Announcement Announcement Module
Collapse
No announcement yet.
Authentication method for RPC Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authentication method for RPC

    I'm fairly new to Acegi and I just need a little push in the right direction.

    I'm working with Laszlo which offers RPC functionality for calling methods on Java objects from a rich-flash client. The Java objects reside on a web server and I believe the flash client (created by Laszlo) just calls the main Laszlo servlet and the HttpRequest object contains the name of a class and the method within that class to call.

    I would like to secure the methods on the Java class hosted on my web server that is being called from the flash client. Since the RPC request goes through the Laszlo servlet, and since I'm wanting to secure methods in a Java class being called by that servlet, should use method security or filter security or a combination of the two?

    Keep in mind that the Laszlo servlet is accessed for other reasons beside the RPC calls, so it cannot be entirely locked down. It must receive anonymous calls, but when the servlet acts as a proxy for calling methods on my Java class, I would like Acegi to step in an check the users credientals. It almost seems to me that I need to setup a filter that applies method-security rather than file (JSP) security.

    Any suggestions are appreciated.


  • #2
    I think you should be OK as long as you have the filters in place. You don't actually need to deny access to any URLs but they are needed to allow Acegi to interact with the Http requests and to kick off the login process when an AuthenticationException occurs. If you have a look at the SecurityEnforcementFilter

    http://acegisecurity.sourceforge.net...entFilter.html

    and AbstractSecurityInterceptor classes

    http://acegisecurity.sourceforge.net...terceptor.html

    you'll see that the filter can initiate a login even if the AuthenticationException originates because of an attempt to access one of your business beans.

    Luke.

    Comment


    • #3
      MethodSecurityInterceptor can be used in your situation. It's happy to operate independently of FilterSecurityInterceptor, where you can just define *=ROLE_ANONYMOUS to let any web requests through.

      Comment


      • #4
        Thank you both for your replies. I've been pondering the way to make this work and my first question is how to authenticate using the Laszlo client frontend. Do I need to authenticate using a type of webapplication-style process (ie forms-based authentication) or should I pass the userid and password to some sort of custom class that creates the authentication object manually and puts it in the session? From my Laszlo client, I have either option. I can make a forms-based authentication request, simulating a normal HTML form submission by passing in the action=j_acegi_security_check and the j_username, j_password fields. Alternatively, I can issue a Java RPC call and pass in the userid and password to my backend Java class and have it manually create the authentication object and put it in the session. I'm not sure which way is correct.

        Keep in mind that once I authenticate, I'll want to make calls to the backend Java RPC class (through the web application) which I will have secured by a methodsecurity interceptor. This interceptor should consult the authentication object in the session to determine access to the methods in that class. Any results (or authentication errors) will need to be sent back in the form of a response to the RPC call, not as a pointer to some JSP error page.

        Any suggestions on which way to go are very much appreciated.

        Comment


        • #5
          I went ahead and tried using a the MethodSecurityInterceptor to try and catch RPC calls to my backend services, while putting the FilterSecurityInterceptor in place to trigger the HttpSession ContextHolder management. I think I'm fairly close to making it work, but I'm now stuck. My problems seem to center around Anonymous authentication. I basically want no web security at all right now. I just want to manually authenticate uses with my back RPC class and then have the Authentication object stored in my ContextHolder (and HttpSession) so I can authenticate future method calls using my MethodSecurityInterceptor. My Laszlo Flash UI is calling the Login function in my backend Java class, and I'm successfully authenticating the user and putting the Authentication object into the ContextHolder. However, now that the user is Authenticated, the fact that all my web resource are accessible by ROLE_ANONYMOUS in the FilterSecurityInterceptor is preventing my now-authenticated user from accessing the web resource to continue using the application!

          Here is an excerpt from my web.xml:

          Code:
          <context-param>
                  <param-name>contextConfigLocation</param-name>
          <param-value>/WEB-INF/classes/applicationContext.xml</param-value>
              </context-param>
              <listener> 
                 <listener-class>
          org.springframework.web.context.ContextLoaderListener</listener-class>
              </listener>    
              <listener>
                  <listener-class> org.isas.web.ContextListener</listener-class>
              </listener>    
              <listener>
                  <listener-class>org.isas.web.SessionListener</listener-class>
              </listener>
              <filter>
                  <filter-name>Acegi Filter Chain Proxy</filter-name>
          <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
                  <init-param>
                      <param-name>targetClass</param-name>
          <param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value>
                  </init-param>
              </filter> 
          .....
              <filter-mapping>
                  <filter-name>Acegi Filter Chain Proxy</filter-name>
                  <url-pattern>/*</url-pattern>
              </filter-mapping>

          Here is an excerpt from my application-context.xml
          Code:
          ....
          
