Announcement Announcement Module
Collapse
No announcement yet.
Run "Contacts Container Adapter" example Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Run "Contacts Container Adapter" example

    Can't run sample "contacts" application with Container Adapter. I followed the next steps (the target container I used Tomcat 5.0.28 ):
    1. Check out sources from CVS and build acegi-security-sample-contacts-ca.war.
    2. After some experiments I ditributed jars in the next way:[list:714ea00bc4]
    3. $CATALINA_HOME/common/lib: acegi-security-0.8.0.jar, aopalliance-1.0.jar, burlap-2.1.7.jar, commons-codec-1.2.jar, hessian-3.0.1.jar, hsqldb-1.7.3.0.jar, log4j-1.2.8.jar, oro-2.0.7.jar, spring-1.1.5.jar
    4. $CATALINA_HOME/server/lib: acegi-security-catalina-0.8.0.jar
    5. acegi-security-sample-contacts-ca.war/WEB-INF/lib: aspectjrt-1.2.jar, casclient-2.0.11.jar, commons-attributes-api-2.1.jar, commons-logging-1.0.4.jar, ehcache-1.1.jar jstl-1.0.2.jar, standard-1.0.4.jar
    [*]Added the next acegisecurity.xml to $CATALINA_HOME/conf:
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd">
    <beans>
    
    	<!-- Data access object which stores authentication information -->
    	<bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
      		<property name="userMap">
    			<value>
    				marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
    				dianne=emu,ROLE_TELLER
    				scott=wombat,ROLE_TELLER
    				peter=opal,disabled,ROLE_TELLER
    			</value>
    		</property>
    	</bean>
    	
    	<!-- Authentication provider that queries our data access object  -->
    	<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
         	<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
         	<property name="forcePrincipalAsString"><value>true</value></property>
    	</bean>
    
    	<!-- The authentication manager that iterates through our only authentication provider -->
    	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
    		<property name="providers">
    		  <list>
    		    <ref bean="daoAuthenticationProvider"/>
    		  </list>
    		</property>
    	</bean>
    
    </beans>
    [*] After running the application and login on debug.jsp I receive the next screen:
    Code:
    Context on ContextHolder is of type&#58; net.sf.acegisecurity.context.security.SecureContextImpl
    
    The Context implements SecureContext.
    
    Authentication object is of type&#58; net.sf.acegisecurity.adapters.PrincipalAcegiUserToken
    
    Authentication object as a String&#58; net.sf.acegisecurity.adapters.PrincipalAcegiUserToken@bd93cd&#58; Username&#58; marissa; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; null; Granted Authorities&#58; ROLE_TELLER, ROLE_SUPERVISOR
    
    Authentication object holds the following granted authorities&#58;
    
    ROLE_TELLER &#40;getAuthority&#40;&#41;&#58; ROLE_TELLER&#41;
    ROLE_SUPERVISOR &#40;getAuthority&#40;&#41;&#58; ROLE_SUPERVISOR&#41;
    
    SUCCESS! Your container adapter appears to be properly configured!
    but when I try to login on "manage" section, then receive 403 access denied page [/list:o:714ea00bc4]

    And also the other small question: I wasn't successfull to run both acegi-security-sample-contacts-ca.war and acegi-security-sample-contacts-filter.war simultaneously. Is it bug or feature?

  • #2
    When you get the 403, what logging is generated by Acegi Security? The container adapter sample should not be enforcing security at all. If you look in the web.xml and applicationContext-acegi-security.xml, you will note we aren't defining SecurityEnforcementFilter anywhere, which is the only thing that will generate a 403 in Acegi Security. So I'm expecting your container is generating the 403, pursuant to web.xml <auth-constraint>s. However, as you can see, the correct roles are being reported inside PrincipalAcegiUserToken, whose superclass defines:

    Code:
        public boolean isUserInRole&#40;String role&#41; &#123;
            for &#40;int i = 0; i < this.authorities.length; i++&#41; &#123;
                if &#40;role.equals&#40;this.authorities&#91;i&#93;.getAuthority&#40;&#41;&#41;&#41; &#123;
                    return true;
                &#125;
            &#125;
    
            return false;
        &#125;
    That method would return true to container queries if the user actually holds either of the web.xml defined <auth-constraint>s:

    Code:
        <security-constraint>
          <display-name>Secured Area Security Constraint</display-name>
          <web-resource-collection>
             <web-resource-name>Secured Area</web-resource-name>
             <url-pattern>/secure/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
             <role-name>ROLE_USER</role-name>
    	     <role-name>ROLE_SUPERVISOR</role-name>
          </auth-constraint>
        </security-constraint>

    Comment

    Working...
    X