:805)
    	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:696)
    	at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
    	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
    	at java.lang.Thread.run(Thread.java:534)
    DEBUG - SecurityEnforcementFilter.sendStartAuthentication(246) | Authentication entry point being called; target URL added to Session: http://localhost/timesheets/timesheet.do?method=list
    DEBUG - AuthenticationProcessingFilterEntryPoint.commence(178) | Redirecting to: http://localhost/timesheets/acegilogin.jsp
    DEBUG - HttpSessionContextIntegrationFilter.doFilter(256) | Context stored to HttpSession: 'net.sf.acegisecurity.context.security.SecureContextImpl@ce2c57: Authentication: net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@c91629: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ANONYMOUS'
    DEBUG - HttpSessionContextIntegrationFilter.doFilter(265) | ContextHolder set to null as request processing completed

    My spring mappings are as follows:

    applicationContext-acegi-security.xml
    Code:
    <beans>
    
       <!-- ======================== FILTER CHAIN ======================= -->
    
    	<!--  if you wish to use channel security, add "channelProcessingFilter," in front
    	      of "httpSessionContextIntegrationFilter" in the list below -->
    	<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
          <property name="filterInvocationDefinitionSource">
             <value>
    		    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    		    PATTERN_TYPE_APACHE_ANT
                /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter
             </value>
          </property>
        </bean>
        
        <!-- ======================== AUTHENTICATION ======================= -->
        
        <bean id="authenticationManager"
    		class="net.sf.acegisecurity.providers.ProviderManager">
    		<property name="providers">
    			<list>
    				<ref bean="daoAuthenticationProvider" />
    				<ref local="anonymousAuthenticationProvider"/>
    			</list>
    		</property>
    	</bean>
    	<bean id="authenticationDao"
    		class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
    		<property name="dataSource">
    			<ref bean="dataSource" />
    		</property>
    	</bean>
    
    	<bean id="daoAuthenticationProvider"
    		class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
    		<property name="authenticationDao">
    			<ref bean="authenticationDao" />
    		</property>
    		<property name="userCache">
    			<ref bean="userCache" />
    		</property>
    	</bean>
    	
    	<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
    <!--	<bean id="cacheManager"-->
    <!--		class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">-->
    <!--		<property name="configLocation">-->
    <!--			<value>classpath&#58;/ehcache-failsafe.xml</value>-->
    <!--		</property>-->
    <!--	</bean>-->
    	
    	
    	<bean id="userCacheBackend"
    		class="org.springframework.cache.ehcache.EhCacheFactoryBean">
    		<property name="cacheManager">
    			<ref local="cacheManager" />
    		</property>
    		<property name="cacheName">
    			<value>userCache</value>
    		</property>
    	</bean>
    	<bean id="userCache"
    		class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
    		<property name="cache">
    			<ref local="userCacheBackend" />
    		</property>
    	</bean>
    	
    	<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
       <bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
       
    	<bean id="anonymousProcessingFilter" class="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
          <property name="key"><value>foobar</value></property>
          <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
       </bean>
    
       <bean id="anonymousAuthenticationProvider" class="net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
          <property name="key"><value>foobar</value></property>
       </bean>
       
    	<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter" />
    
    	<bean id="accessDecisionManager"
    		class="net.sf.acegisecurity.vote.AffirmativeBased">
    		<property name="allowIfAllAbstainDecisions">
    			<value>false</value>
    		</property>
    		<property name="decisionVoters">
    			<list>
    				<ref bean="roleVoter" />
    			</list>
    		</property>
    	</bean>
    	<bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
          <property name="context">
          	<value>net.sf.acegisecurity.context.security.SecureContextImpl</value>
          </property>
       </bean>
       
    	<bean id="securityEnforcementFilter"
    		class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
    		<property name="filterSecurityInterceptor">
    			<ref bean="filterInvocationInterceptor" />
    		</property>
    		<property name="authenticationEntryPoint">
    			<ref bean="authenticationEntryPoint" />
    		</property>
    	</bean>
    	
    	<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
          <property name="authenticationManager"><ref bean="authenticationManager"/></property>
          <property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
          <property name="defaultTargetUrl"><value>/</value></property>
          <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
    <!--      <property name="rememberMeServices"><ref local="rememberMeServices"/></property>-->
       </bean>
       
    	<bean id="authenticationEntryPoint"
    		class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    		<property name="loginFormUrl">
    			<value>/acegilogin.jsp</value>
    		</property>
    		<property name="forceHttps">
    			<value>false</value>
    		</property>
    	</bean>
    	
    	<bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
          <property name="allowIfAllAbstainDecisions"><value>false</value></property>
          <property name="decisionVoters">
             <list>
                <ref bean="roleVoter"/>
             </list>
          </property>
       </bean>
       