          <bean id="daoAuthenticationProvider"        class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
                  <property name="authenticationDao">
                      <ref local="authenticationDAO" />
                  </property>
              </bean>   
              <bean id="anonymousAuthenticationProvider"         class="net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
                  <property name="key">
                      <value>anonFilterKey</value>
                  </property>
              </bean>    
              <bean id="testingAuthenticationProvider" 
                  class="net.sf.acegisecurity.providers.TestingAuthenticationProvider" />       
              <bean id="authenticationManager"
                  class="net.sf.acegisecurity.providers.ProviderManager">
                  <property name="providers">
                      <list>
                          <ref local="testingAuthenticationProvider" /> 
                          <ref local="daoAuthenticationProvider" />
                          <ref local="anonymousAuthenticationProvider" />
                      </list>
                  </property>
              </bean>
              <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter" />
                   <bean id="accessDecisionManager"
                  class="net.sf.acegisecurity.vote.UnanimousBased">
                  <property name="decisionVoters">
                      <list>  
                          <ref local="roleVoter" />
                      </list>
                  </property>        
              </bean>
          <bean id="securityInterceptor"        class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
                  <property name="validateConfigAttributes">
                      <value>true</value>
                  </property>
                  <property name="authenticationManager">
                      <ref local="authenticationManager" />
                  </property>
                  <property name="accessDecisionManager">
                      <ref local="accessDecisionManager" />
                  </property>
                  <property name="objectDefinitionSource">
                      <value>
                            org.isas.service.ISASService.getSchool*=ROLE_EDITOR,ROLE_ADMIN
                          org.isas.service.ISASService.saveSchool*=ROLE_ADMIN 
                    org.isas.service.ISASService.saveSectionType*=ROLE_EDITOR,ROLE_ADMIN
                        org.isas.service.ISASService.saveSection=ROLE_EDITOR,ROLE_ADMIN
                          org.isas.service.ISASService.saveEditor=ROLE_ADMIN
                          org.isas.service.ISASService.removeSchool*=ROLE_ADMIN
                          org.isas.service.ISASService.removeSectionType*=ROLE_ADMIN
                          org.isas.service.ISASService.removeSection=ROLE_ADMIN
                          org.isas.service.ISASService.removeEditor=ROLE_ADMIN
                      </value>
                  </property>
              </bean>
          
