Announcement Announcement Module
Collapse
No announcement yet.
Rich client + httpInvoker + SecureContext propagation prob Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Rich client + httpInvoker + SecureContext propagation prob

    Hi

    I have followed the threads on the forum and I am pretty sure I have configured the server side correctly. However I am not too sure about my client. When I run the client code I get the following exception stack trace.

    net.sf.acegisecurity.AuthenticationCredentialsNotF oundException: Authentication credentials were not found in the SecureContext
    at net.sf.acegisecurity.intercept.AbstractSecurityInt erceptor.credentialsNotFound(AbstractSecurityInter ceptor.java:477)
    at net.sf.acegisecurity.intercept.AbstractSecurityInt erceptor.beforeInvocation(AbstractSecurityIntercep tor.java:364)
    at net.sf.acegisecurity.intercept.method.aopalliance. MethodSecurityInterceptor.invoke(MethodSecurityInt erceptor.java:77)
    at org.springframework.aop.framework.ReflectiveMethod Invocation.proceed(ReflectiveMethodInvocation.java :144)
    at org.springframework.aop.framework.JdkDynamicAopPro xy.invoke(JdkDynamicAopProxy.java:174)
    at $Proxy0.getAccount(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at org.springframework.aop.support.AopUtils.invokeJoi npointUsingReflection(AopUtils.java:310)
    at org.springframework.aop.framework.ReflectiveMethod Invocation.invokeJoinpoint(ReflectiveMethodInvocat ion.java:155)
    at org.springframework.aop.framework.ReflectiveMethod Invocation.proceed(ReflectiveMethodInvocation.java :122)
    at org.springframework.remoting.support.RemoteInvocat ionTraceInterceptor.invoke(RemoteInvocationTraceIn terceptor.java:68)
    at org.springframework.aop.framework.ReflectiveMethod Invocation.proceed(ReflectiveMethodInvocation.java :144)
    at org.springframework.aop.framework.JdkDynamicAopPro xy.invoke(JdkDynamicAopProxy.java:174)
    at $Proxy0.getAccount(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at org.springframework.remoting.support.RemoteInvocat ion.invoke(RemoteInvocation.java:179)
    at org.springframework.remoting.support.DefaultRemote InvocationExecutor.invoke(DefaultRemoteInvocationE xecutor.java:32)
    at org.springframework.remoting.support.RemoteInvocat ionBasedExporter.invoke(RemoteInvocationBasedExpor ter.java:70)
    at org.springframework.remoting.support.RemoteInvocat ionBasedExporter.invokeAndCreateResult(RemoteInvoc ationBasedExporter.java:106)
    at org.springframework.remoting.httpinvoker.HttpInvok erServiceExporter.handleRequest(HttpInvokerService Exporter.java:80)
    at org.springframework.web.servlet.mvc.SimpleControll erHandlerAdapter.handle(SimpleControllerHandlerAda pter.java:44)
    at org.springframework.web.servlet.DispatcherServlet. doDispatch(DispatcherServlet.java:684)
    at org.springframework.web.servlet.DispatcherServlet. doService(DispatcherServlet.java:625)
    at org.springframework.web.servlet.FrameworkServlet.s erviceWrapper(FrameworkServlet.java:386)
    at org.springframework.web.servlet.FrameworkServlet.d oPost(FrameworkServlet.java:355)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:763)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:856)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:284)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:204)
    at net.sf.acegisecurity.intercept.web.FilterSecurityI nterceptor.invoke(FilterSecurityInterceptor.java:8 4)
    at net.sf.acegisecurity.intercept.web.SecurityEnforce mentFilter.doFilter(SecurityEnforcementFilter.java :182)
    at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er(FilterToBeanProxy.java:125)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:233)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:204)
    at net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter.doFilter(HttpSessionContextIntegrat ionFilter.java:225)
    at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er(FilterToBeanProxy.java:125)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:233)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:204)
    at net.sf.acegisecurity.ui.basicauth.BasicProcessingF ilter.doFilter(BasicProcessingFilter.java:206)
    at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er(FilterToBeanProxy.java:125)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:233)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:204)
    at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:257)
    at org.apache.catalina.core.StandardValveContext.invo keNext(StandardValveContext.java:151)
    at org.apache.catalina.core.StandardPipeline.invoke(S tandardPipeline.java:567)
    at org.apache.catalina.core.StandardContextValve.invo keInternal(StandardContextValve.java:245)
    at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:199)
    at org.apache.catalina.core.StandardValveContext.invo keNext(StandardValveContext.java:151)
    at org.apache.catalina.core.StandardPipeline.invoke(S tandardPipeline.java:567)
    at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:184)
    at org.apache.catalina.core.StandardValveContext.invo keNext(StandardValveContext.java:151)
    at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:164)
    at org.apache.catalina.core.StandardValveContext.invo keNext(StandardValveContext.java:149)
    at org.apache.catalina.core.StandardPipeline.invoke(S tandardPipeline.java:567)
    at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:156)
    at org.apache.catalina.core.StandardValveContext.invo keNext(StandardValveContext.java:151)
    at org.apache.catalina.core.StandardPipeline.invoke(S tandardPipeline.java:567)
    at org.apache.catalina.core.ContainerBase.invoke(Cont ainerBase.java:972)
    at org.apache.coyote.tomcat5.CoyoteAdapter.service(Co yoteAdapter.java:206)
    at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:833)
    at org.apache.coyote.http11.Http11Protocol$Http11Conn ectionHandler.processConnection(Http11Protocol.jav a:732)
    at org.apache.tomcat.util.net.TcpWorkerThread.runIt(P oolTcpEndpoint.java:619)
    at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:688)
    at java.lang.Thread.run(Thread.java:534)


