Announcement Announcement Module
Collapse
No announcement yet.
Using non standard user/role table structure problem Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using non standard user/role table structure problem

    I've implemented Acegi Security using a modified user/authoristies table structure with incremental PKs. For this i've modified my application context with the following to change th SQL queries for my user/roles tables.

    Code:
    <bean id="authenticationDao"
    		class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
    		<property name="dataSource">
    			<ref bean="dataSource" />
    		</property>
    		<property name="usersByUsernameQuery">
    			<value>SELECT UserId, Password, Enabled FROM Users WHERE UserName = ?</value>
    		</property>
    		<property name="authoritiesByUsernameQuery">
    			<value>SELECT UserRoles.UserId, Roles.RoleName FROM UserRoles Inner Join Roles On UserRoles.RoleId=Roles.RoleId WHERE UserRoles.UserId = ?</value>
    		</property>
    	</bean>

    The good news is that this is doing exactly what I want. I can log in fine and authorization is happening as expected. The strange thing is that after the app is idle for a few minutes (not sure exactly but under 5) I try to access a protected page and i'm asked to log in again. This is not a session timeout from what I can tell because firstly my authorize jsp tags are still recognising me as being logged in and the debug log output still shows my credentials (see below). For some reason though it redirects me to the login page anyway.

    This only happens after a period of inactivity. If I repeatedly access pages without this period of inactivity I am able to continue accessing the protected pages.

    Does anyone have any ideas on what may be causing this ? I'm thinking it might be related to this snippet but not sure why

    Code:
    DEBUG - EhCacheBasedUserCache.getUserFromCache&#40;71&#41; | Cache hit&#58; false; username&#58; 1
    WARN - LoggerListener.onApplicationEvent&#40;103&#41; | Authentication failed due to nonexistent username&#58; 1; details&#58;