          <bean id="webSecurityInterceptor" 
                  class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
                  <property name="authenticationManager">
                      <ref local="authenticationManager" />
                  </property>
                  <property name="accessDecisionManager">
                      <ref local="accessDecisionManager" />
                  </property>
                  <property name="objectDefinitionSource">
                      <value> 
                          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                          PATTERN_TYPE_APACHE_ANT
                          /**=ROLE_ANONYMOUS
                      </value>
                  </property>
              </bean>
          <bean id="autoProxyCreator"        class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
                  <property name="interceptorNames">
                      <list>
                          <value>securityInterceptor</value>
                      </list>
                  </property>
                  <property name="beanNames">
                      <list>
                          <value>isasService</value>
                      </list>
                  </property>
              </bean>
          	<bean id="httpSessionContextIntegrationFilter" 	    class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
                  <property name="context">            
          <value>net.sf.acegisecurity.context.security.SecureContextImpl</value>
                  </property>
              </bean>
              <bean id="authenticationProcessingFilter"         class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
                  <property name="filterProcessesUrl">
                      <value>/j_acegi_security_check</value>
                  </property>
                  <property name="authenticationFailureUrl">
                      <value>/login.jsp?failed=true</value>
                  </property>
                  <property name="defaultTargetUrl">
                      <value>/schoollist.jsp</value>
                  </property>
                  <property name="authenticationManager">
                      <ref local="authenticationManager" />
                  </property>
              </bean>           
              <bean id="anonymousProcessingFilter"         class="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
                  <property name="key">
                      <value>anonFilterKey</value>
                  </property>
                  <property name="userAttribute">
                      <value>anonymousUser,ROLE_ANONYMOUS</value>
                  </property>
              </bean>    
              <bean id="securityEnforcementFilter"         class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
                  <property name="filterSecurityInterceptor">
                      <ref local="webSecurityInterceptor" />
                  </property>        
                  <property name="authenticationEntryPoint">
                      <ref local="authenticationEntryPoint" />
                  </property>
              </bean>       
              <bean id="authenticationEntryPoint"         class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                  <property name="loginFormUrl">
                      <value>/login.jsp</value>
                  </property>
                  <property name="forceHttps">
                      <value>false</value>
                  </property>
              </bean>
           <bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
                <property name="filterInvocationDefinitionSource">
                   <value>
                      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                      PATTERN_TYPE_APACHE_ANT         
             /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter
                   </value>
                </property>
              </bean>
          When I run this, I can get authenticated, but then my authenticated user gets denied access to the resources protected by the FilterSecurityInterceptor which is using ROLE_ANONYMOUS:
          Code:
          DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;108&#41; | Converted URL to lowercase, from&#58; '/admin.lzx?__lzbc__=1112976082004'; to&#58; '/ad
          min.lzx?__lzbc__=1112976082004'
          DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;119&#41; | Candidate is&#58; '/admin.lzx?__lzbc__=1112976082004'; pattern is /**; matched=true
          DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | /admin.lzx?__lzbc__=1112976082004 at position 1 of 4 in additional filter chain; firing Fi
          lter&#58; '[email protected]968f9'
          DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;183&#41; | Obtained from ACEGI_SECURITY_CONTEXT a valid Context and set to ContextHolder&#58; 'net.sf.ace
          gisecurity.context.security.SecureContextImpl@11733f8&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1e017e4&#58; Use
          rname&#58; net.sf.acegisecurity.providers.dao.User@140b009&#58; Username&#58; 15; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExp
          ired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ROLE_EDITOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorit
          ies&#58; ROLE_EDITOR'
          DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | /admin.lzx?__lzbc__=1112976082004 at position 2 of 4 in additional filter chain; firing Fi
          lter&#58; '[email protected]d30a'
          DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | /admin.lzx?__lzbc__=1112976082004 at position 3 of 4 in additional filter chain; firing Fi
          lter&#58; 'net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter@1a462c9'
          DEBUG - AnonymousProcessingFilter.doFilter&#40;147&#41; | ContextHolder not replaced with anonymous token, as ContextHolder already contained&#58; 'net.sf.acegise
          curity.providers.UsernamePasswordAuthenticationToken@1e017e4&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@140b009&#58; Username&#58; 15; Password&#58; &#91;PROT
          ECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ROLE_EDITOR; Password&#58; &#91;PROT
          ECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_EDITOR'
          DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | /admin.lzx?__lzbc__=1112976082004 at position 4 of 4 in additional filter chain; firing Fi
          lter&#58; '[email protected]485'
          DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;108&#41; | Converted URL to lowercase, from&#58; '/admin.lzx?__lzbc__=1112976082004'; to&#58; '/ad
          min.lzx?__lzbc__=1112976082004'
          DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;119&#41; | Candidate is&#58; '/admin.lzx?__lzbc__=1112976082004'; pattern is /**; matched=true
          DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;373&#41; | Secure object&#58; FilterInvocation&#58; URL&#58; /admin.lzx?__lzbc__=1112976082004; ConfigAttributes&#58;
           &#91;ROLE_ANONYMOUS&#93;
          DEBUG - ProviderManager.doAuthentication&#40;156&#41; | Authentication attempt using net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider
          DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;411&#41; | Authenticated&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1ccc078&#58;
           Username&#58; net.sf.acegisecurity.providers.dao.User@1700941&#58; Username&#58; 15; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNo
          nExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ROLE_EDITOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Auth
          orities&#58; ROLE_EDITOR
          DEBUG - SecurityEnforcementFilter.doFilter&#40;207&#41; | Access is denied &#40;user is not anonymous&#41;; sending back forbidden response
          net.sf.acegisecurity.AccessDeniedException&#58; Access is denied.
          	at net.sf.acegisecurity.vote.UnanimousBased.decide&#40;UnanimousBased.java&#58;108&#41;
          	at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation&#40;AbstractSecurityInterceptor.java&#58;419&#41;
          	at net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke&#40;FilterSecurityInterceptor.java&#58;81&#41;
          	at net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter&#40;SecurityEnforcementFilter.java&#58;182&#41;
          	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
          	at net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter&#40;AnonymousProcessingFilter.java&#58;153&#41;
          	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
          	at net.sf.acegisecurity.ui.AbstractProcessingFilter.doFilter&#40;AbstractProcessingFilter.java&#58;374&#41;
          	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
          	at net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter&#40;HttpSessionContextIntegrationFilter.java&#58;225&#41;
          	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
          	at net.sf.acegisecurity.util.FilterChainProxy.doFilter&#40;FilterChainProxy.java&#58;179&#41;
          	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter&#40;FilterToBeanProxy.java&#58;125&#41;
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;202&#41;
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;173&#41;
          	at org.apache.catalina.core.StandardWrapperValve.invoke&#40;StandardWrapperValve.java&#58;214&#41;
          	at org.apache.catalina.core.StandardContextValve.invoke&#40;StandardContextValve.java&#58;178&#41;
          	at org.apache.catalina.core.StandardHostValve.invoke&#40;StandardHostValve.java&#58;126&#41;
          	at org.apache.catalina.valves.ErrorReportValve.invoke&#40;ErrorReportValve.java&#58;105&#41;
          	at org.apache.catalina.core.StandardEngineValve.invoke&#40;StandardEngineValve.java&#58;107&#41;
          	at org.apache.catalina.connector.CoyoteAdapter.service&#40;CoyoteAdapter.java&#58;148&#41;
          	at org.apache.coyote.http11.Http11Processor.process&#40;Http11Processor.java&#58;825&#41;
          	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection&#40;Http11Protocol.java&#58;738&#41;
          	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket&#40;PoolTcpEndpoint.java&#58;526&#41;
          	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt&#40;LeaderFollowerWorkerThread.java&#58;80&#41;
          	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run&#40;ThreadPool.java&#58;684&#41;
          	at java.lang.Thread.run&#40;Thread.java&#58;595&#41;
          DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;271&#41; | Context stored to HttpSession&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@11
          733f8&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@1ccc078&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@1
          700941&#58; Username&#58; 15; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Auth
          orities&#58; ROLE_EDITOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_EDITOR'
          DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;280&#41; | ContextHolder set to null as request processing completed
          When I put /**=ROLE_ANONYMOUS,ROLE_EDITOR,ROLE_ADMIN under the pattern for the FilterSecurityInterceptor, I get the endless authentication loop descibed by many others on this forum.