    	<bean id="filterInvocationInterceptor"
    		class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
    		<property name="authenticationManager">
    			<ref bean="authenticationManager" />
    		</property>
    		<property name="accessDecisionManager">
    			<ref bean="accessDecisionManager" />
    		</property>
    <!--		<property name="runAsManager">-->
    <!--			<ref bean="runAsManager" />-->
    <!--		</property>-->
    		<property name="objectDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT 
    				/timesheet.do*=ROLE_EMPLOYEE
    				/task.do*=ROLE_EMPLOYEE 
    				/helpdeskcall.do*=ROLE_EMPLOYEE
    				/user.do*=ROLE_ADMINISTRATOR
    				/authority.do*=ROLE_ADMINISTRATOR
    			</value>
    		</property>
    	</bean>
    	
    	<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
    		<property name="key"><value>my_run_as_password</value></property>
    	</bean>
    	
    </beans>

    web.xml

    Code:
    <display-name>Timesheets</display-name>
    
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>
    			/WEB-INF/applicationContext.xml /WEB-INF/action-servlet.xml
    			/WEB-INF/applicationContext-acegi-security.xml
    
    			<!--    		/WEB-INF/applicationContext-common-authorization.xml-->
    		</param-value>
    	</context-param>
    
    
    	<filter>
    		<filter-name>hibernateFilter</filter-name>
    		<filter-class>org.springframework.orm.hibernate.support.OpenSessionInViewFilter</filter-class>
    	</filter>
    
    	<filter-mapping>
    		<filter-name>hibernateFilter</filter-name>
    		<url-pattern>*.do</url-pattern>
    	</filter-mapping>
    
    	<filter>
            <filter-name>Acegi Filter Chain Proxy</filter-name>
            <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
            <init-param>
                <param-name>targetClass</param-name>
                <param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value>
            </init-param>
       </filter>
    
        <filter-mapping>
          <filter-name>Acegi Filter Chain Proxy</filter-name>
          <url-pattern>*.do</url-pattern>
        </filter-mapping>
    
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
    	
    	<listener>
    		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
    	</listener>
    	
    	<listener>
            <listener-class>net.sf.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class>
        </listener>
    
    	<filter>
    		<filter-name>sitemesh</filter-name>
    		<filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
    	</filter>
    
    	<filter-mapping>
    		<filter-name>sitemesh</filter-name>
    		<url-pattern>/*</url-pattern>
    		<dispatcher>REQUEST</dispatcher>
    		<dispatcher>FORWARD</dispatcher>
    	</filter-mapping>
    
    	<servlet>
    		<servlet-name>action</servlet-name>
    		<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
    		<load-on-startup>1</load-on-startup>
    	</servlet>
    
    	<servlet-mapping>
    		<servlet-name>action</servlet-name>
    		<url-pattern>*.do</url-pattern>
    	</servlet-mapping>
    
    
    
    	<welcome-file-list>
    		<welcome-file>/index.jsp</welcome-file>
    	</welcome-file-list>
    
    	<error-page>
    		<error-code>404</error-code>
    		<location>/404.jsp</location>
    	</error-page>
    
    	<error-page>
    		<error-code>403</error-code>
    		<location>/403.jsp</location>
    	</error-page>
    
    	<error-page>
    		<error-code>500</error-code>
    		<location>/error.jsp</location>
    	</error-page>
    
    	<!--  protect direct access to jsp files in pages directory-->
    
    	<security-constraint>
    		<web-resource-collection>
    			<web-resource-name>Deny Direct Access</web-resource-name>
    			<description>Deny direct access to jsps through the denied role</description>
    			<url-pattern>/pages/*</url-pattern>
    		</web-resource-collection>
    		<auth-constraint>
    			<role-name>Denied</role-name>
    		</auth-constraint>
    	</security-constraint>
    	<security-role>
    		<role-name>Denied</role-name>
    	</security-role>
    	<!--
    		
    		<taglib>
    		<taglib-uri>/struts-layout.tld</taglib-uri>
    		<taglib-location>/WEB-INF/struts-layout.tld</taglib-location>
    		</taglib>
    		
    	-->
    </web-app>
    thanks,
    rob

  • #2
    Hi Rob

    Could you please confirm /acegilogin.jsp is POSTing to /j_acegi_security_check. Do any log messages appear when the loginc form has been POSTed?

    Comment


    • #3
      Hi Ben,

      Yes the login form is posting as follows

      <form action="<c:url value='j_acegi_security_check'/>" method="POST">

      The debug messages that I posted initially are the only messages that appear in the log. These appear when the secure page is initially requested and the login form is presented. When the login form is submitted no more log messages appear.

      Comment


      • #4
        I figured it out after much frustration. Turned out I had

        Code:
            <filter-mapping>
                <filter-name>Acegi Filter Chain Proxy</filter-name>
                <url-pattern>*.do</url-pattern>
            </filter-mapping>
        whereas it should have been mapped as follows

        Code:
            <filter-mapping>
                <filter-name>Acegi Filter Chain Proxy</filter-name>
                <url-pattern>/*</url-pattern>
            </filter-mapping>
        It was therefor not passing the post of the login form "j_acegi_security_check" through the filter chain proxy.

        thanks for your help Ben.

        cheers,
        rob

        Comment

        Working...
        X