    I have the following code on my client, I am not sure if this is enough to propagate the SecureContext or if I am missing a step.
    Also although I would be happy just to get this working on one of the threads I read (from Ray Krueger) that this is not the way you would want your client to work. If there is anyone out there who knows what the better alternative is please let me know.

    public class Testing {


    public static void main(String[] args) {
    ClassPathXmlApplicationContext ctx = new ClassPathXmlApplicationContext("clientContext.xml" );

    //get the guy authenticated
    AuthenticationManager authManager = (AuthenticationManager)ctx.getBean("authentication Manager");
    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("marissa","koa la");
    System.out.println("Before: " + authentication);
    //why am I doing all these steps by myself must be a better way, don't know
    Authentication populatedAuthentication = authManager.authenticate(authentication);
    System.out.println("After: " + populatedAuthentication);
    SecureContext secureContext = null;
    secureContext = (SecureContext)ContextHolder.getContext();
    if(secureContext == null){
    secureContext = new SecureContextImpl();
    }
    secureContext.setAuthentication(populatedAuthentic ation);
    ContextHolder.setContext(secureContext);
    //authManager.
    AccountService accountService = (AccountService)ctx.getBean("accountService");
    //HttpInvokerProxyFactoryBean factory = (HttpInvokerProxyFactoryBean)ctx.getBean("$account Service");
    RemoteAuthenticationManager rma = (RemoteAuthenticationManager)ctx.getBean("remoteAu thenticationManager");
    GrantedAuthority[] ga = rma.attemptAuthentication("marissa","koala");
    for(int i = 0 ; i< ga.length; i++ )
    System.out.println(ga[i]);
    //AuthenticationSimpleHttpInvokerRequestExecutor ahir = (AuthenticationSimpleHttpInvokerRequestExecutor)fa ctory.getHttpInvokerRequestExecutor();
    //as.setService(accountService);
    StopWatch sw = new StopWatch();
    sw.start("Testing");
    Account acc = accountService.getAccount("tanaka");
    System.out.println(acc.getAmount());
    Account acc1 = accountService.getAccountByName("tanaka");
    System.out.println(acc1.getAmount());
    sw.stop();

    System.out.println("Took : " + sw.getLastTaskTimeMillis() + "ms");
    //System.out.println(as.getAmountForAccountName("sit ha"));


    }
    }



    Thanks in advance

    Tanaka

  • #2
    Sth like u should only use /wait the acegi 0.9?

    the securityContext , localthread ....

    Comment


    • #3
      How is your service defined in the client's application context?