          Can anyone tell me where I'm messing up?

          Comment


          • #6
            Originally posted by TripleToe
            When I put /**=ROLE_ANONYMOUS,ROLE_EDITOR,ROLE_ADMIN under the pattern for the FilterSecurityInterceptor, I get the endless authentication loop descibed by many others on this forum.
            I believe you'll need this in your XML.

            Which AccessDecisionManager are you using? Quoting http://acegisecurity.sourceforge.net...ision-manager:

            There are three concrete AccessDecisionManagers provided with the Acegi Security System for Spring that tally the votes. The ConsensusBased implementation will grant or deny access based on the consensus of non-abstain votes. Properties are provided to control behavior in the event of an equality of votes or if all votes are abstain. The AffirmativeBased implementation will grant access if one or more ACCESS_GRANTED votes were received (ie a deny vote will be ignored, provided there was at least one grant vote). Like the ConsensusBased implementation, there is a parameter that controls the behavior if all voters abstain. The UnanimousBased provider expects unanimous ACCESS_GRANTED votes in order to grant access, ignoring abstains. It will deny access if there is any ACCESS_DENIED vote. Like the other implementations, there is a parameter that controls the behaviour if all voters abstain.

            Comment


            • #7
              I'm using the following declarations for my AccessDecisionManager

              Code:
              .....
              <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter" />
                      
                  <bean id="accessDecisionManager"
                      class="net.sf.acegisecurity.vote.UnanimousBased">
                      <property name="decisionVoters">
                          <list>  
                              <ref local="roleVoter" />
                          </list>
                      </property>        
                  </bean>
              
              .....
              Both my FilterSecurityInterceptor and my MethodSecurityInterceptor reference this in their 'accessDecisionManager' property.