    Full log output for problem http request is as follows...
    Code:
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;110&#41; | Converted URL to lowercase, from&#58; '/user.html?method=list'; to&#58; '/user.html?method=list'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/user.html?method=list'; pattern is /**; matched=true
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /user.html?method=list at position 1 of 4 in additional filter chain; firing Filter&#58; '[email protected]d3d145'
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;183&#41; | Obtained from ACEGI_SECURITY_CONTEXT a valid Context and set to ContextHolder&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@1d0a8dc&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /user.html?method=list at position 2 of 4 in additional filter chain; firing Filter&#58; '[email protected]0ac'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /user.html?method=list at position 3 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter@7ad957'
    DEBUG - AnonymousProcessingFilter.doFilter&#40;147&#41; | ContextHolder not replaced with anonymous token, as ContextHolder already contained&#58; 'net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /user.html?method=list at position 4 of 4 in additional filter chain; firing Filter&#58; '[email protected]0ef'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;110&#41; | Converted URL to lowercase, from&#58; '/user.html?method=list'; to&#58; '/user.html?method=list'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/user.html?method=list'; pattern is /user.html*; matched=true
    DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;348&#41; | Secure object&#58; FilterInvocation&#58; URL&#58; /user.html?method=list; ConfigAttributes&#58; &#91;ADMINISTRATOR&#93;
    DEBUG - ProviderManager.doAuthentication&#40;156&#41; | Authentication attempt using net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider
    DEBUG - EhCacheBasedUserCache.getUserFromCache&#40;71&#41; | Cache hit&#58; false; username&#58; 1
    WARN - LoggerListener.onApplicationEvent&#40;103&#41; | Authentication failed due to nonexistent username&#58; 1; details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D
    DEBUG - SecurityEnforcementFilter.doFilter&#40;189&#41; | Authentication exception occurred; redirecting to authentication entry point
    net.sf.acegisecurity.BadCredentialsException&#58; Bad credentials presented
    	at net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider.getUserFromBackend&#40;DaoAuthenticationProvider.java&#58;393&#41;
    	at net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider.authenticate&#40;DaoAuthenticationProvider.java&#58;225&#41;
    	at net.sf.acegisecurity.providers.ProviderManager.doAuthentication&#40;ProviderManager.java&#58;159&#41;
    	at net.sf.acegisecurity.AbstractAuthenticationManager.authenticate&#40;AbstractAuthenticationManager.java&#58;49&#41;
    	at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation&#40;AbstractSecurityInterceptor.java&#58;372&#41;
    	at net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke&#40;FilterSecurityInterceptor.java&#58;81&#41;
    	at net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter&#40;SecurityEnforcementFilter.java&#58;182&#41;
    	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;303&#41;
    	at net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter&#40;AnonymousProcessingFilter.java&#58;153&#41;
    	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;303&#41;
    	at net.sf.acegisecurity.ui.AbstractProcessingFilter.doFilter&#40;AbstractProcessingFilter.java&#58;305&#41;
    	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;303&#41;
    	at net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter&#40;HttpSessionContextIntegrationFilter.java&#58;225&#41;
    	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter&#40;FilterChainProxy.java&#58;303&#41;
    	at net.sf.acegisecurity.util.FilterChainProxy.doFilter&#40;FilterChainProxy.java&#58;173&#41;
    	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter&#40;FilterToBeanProxy.java&#58;125&#41;
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter&#40;ApplicationFilterChain.java&#58;233&#41;
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter&#40;ApplicationFilterChain.java&#58;204&#41;
    	at org.apache.catalina.core.StandardWrapperValve.invoke&#40;StandardWrapperValve.java&#58;256&#41;
    	at org.apache.catalina.core.StandardValveContext.invokeNext&#40;StandardValveContext.java&#58;151&#41;
    	at org.apache.catalina.core.StandardPipeline.invoke&#40;StandardPipeline.java&#58;564&#41;
    	at org.apache.catalina.core.StandardContextValve.invokeInternal&#40;StandardContextValve.java&#58;245&#41;
    	at org.apache.catalina.core.StandardContextValve.invoke&#40;StandardContextValve.java&#58;199&#41;
    	at org.apache.catalina.core.StandardValveContext.invokeNext&#40;StandardValveContext.java&#58;151&#41;
    	at org.apache.catalina.authenticator.AuthenticatorBase.invoke&#40;AuthenticatorBase.java&#58;509&#41;
    	at org.apache.catalina.core.StandardValveContext.invokeNext&#40;StandardValveContext.java&#58;149&#41;
    	at org.apache.catalina.core.StandardPipeline.invoke&#40;StandardPipeline.java&#58;564&#41;
    	at org.apache.catalina.core.StandardHostValve.invoke&#40;StandardHostValve.java&#58;195&#41;
    	at org.apache.catalina.core.StandardValveContext.invokeNext&#40;StandardValveContext.java&#58;151&#41;
    	at org.apache.catalina.valves.ErrorReportValve.invoke&#40;ErrorReportValve.java&#58;164&#41;
    	at org.apache.catalina.core.StandardValveContext.invokeNext&#40;StandardValveContext.java&#58;149&#41;
    	at org.apache.catalina.core.StandardPipeline.invoke&#40;StandardPipeline.java&#58;564&#41;
    	at org.apache.catalina.core.StandardEngineValve.invoke&#40;StandardEngineValve.java&#58;156&#41;
    	at org.apache.catalina.core.StandardValveContext.invokeNext&#40;StandardValveContext.java&#58;151&#41;
    	at org.apache.catalina.core.StandardPipeline.invoke&#40;StandardPipeline.java&#58;564&#41;
    	at org.apache.catalina.core.ContainerBase.invoke&#40;ContainerBase.java&#58;972&#41;
    	at org.apache.coyote.tomcat5.CoyoteAdapter.service&#40;CoyoteAdapter.java&#58;211&#41;
    	at org.apache.coyote.http11.Http11Processor.process&#40;Http11Processor.java&#58;805&#41;
    	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection&#40;Http11Protocol.java&#58;696&#41;
    	at org.apache.tomcat.util.net.TcpWorkerThread.runIt&#40;PoolTcpEndpoint.java&#58;605&#41;
    	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run&#40;ThreadPool.java&#58;677&#41;
    	at java.lang.Thread.run&#40;Thread.java&#58;534&#41;
    DEBUG - SecurityEnforcementFilter.sendStartAuthentication&#40;249&#41; | Authentication entry point being called; target URL added to Session&#58; http&#58;//localhost/UserProfiles/user.html?method=list
    DEBUG - AuthenticationProcessingFilterEntryPoint.commence&#40;171&#41; | Redirecting to&#58; http&#58;//localhost/UserProfiles/login.jsp
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;271&#41; | Context stored to HttpSession&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@1d0a8dc&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;280&#41; | ContextHolder set to null as request processing completed
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;110&#41; | Converted URL to lowercase, from&#58; '/login.jsp'; to&#58; '/login.jsp'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/login.jsp'; pattern is /**; matched=true
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /login.jsp at position 1 of 4 in additional filter chain; firing Filter&#58; '[email protected]d3d145'
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;183&#41; | Obtained from ACEGI_SECURITY_CONTEXT a valid Context and set to ContextHolder&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@1d0a8dc&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /login.jsp at position 2 of 4 in additional filter chain; firing Filter&#58; '[email protected]0ac'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /login.jsp at position 3 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter@7ad957'
    DEBUG - AnonymousProcessingFilter.doFilter&#40;147&#41; | ContextHolder not replaced with anonymous token, as ContextHolder already contained&#58; 'net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /login.jsp at position 4 of 4 in additional filter chain; firing Filter&#58; '[email protected]0ef'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;110&#41; | Converted URL to lowercase, from&#58; '/login.jsp'; to&#58; '/login.jsp'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/login.jsp'; pattern is /user.html*; matched=false
