Announcement Announcement Module
Collapse
No announcement yet.
Acegi .80 not Updating ContextHolder Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi .80 not Updating ContextHolder

    I am upgrading to .80 and the AbstractProcessingFilter is not Updating the ContextHolder. I am missing something here, and I just can't figure it out.

    The only real change is that I have converted to the FilterChainProxy.

    I have stripped down the Sample app to only do what my app does (No Anon, or RememberMe stuff). Except for the DaoAuthenticationProvider everything is the same that I can think of (I am using a custom made provider with Hibernate - that was/is working with .70).

    Anyway, here is what blows my mind:
    This is from the Sample Apps Log
    Code:
    [DEBUG,EhCacheBasedUserCache,http-8080-Processor24] Cache hit: false; username: marissa
    [DEBUG,EhCacheBasedUserCache,http-8080-Processor24] Cache put: marissa
    [INFO,LoggerListener,http-8080-Processor24] Authentication success for user: marissa; details: net.sf.acegisecurity.ui.WebAuthenticationDetails@13d7254: RemoteIpAddress: 127.0.0.1; SessionId: F9E86703A0F34A9AB0D78C516BC1FD63
    [DEBUG,AbstractProcessingFilter,http-8080-Processor24] Authentication success: net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@11d20d3: Username: marissa; Password: [PROTECTED]; Authenticated: false; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@13d7254: RemoteIpAddress: 127.0.0.1; SessionId: F9E86703A0F34A9AB0D78C516BC1FD63; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER
    [DEBUG,AbstractProcessingFilter,http-8080-Processor24] Updated ContextHolder to contain the following Authentication: 'net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@11d20d3: Username: marissa; Password: [PROTECTED]; Authenticated: false; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@13d7254: RemoteIpAddress: 127.0.0.1; SessionId: F9E86703A0F34A9AB0D78C516BC1FD63; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER'
    [DEBUG,AbstractProcessingFilter,http-8080-Processor24] Redirecting to target URL from HTTP Session (or default): http://localhost:8080/acegi-security-sample-contacts-filter/secure/index.htm
    This is from my log:
    Slightly edited to protect a bit of privacy
    Code:
    2005-03-10 22&#58;02&#58;53,564 DEBUG &#91;net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache&#93; - <Cache hit&#58; false; username&#58; [email protected]>
    2005-03-10 22&#58;02&#58;53,564 DEBUG &#91;com.bifco.orma.dao.hibernate.UserDAOHibernate&#93; - <loadUserByUsername called with [email protected]>
    2005-03-10 22&#58;02&#58;53,623 DEBUG &#91;net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache&#93; - <Cache put&#58; [email protected]>
    2005-03-10 22&#58;02&#58;53,624 INFO &#91;net.sf.acegisecurity.providers.dao.event.LoggerListener&#93; - <Authentication success for user&#58; [email protected]; details&#58; 127.0.0.1>
    2005-03-10 22&#58;02&#58;53,671 DEBUG &#91;net.sf.acegisecurity.ui.AbstractProcessingFilter&#93; - <Authentication success&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@17a6686&#58; Username&#58; com.flarn.wibble.model.User@b81eaa&#91;
      log=org.apache.commons.logging.impl.Log4JLogger@74b10b
      id=10
      name=[email protected]
      password=apassword
      description=Dude
      roles=&#91;abc, default, test, flarn&#93;
      authorities=&#123;ROLE_ABC,ROLE_DEFAULT,ROLE_TEST,ROLE_FLARN&#125;
    &#93;; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_ABC, ROLE_DEFAULT, ROLE_TEST, ROLE_FLARN>
    2005-03-10 22&#58;02&#58;53,671 DEBUG &#91;net.sf.acegisecurity.ui.AbstractProcessingFilter&#93; - <Redirecting to target URL from HTTP Session &#40;or default&#41;&#58; http&#58;//localhost&#58;8080/flarn/welcome.htm>
    What I am missing is the
    Code:
    Updated ContextHolder to contain the following Authentication&#58;....
    section.

    From the successfulAuthentication method of AbstractProcessingFilter
    Code:
    ....
            if &#40;logger.isDebugEnabled&#40;&#41;&#41; &#123;
                logger.debug&#40;"Authentication success&#58; " + authResult.toString&#40;&#41;&#41;;
            &#125;
    
            SecureContext sc = SecureContextUtils.getSecureContext&#40;&#41;;
            sc.setAuthentication&#40;authResult&#41;;
    
            if &#40;logger.isDebugEnabled&#40;&#41;&#41; &#123;
                logger.debug&#40;
                    "Updated ContextHolder to contain the following Authentication&#58; '"
                    + authResult + "'"&#41;;
            &#125;
    
            String targetUrl = &#40;String&#41; request.getSession&#40;&#41;.getAttribute&#40;ACEGI_SECURITY_TARGET_URL_KEY&#41;;
            request.getSession&#40;&#41;.removeAttribute&#40;ACEGI_SECURITY_TARGET_URL_KEY&#41;;
    
            if &#40;alwaysUseDefaultTargetUrl == true&#41; &#123;
                targetUrl = null;
            &#125;
    
            if &#40;targetUrl == null&#41; &#123;
                targetUrl = request.getContextPath&#40;&#41; + defaultTargetUrl;
            &#125;
    
            if &#40;logger.isDebugEnabled&#40;&#41;&#41; &#123;
                logger.debug&#40;
                    "Redirecting to target URL from HTTP Session &#40;or default&#41;&#58; "
                    + targetUrl&#41;;
            &#125;
    ....
    Best guess is that something is not working for me here
    Code:
            SecureContext sc = SecureContextUtils.getSecureContext&#40;&#41;;
            sc.setAuthentication&#40;authResult&#41;;
    But why oh why is the log method "Updated ContextHolder" not showing up in the log ? It gets to the Redirecting log entry, so it's not thowing out before that..

    While not the root of my problem, the missing log entry is driving me bonkers. I am fairly new to Java, so it must be something secret but obvious to the hardened.

    Any insight would be appreciated.

    Thanks

  • #2
    I have managed to cure the symptoms but still don't know the exact cause.
    I have replaced/added all the dependancy jars in my project with ones from the sample app and it is now working. After I catch up on time I will go back and find out which one was the root cause.

    I still don't understand why the log was skipping that section

    Comment


    • #3
      SecureContextUtils is a new class in 0.8.0. It expects HttpSessionContextIntegrationFilter to have been executed before any other Acegi Security filter, as it sets up the ContextHolder to contain a SecureContext implementation.

      Comment

      Working...
      X