              When I set /**=ROLE_ANONYMOUS,ROLE_EDITOR,ROLE_ADMIN under the FilterSecurityInterceptor, I get the following loop:
              Code:
              DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;108&#41; | Converted URL to lowercase, from&#58; '/'; to&#58; '/'
              DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;119&#41; | Candidate is&#58; '/'; pattern is /**; matched=true
              DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | / at position 1 of 4 in additional filter chain; firing Filter&#58; '[email protected]9ed5d6'
              DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;205&#41; | No HttpSession currently exists
              DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;213&#41; | As ContextHolder null, setup ContextHolder with a fresh new instance&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@72fe25&#58; Null authentication'
              DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | / at position 2 of 4 in additional filter chain; firing Filter&#58; '[email protected]5a73'
              DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | / at position 3 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter@1df59bd'
              DEBUG - AnonymousProcessingFilter.doFilter&#40;142&#41; | Replaced ContextHolder with anonymous token&#58; 'net.sf.acegisecurity.providers.anonymous.AnonymousAuth
              enticationToken@2465e5&#58; Username&#58; anonymousUser; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; null; Granted Authorities&#58; ROLE_ANONYMOUS'
              DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | / at position 4 of 4 in additional filter chain; firing Filter&#58; '[email protected]c3b'
              DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;108&#41; | Converted URL to lowercase, from&#58; '/'; to&#58; '/'
              DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;119&#41; | Candidate is&#58; '/'; pattern is /**; matched=true
              DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;373&#41; | Secure object&#58; FilterInvocation&#58; URL&#58; /; ConfigAttributes&#58; &#91;ROLE_ANONYMOUS, ROLE_EDITOR, ROLE_ADMIN&#93;
              DEBUG - ProviderManager.doAuthentication&#40;156&#41; | Authentication attempt using net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
              DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;411&#41; | Authenticated&#58; net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@2465e
              5&#58; Username&#58; anonymousUser; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; null; Granted Authorities&#58; ROLE_ANONYMOUS
              DEBUG - SecurityEnforcementFilter.doFilter&#40;198&#41; | Access is denied &#40;user is anonymous&#41;; redirecting to authentication entry point
              net.sf.acegisecurity.AccessDeniedException&#58; Access is denied.
              	at net.sf.acegisecurity.vote.UnanimousBased.decide&#40;UnanimousBased.java&#58;108&#41;
              	at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation&#40;AbstractSecurityInterceptor.java&#58;419&#41;
              	at net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke&#40;FilterSecurityInterceptor.java&#58;81&#41;
              	at net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter&#40;SecurityEnforcementFilter.java&#58;182&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
              	at net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter&#40;AnonymousProcessingFilter.java&#58;153&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
              	at net.sf.acegisecurity.ui.AbstractProcessingFilter.doFilter&#40;AbstractProcessingFilter.java&#58;374&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
              	at net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter&#40;HttpSessionContextIntegrationFilter.java&#58;225&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy.doFilter&#40;FilterChainProxy.java&#58;179&#41;
              	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter&#40;FilterToBeanProxy.java&#58;125&#41;
              	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;202&#41;
              	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;173&#41;
              	at org.apache.catalina.core.StandardWrapperValve.invoke&#40;StandardWrapperValve.java&#58;214&#41;
              	at org.apache.catalina.core.StandardContextValve.invoke&#40;StandardContextValve.java&#58;178&#41;
              	at org.apache.catalina.core.StandardHostValve.invoke&#40;StandardHostValve.java&#58;126&#41;
              	at org.apache.catalina.valves.ErrorReportValve.invoke&#40;ErrorReportValve.java&#58;105&#41;
              	at org.apache.catalina.core.StandardEngineValve.invoke&#40;StandardEngineValve.java&#58;107&#41;
              	at org.apache.catalina.connector.CoyoteAdapter.service&#40;CoyoteAdapter.java&#58;148&#41;
              	at org.apache.coyote.http11.Http11Processor.process&#40;Http11Processor.java&#58;825&#41;
              	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection&#40;Http11Protocol.java&#58;738&#41;
              	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket&#40;PoolTcpEndpoint.java&#58;526&#41;
              	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt&#40;LeaderFollowerWorkerThread.java&#58;80&#41;
              	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run&#40;ThreadPool.java&#58;684&#41;
              	at java.lang.Thread.run&#40;Thread.java&#58;595&#41;
              DEBUG - SecurityEnforcementFilter.sendStartAuthentication&#40;249&#41; | Authentication entry point being called; target URL added to Session&#58; http&#58;//localhost&#58;8080/isas/
              INFO - SessionListener.sessionCreated&#40;35&#41; | Session Created&#58; Id&#58; 9EC0A08D0423D86E92E3684CA77BB592 | SessionObject&#58; org.apache.catalina.session.Standar
              dSessionFacade@1482747
              INFO - SessionListener.sessionCreated&#40;41&#41; | Added HttpSession with Id = 9EC0A08D0423D86E92E3684CA77BB592 to map of all sessions
              DEBUG - AuthenticationProcessingFilterEntryPoint.commence&#40;178&#41; | Redirecting to&#58; http&#58;//localhost&#58;8080/isas/login.jsp
              DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;271&#41; | Context stored to HttpSession&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@72
              fe25&#58; Authentication&#58; net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@2465e5&#58; Username&#58; anonymousUser; Password&#58; &#91;PROTECTED&#93;; Au