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/login.jsp'; pattern is /role.html*; matched=false
    DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;436&#41; | Public object - authentication not attempted
    DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;449&#41; | Authentication object detected and tagged as unauthenticated
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;288&#41; | /login.jsp reached end of additional filter chain; proceeding with original chain
    DEBUG - SecurityEnforcementFilter.doFilter&#40;185&#41; | Chain processed normally
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;271&#41; | Context stored to HttpSession&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@1d0a8dc&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;280&#41; | ContextHolder set to null as request processing completed
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;110&#41; | Converted URL to lowercase, from&#58; '/styles/global.css'; to&#58; '/styles/global.css'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/styles/global.css'; pattern is /**; matched=true
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /styles/global.css at position 1 of 4 in additional filter chain; firing Filter&#58; '[email protected]d3d145'
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;183&#41; | Obtained from ACEGI_SECURITY_CONTEXT a valid Context and set to ContextHolder&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@1d0a8dc&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /styles/global.css at position 2 of 4 in additional filter chain; firing Filter&#58; '[email protected]0ac'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /styles/global.css at position 3 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter@7ad957'
    DEBUG - AnonymousProcessingFilter.doFilter&#40;147&#41; | ContextHolder not replaced with anonymous token, as ContextHolder already contained&#58; 'net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /styles/global.css at position 4 of 4 in additional filter chain; firing Filter&#58; '[email protected]0ef'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;110&#41; | Converted URL to lowercase, from&#58; '/styles/global.css'; to&#58; '/styles/global.css'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/styles/global.css'; pattern is /user.html*; matched=false
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/styles/global.css'; pattern is /role.html*; matched=false
    DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;436&#41; | Public object - authentication not attempted
    DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;449&#41; | Authentication object detected and tagged as unauthenticated
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;288&#41; | /styles/global.css reached end of additional filter chain; proceeding with original chain
    DEBUG - SecurityEnforcementFilter.doFilter&#40;185&#41; | Chain processed normally
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;271&#41; | Context stored to HttpSession&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@1d0a8dc&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;280&#41; | ContextHolder set to null as request processing completed
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;110&#41; | Converted URL to lowercase, from&#58; '/scripts/selectbox.js'; to&#58; '/scripts/selectbox.js'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/scripts/selectbox.js'; pattern is /**; matched=true
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /scripts/selectbox.js at position 1 of 4 in additional filter chain; firing Filter&#58; '[email protected]d3d145'
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;183&#41; | Obtained from ACEGI_SECURITY_CONTEXT a valid Context and set to ContextHolder&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@1d0a8dc&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /scripts/selectbox.js at position 2 of 4 in additional filter chain; firing Filter&#58; '[email protected]0ac'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /scripts/selectbox.js at position 3 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter@7ad957'
    DEBUG - AnonymousProcessingFilter.doFilter&#40;147&#41; | ContextHolder not replaced with anonymous token, as ContextHolder already contained&#58; 'net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /scripts/selectbox.js at position 4 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter@17750ef'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;110&#41; | Converted URL to lowercase, from&#58; '/scripts/selectbox.js'; to&#58; '/scripts/selectbox.js'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/scripts/selectbox.js'; pattern is /user.html*; matched=false
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/scripts/selectbox.js'; pattern is /role.html*; matched=false
    DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;436&#41; | Public object - authentication not attempted
    DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;449&#41; | Authentication object detected and tagged as unauthenticated
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;288&#41; | /scripts/selectbox.js reached end of additional filter chain; proceeding with original chain
    DEBUG - SecurityEnforcementFilter.doFilter&#40;185&#41; | Chain processed normally
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;271&#41; | Context stored to HttpSession&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@1d0a8dc&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;280&#41; | ContextHolder set to null as request processing completed
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;110&#41; | Converted URL to lowercase, from&#58; '/scripts/general.js'; to&#58; '/scripts/general.js'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/scripts/general.js'; pattern is /**; matched=true
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /scripts/general.js at position 1 of 4 in additional filter chain; firing Filter&#58; '[email protected]d3d145'
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;183&#41; | Obtained from ACEGI_SECURITY_CONTEXT a valid Context and set to ContextHolder&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@1d0a8dc&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /scripts/general.js at position 2 of 4 in additional filter chain; firing Filter&#58; '[email protected]0ac'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /scripts/general.js at position 3 of 4 in additional filter chain; firing Filter&#58; 'net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter@7ad957'
    DEBUG - AnonymousProcessingFilter.doFilter&#40;147&#41; | ContextHolder not replaced with anonymous token, as ContextHolder already contained&#58; 'net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;297&#41; | /scripts/general.js at position 4 of 4 in additional filter chain; firing Filter&#58; '[email protected]0ef'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;110&#41; | Converted URL to lowercase, from&#58; '/scripts/general.js'; to&#58; '/scripts/general.js'
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/scripts/general.js'; pattern is /user.html*; matched=false
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes&#40;121&#41; | Candidate is&#58; '/scripts/general.js'; pattern is /role.html*; matched=false
    DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;436&#41; | Public object - authentication not attempted
    DEBUG - AbstractSecurityInterceptor.beforeInvocation&#40;449&#41; | Authentication object detected and tagged as unauthenticated
    DEBUG - FilterChainProxy$VirtualFilterChain.doFilter&#40;288&#41; | /scripts/general.js reached end of additional filter chain; proceeding with original chain
    DEBUG - SecurityEnforcementFilter.doFilter&#40;185&#41; | Chain processed normally
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;271&#41; | Context stored to HttpSession&#58; 'net.sf.acegisecurity.context.security.SecureContextImpl@1d0a8dc&#58; Authentication&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@4f9c6d&#58; Username&#58; net.sf.acegisecurity.providers.dao.User@95949c&#58; Username&#58; 1; Password&#58; &#91;PROTECTED&#93;; Enabled&#58; true; AccountNonExpired&#58; true; credentialsNonExpired&#58; true; AccountNonLocked&#58; true; Granted Authorities&#58; ADMINISTRATOR; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; net.sf.acegisecurity.ui.WebAuthenticationDetails@1bc9499&#58; RemoteIpAddress&#58; 127.0.0.1; SessionId&#58; E90E1AF2D7394C28B24557763D40AD4D; Granted Authorities&#58; ADMINISTRATOR'
    DEBUG - HttpSessionContextIntegrationFilter.doFilter&#40;280&#41; | ContextHolder set to null as request processing completed
    [/code]

