Announcement Announcement Module
Collapse
No announcement yet.
SecureContextUtils.getSecureContext() threw Exception Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SecureContextUtils.getSecureContext() threw Exception

    Hi,

    Using Acegi 0.8.0, and I'm writing a unit test to test out the collaboration between Acegi and my own AuthenticationDao.

    At Acegi's configuration XML I have
    Code:
    <bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter
    		</value>
    	</property>
    </bean>
    which is basically derived from the Contact example.

    At my unit test I have
    Code:
    FilterChainProxy filter = &#40;FilterChainProxy&#41; getApplicationContext&#40;&#41;.getBean&#40;"filterChainProxy"&#41;; 
    MockHttpServletRequest request = new MockHttpServletRequest&#40;"POST", "/j_acegi_security_check"&#41;;
    request.setServletPath&#40;"/j_acegi_security_check"&#41;;
    MockHttpSession session = new MockHttpSession&#40;&#41;;
    request.setSession&#40;session&#41;;
    request.addParameter&#40;"j_username", "admin"&#41;;
    request.addParameter&#40;"j_password", "password"&#41;;
    MockHttpServletResponse response = new MockHttpServletResponse&#40;&#41;;
    MockFilterChain chain = new MockFilterChain&#40;false&#41;;
    filter.doFilter&#40;request, response, chain&#41;;
    
    assertNotNull&#40;SecureContextUtils.getSecureContext&#40;&#41;&#41;;
    MockFilterChain is from Acegi's source.

    The problem is at the last line. When the test runs, I got the following log message:

    Code:
    23&#58;35&#58;02,128 DEBUG &#91;AbstractProcessingFilter.successfulAuthentication&#93; Authentication success&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1b11b79&#58; Username&#58; com.ffii.kms.objects.Admin@1c5ddd3&#91;&#93;; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1f47ae8&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; 1; Granted Authorities&#58; null
    23&#58;35&#58;02,128 DEBUG &#91;AbstractProcessingFilter.successfulAuthentication&#93; Updated ContextHolder to contain the following Authentication&#58; 'net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1b11b79&#58; Username&#58; com.ffii.kms.objects.Admin@1c5ddd3&#91;&#93;; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1f47ae8&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; 1; Granted Authorities&#58; null'
    23&#58;35&#58;02,128 DEBUG &#91;AbstractProcessingFilter.successfulAuthentication&#93; Redirecting to target URL from HTTP Session &#40;or default&#41;&#58; /Home.action
    23&#58;35&#58;02,128 DEBUG &#91;HttpSessionContextIntegrationFilter.doFilter&#93; Context stored to HttpSession&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@4e2f0a&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1b11b79&#58; Username&#58; com.ffii.kms.objects.Admin@1c5ddd3&#91;&#93;; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1f47ae8&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; 1; Granted Authorities&#58; null'
    23&#58;35&#58;02,128 DEBUG &#91;HttpSessionContextIntegrationFilter.doFilter&#93; ContextHolder set to null as request processing completed
    The authentication succeeded. However, when the last line runs, I got an IllegalStateException:

    Code:
    java.lang.IllegalStateException&#58; ContextHolder invalid&#58; 'null'&#58; are your filters ordered correctly? HttpSessionContextIntegrationFilter should have already executed by this time &#40;look for it in the stack dump below&#41;
    	at net.sf.acegisecurity.context.security.SecureContextUtils.getSecureContext&#40;SecureContextUtils.java&#58;38&#41;
    I'm sure I only have acegi-security-0.8.0.jar in the classpath. Did I miss out anything in order to get SecureContextUtils.getSecureContext() to work? I think understanding this would be useful to me as I'll also need to be able to get the user object from the HttpSession without using it directly.

    TIA,
    Raymond

  • #2
    SecureContextUtils expects something to have set the ContextHolder to contain an instance of SecureContext. Usually HttpSessionContextIntegrationFilter is used to do this, with its setContext(Class) parameter being used to indicate net.sf.acegisecurity.context.security.SecureContex tImpl is the desired implementation. Many people actually use a different implementation, and they just change the setContext(Class) in their application context.

    So, to answer your question, you just need to do this in your test void setUp() method:

    Code:
    ContextHolder.setContext&#40;new SecureContextImpl&#40;&#41;&#41;;

    Comment

    Working...
    X