              thenticated&#58; true; Details&#58; null; Granted Authorities&#58; ROLE_ANONYMOUS'
              DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;280&#41; | ContextHolder set to null as request processing completed
              DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;108&#41; | Converted URL to lowercase, from&#58; '/login.jsp'; to&#58; '/login.jsp'
              DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;119&#41; | Candidate is&#58; '/login.jsp'; pattern is /**; matched=true
              DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | /login.jsp at position 1 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecu
              rity.context.HttpSessionContextIntegrationFilter@9ed5d6'
              DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;183&#41; | Obtained from ACEGI_SECURITY_CONTEXT a valid Context and set to ContextHolder&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@72fe25&#58; Authentication&#58; net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@2465e5&#58; Username&#58; anonymousUser; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; null; Granted Authorities&#58; ROLE_ANONYMOUS'
              DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | /login.jsp at position 2 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecu
              rity.ui.webapp.AuthenticationProcessingFilter@18b5a73'
              DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | /login.jsp at position 3 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecu
              rity.providers.anonymous.AnonymousProcessingFilter@1df59bd'
              DEBUG - AnonymousProcessingFilter.doFilter&#40;147&#41; | ContextHolder not replaced with anonymous token, as ContextHolder already contained&#58; 'net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@2465e5&#58; Username&#58; anonymousUser; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; null; Granted Authorities&#58; ROLE_ANONYMOUS'
              DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | /login.jsp at position 4 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecu
              rity.intercept.web.SecurityEnforcementFilter@19dbc3b'
              DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;108&#41; | Converted URL to lowercase, from&#58; '/login.jsp'; to&#58; '/login.jsp'
              DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;119&#41; | Candidate is&#58; '/login.jsp'; pattern is /**; matched=true
              DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;373&#41; | Secure object&#58; FilterInvocation&#58; URL&#58; /login.jsp; ConfigAttributes&#58; &#91;ROLE_ANONYMOUS, ROLE_EDITOR, ROLE_ADMIN&#93;
              DEBUG - ProviderManager.doAuthentication&#40;156&#41; | Authentication attempt using et.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
              DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;411&#41; | Authenticated&#58; net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@2465e
              5&#58; Username&#58; anonymousUser; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; null; Granted Authorities&#58; ROLE_ANONYMOUS
              DEBUG - SecurityEnforcementFilter.doFilter&#40;198&#41; | Access is denied &#40;user is anonymous&#41;; redirecting to authentication entry point
              net.sf.acegisecurity.AccessDeniedException&#58; Access is denied.
              	at net.sf.acegisecurity.vote.UnanimousBased.decide&#40;UnanimousBased.java&#58;108&#41;
              	at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation&#40;AbstractSecurityInterceptor.java&#58;419&#41;
              	at net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke&#40;FilterSecurityInterceptor.java&#58;81&#41;
              	at net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter&#40;SecurityEnforcementFilter.java&#58;182&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
              	at net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter&#40;AnonymousProcessingFilter.java&#58;153&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
              	at net.sf.acegisecurity.ui.AbstractProcessingFilter.doFilter&#40;AbstractProcessingFilter.java&#58;374&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
              	at net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter&#40;HttpSessionContextIntegrationFilter.java&#58;225&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy.doFilter&#40;FilterChainProxy.java&#58;179&#41;
              	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter&#40;FilterToBeanProxy.java&#58;125&#41;
              	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;202&#41;
              	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;173&#41;
              	at org.apache.catalina.core.StandardWrapperValve.invoke&#40;StandardWrapperValve.java&#58;214&#41;
              	at org.apache.catalina.core.StandardContextValve.invoke&#40;StandardContextValve.java&#58;178&#41;
              	at org.apache.catalina.core.StandardHostValve.invoke&#40;StandardHostValve.java&#58;126&#41;
              	at org.apache.catalina.valves.ErrorReportValve.invoke&#40;ErrorReportValve.java&#58;105&#41;
              	at org.apache.catalina.core.StandardEngineValve.invoke&#40;StandardEngineValve.java&#58;107&#41;
              	at org.apache.catalina.connector.CoyoteAdapter.service&#40;CoyoteAdapter.java&#58;148&#41;
              	at org.apache.coyote.http11.Http11Processor.process&#40;Http11Processor.java&#58;825&#41;
              	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection&#40;Http11Protocol.java&#58;738&#41;
              	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket&#40;PoolTcpEndpoint.java&#58;526&#41;
              	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt&#40;LeaderFollowerWorkerThread.java&#58;80&#41;
              	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run&#40;ThreadPool.java&#58;684&#41;
              	at java.lang.Thread.run&#40;Thread.java&#58;595&#41;
              DEBUG - SecurityEnforcementFilter.sendStartAuthentication&#40;249&#41; | Authentication entry point being called; target URL added to Session&#58; http&#58;//localhost&#58;8080/isas/login.jsp
              DEBUG - AuthenticationProcessingFilterEntryPoint.commence&#40;178&#41; | Redirecting to&#58; http&#58;//localhost&#58;8080/isas/login.jsp
              DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;271&#41; | Context stored to HttpSession&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@72