  • #2
    Ok I think I know the reason why this is happening but I can't figure out how to deal with it.

    I believe that the first time a user authenticates, the username is passed to the "usersByUsernameQuery" which then returns the UserId to be used by the "authoritiesByUsernameQuery" to query the table containing all user roles (authorities). This all works fine.

    In case it isn't clear from the queries above, my tables are as follows:

    Users
    +userId
    userName (unique)
    password
    enabled

    Roles
    +roleId
    roleName (unique)
    description

    UserRoles
    +userId
    +roleId


    The problem appears to be that once the cache dries up and a new query to the database is required, the username that was entered through the ui by the user logging in is substituted with the username of '1' which is really the user id. This is passed back to the query which is now looking for a username of '1' rather than that which the user orignally entered therefor no user is found.

    My question is how do I get around this with the data model. Is it possible ?

    Comment


    • #3
      I've modified JdbcDaoImpl to support this. It's now in CVS with a new property:

      Code:
          /**
           * If <code>true</code> &#40;the default&#41;, indicates the &#123;@link
           * #getUsersByUsernameMapping&#40;&#41;&#125; returns a username in response to a
           * query. If <code>false</code>, indicates that a primary key is used
           * instead. If set to <code>true</code>, the class will use the
           * database-derived username in the returned <code>UserDetails</code>. If
           * <code>false</code>, the class will use the &#123;@link
           * #loadUserByUsername&#40;String&#41;&#125; derived username in the returned
           * <code>UserDetails</code>.
           *
           * @param usernameBasedPrimaryKey <code>true</code> if the mapping queries
           *        return the username <code>String</code>, or <code>false</code>
           *        if the mapping returns a database primary key.
           */
          public void setUsernameBasedPrimaryKey&#40;boolean usernameBasedPrimaryKey&#41; &#123;
              this.usernameBasedPrimaryKey = usernameBasedPrimaryKey;
          &#125;

      Comment


      • #4
        That's great, thanks Ben. I've since changed my table structure to use an assigned PK of the username as it was looking like a few more changes would be required than just overriding a couple of methods in JdbcDaoImpl.

        Now that you've made them I may change this back once the next release of acegi security comes out. It's great to have this flexibility now so users can change their usernames.

        thanks again!
        rob

        Comment


        • #5
          Originally posted by robmonie
          It's great to have this flexibility now so users can change their usernames.
          This is one of the reasons it's generally recommended that ALL database tables have synthetic primary keys rather than using the unique business key (username in this case) as the primary key.

          Kudos to the Acegi team for such a quick fix!

          Comment

          Working...
          X