              fe25&#58; Authentication&#58; net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@2465e5&#58; Username&#58; anonymousUser; Password&#58; &#91;PROTECTED&#93;; Au
              thenticated&#58; true; Details&#58; null; Granted Authorities&#58; ROLE_ANONYMOUS'
              DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;280&#41; | ContextHolder set to null as request processing completed
              DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;108&#41; | Converted URL to lowercase, from&#58; '/login.jsp'; to&#58; '/login.jsp'
              DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;119&#41; | Candidate is&#58; '/login.jsp'; pattern is /**; matched=true
              DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | /login.jsp at position 1 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecu
              rity.context.HttpSessionContextIntegrationFilter@9ed5d6'
              DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;183&#41; | Obtained from ACEGI_SECURITY_CONTEXT a valid Context and set to ContextHolder&#58; 'net.sf.ace
              gisecurity.context.security.SecureContextImpl@72fe25&#58; Authentication&#58; net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@2465e5&#58; Us
              ername&#58; anonymousUser; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; null; Granted Authorities&#58; ROLE_ANONYMOUS'
              DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | /login.jsp at position 2 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecu
              rity.ui.webapp.AuthenticationProcessingFilter@18b5a73'
              DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | /login.jsp at position 3 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecu
              rity.providers.anonymous.AnonymousProcessingFilter@1df59bd'
              DEBUG - AnonymousProcessingFilter.doFilter&#40;147&#41; | ContextHolder not replaced with anonymous token, as ContextHolder already contained&#58; 'net.sf.acegise
              curity.providers.anonymous.AnonymousAuthenticationToken@2465e5&#58; Username&#58; anonymousUser; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; null; Gr
              anted Authorities&#58; ROLE_ANONYMOUS'
              DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;305&#41; | /login.jsp at position 4 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecu
              rity.intercept.web.SecurityEnforcementFilter@19dbc3b'
              DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;108&#41; | Converted URL to lowercase, from&#58; '/login.jsp'; to&#58; '/login.jsp'
              DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;119&#41; | Candidate is&#58; '/login.jsp'; pattern is /**; matched=true
              DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;373&#41; | Secure object&#58; FilterInvocation&#58; URL&#58; /login.jsp; ConfigAttributes&#58; &#91;ROLE_ANONYMOUS, ROLE_
              EDITOR, ROLE_ADMIN&#93;
              DEBUG - ProviderManager.doAuthentication&#40;156&#41; | Authentication attempt using net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
              DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;411&#41; | Authenticated&#58; net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@2465e
              5&#58; Username&#58; anonymousUser; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; true; Details&#58; null; Granted Authorities&#58; ROLE_ANONYMOUS
              DEBUG - SecurityEnforcementFilter.doFilter&#40;198&#41; | Access is denied &#40;user is anonymous&#41;; redirecting to authentication entry point
              net.sf.acegisecurity.AccessDeniedException&#58; Access is denied.
              	at net.sf.acegisecurity.vote.UnanimousBased.decide&#40;UnanimousBased.java&#58;108&#41;
              	at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation&#40;AbstractSecurityInterceptor.java&#58;419&#41;
              	at net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke&#40;FilterSecurityInterceptor.java&#58;81&#41;
              	at net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter&#40;SecurityEnforcementFilter.java&#58;182&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
              	at net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter&#40;AnonymousProcessingFilter.java&#58;153&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
              	at net.sf.acegisecurity.ui.AbstractProcessingFilter.doFilter&#40;AbstractProcessingFilter.java&#58;374&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
              	at net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter&#40;HttpSessionContextIntegrationFilter.java&#58;225&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;311&#41;
              	at net.sf.acegisecurity.util.FilterChainProxy.doFilter&#40;FilterChainProxy.java&#58;179&#41;
              	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter&#40;FilterToBeanProxy.java&#58;125&#41;
              	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;202&#41;
              	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;173&#41;
              	at org.apache.catalina.core.StandardWrapperValve.invoke&#40;StandardWrapperValve.java&#58;214&#41;
              	at org.apache.catalina.core.StandardContextValve.invoke&#40;StandardContextValve.java&#58;178&#41;
              	at org.apache.catalina.core.StandardHostValve.invoke&#40;StandardHostValve.java&#58;126&#41;
              	at org.apache.catalina.valves.ErrorReportValve.invoke&#40;ErrorReportValve.java&#58;105&#41;
              	at org.apache.catalina.core.StandardEngineValve.invoke&#40;StandardEngineValve.java&#58;107&#41;
              	at org.apache.catalina.connector.CoyoteAdapter.service&#40;CoyoteAdapter.java&#58;148&#41;
              	at org.apache.coyote.http11.Http11Processor.process&#40;Http11Processor.java&#58;825&#41;
              	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection&#40;Http11Protocol.java&#58;738&#41;
              	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket&#40;PoolTcpEndpoint.java&#58;526&#41;
              	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt&#40;LeaderFollowerWorkerThread.java&#58;80&#41;
              	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run&#40;ThreadPool.java&#58;684&#41;
              	at java.lang.Thread.run&#40;Thread.java&#58;595&#41;
              DEBUG - SecurityEnforcementFilter.sendStartAuthentication&#40;249&#41; | Authentication entry point being called; target URL added to Session&#58; http&#58;//localhost&#58;8080/isas/login.jsp
              
              ..........&#40;and on and on&#41;............
              Because I'm using /**=ROLE_ANONYMOUS,ROLE_EDITOR,ROLE_ADMIN, why is it trying to reauthenticate to login.jsp over and over? (My previous post shows my applicationContext.xml file with the Filters that route the user to login.jsp. Keep in mind that I'm not currently using this for anything as the Laszlo application is handling all the authentication manually. I may put two UI's on this, one Laszlo and one JSP so I figured I'd set it up with both types of authentication. For now, if the user is not 'authenticated' I would like the user to be set as anonymous so they can continue since I do not have any security settings for any of my web resources, just my methods in my Java classes.).

              Any ideas?

              Comment


              • #8
                Maybe I should clarify this just a little bit more:

                Here is my goal. I eventually want to have two frontends: one JSP front end and one Laszlo (rich flash UI) front end. The JSP frontend will work like a normal JSP application and I think I can get that working with Acegi. However, when a user accesses the Laszlo frontend, they will need Anonymous access to the *.lzx files that display the UI. All security for Laszlo UI users will be done at the method level using the MethodSecurityInterceptor. I will handle logins manually for these users, placing the the Authententication object in the ContextHolder in my backend Java class.

                So I guess I could create two directories: /jsp and /lzx

                Then I could setup web resource security (i.e. jsp files etc) for everything in the /jsp folder and then
                allow anonymous access to everything in the /lzx folder. It appears to me that my interceptors and filters are fighting amongst each other causing loops etc.

                Can you help me sort this out?

                Comment


                • #9
                  I think I got it partially figured out: I was using a UnanimousBased AccessDecisionManager rather than an AffirmativeBased. This caused my roles of [ROLE_ANONYMOUS, ROLE_EDITOR] to fail when a user with only one role tried to access the protected resource.

                  Comment


                  • #10
                    Originally posted by TripleToe
                    I think I got it partially figured out: I was using a UnanimousBased AccessDecisionManager rather than an AffirmativeBased. This caused my roles of [ROLE_ANONYMOUS, ROLE_EDITOR] to fail when a user with only one role tried to access the protected resource.

                    Great, I thought it was something like that which is why I mentioned the earlier quote.

                    Comment

                    Working...
                    X