      Make sure that HttpInvokerProxyFactoryBean#httpInvokerRequestExec utor refers to an instance of net.sf.acegisecurity.context.httpinvoker.Authentic ationSimpleHttpInvokerRequestExecutor

      Regards,
      Andreas

      Comment


      • #4
        Here are the rest of the pieces

        hi Andreas, here are the rest of the files I have in my project:

        The client-side application context

        <?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
        "http://www.springframework.org/dtd/spring-beans.dtd">

        <beans>




        <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderMana ger">
        <property name="providers">
        <list>
        <ref bean="remoteAuthenticationProvider"/>
        </list>
        </property>
        </bean>

        <bean id="remoteAuthenticationProvider" class="net.sf.acegisecurity.providers.rcp.RemoteAu thenticationProvider">
        <property name="remoteAuthenticationManager"><ref bean="remoteAuthenticationManager"/></property>
        </bean>

        <bean id="remoteAuthenticationManager" class="org.springframework.remoting.httpinvoker.Ht tpInvokerProxyFactoryBean">
        <property name="serviceInterface"><value>net.sf.acegisecurit y.providers.rcp.RemoteAuthenticationManager</value></property>
        <property name="serviceUrl"><value>http://172.16.0.100:8080/HessianServerTest/remoting/RemoteAuthenticationManager</value></property>
        </bean>




        <bean id="accountService" class="org.springframework.remoting.httpinvoker.Ht tpInvokerProxyFactoryBean">
        <property name="serviceUrl"><value>http://localhost:8080/HessianServerTest/secure/remoting/accountService</value></property>
        <property name="serviceInterface"><value>test.hessian.servic e.client.AccountService</value></property>
        <property name="httpInvokerRequestExecutor">
        <ref local="httpInvokerRequestExecutor"/>
        </property>
        </bean>

        <!-- Automatically propagates ContextHolder-managed Authentication principal
        and credentials to a HTTP invoker BASIC authentication header -->
        <bean id="httpInvokerRequestExecutor" class="net.sf.acegisecurity.context.httpinvoker.Au thenticationSimpleHttpInvokerRequestExecutor"/>
        </beans>

        The server side application context

        <?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
        "http://www.springframework.org/dtd/spring-beans.dtd">

        <beans>

        <bean id="accountServiceTarget" class="test.hessian.service.remote.AccountServiceI mpl">

        </bean>

        <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.Security EnforcementFilter">
        <property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
        <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
        </bean>

        <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSe curityInterceptor">
        <property name="authenticationManager">
        <ref local="authenticationManager"/>
        </property>
        <property name="accessDecisionManager">
        <ref local="accessDecisionManager"/>
        </property>
        <property name="objectDefinitionSource">
        <value>
        CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /secure/*=ROLE_USER,ROLE_SUPERVISOR
        </value>
        </property>
        </bean>



        <bean id="accountService" class="org.springframework.aop.framework.ProxyFact oryBean">
        <property name="proxyInterfaces"><value>test.hessian.service .client.AccountService</value></property>
        <property name="interceptorNames">
        <list>
        <idref local="counsellorSecurityInteceptor"/>
        </list>
        </property>
        <property name="target">
        <ref bean="accountServiceTarget"/>
        </property>
        </bean>


        <bean id="counsellorSecurityInteceptor" class="net.sf.acegisecurity.intercept.method.aopal liance.MethodSecurityInterceptor">
        <property name="validateConfigAttributes"><value>true</value></property>
        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
        <property name="runAsManager"><ref bean="runAsManager"/></property>
        <property name="objectDefinitionSource">
        <value>
        test.hessian.service.client.AccountService.getAcco unt=ROLE_SUPERVISOR
        test.hessian.service.client.AccountService.getAcco untByName=ROLE_TELLER,ROLE_SUPERVISOR,RUN_AS_SERVE R
        </value>
        </property>
        </bean>


        <bean name="/RemoteAuthenticationManager" class="org.springframework.remoting.httpinvoker.Ht tpInvokerServiceExporter">
        <property name="service"><ref bean="remoteAuthenticationManager"/></property>
        <property name="serviceInterface"><value>net.sf.acegisecurit y.providers.rcp.RemoteAuthenticationManager</value></property>
        </bean>


        <bean id="remoteAuthenticationManager" class="net.sf.acegisecurity.providers.rcp.RemoteAu thenticationManagerImpl">
        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
        </bean>

        <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderMana ger">
        <property name="providers">
        <list>
        <ref local="daoAuthenticationProvider"/>
        </list>
        </property>
        </bean>

        <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthe nticationProvider">
        <property name="authenticationDao"><ref local="inMemoryDaoImpl"/></property>
        </bean>

        <bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.I nMemoryDaoImpl">
        <property name="userMap">
        <value>
        marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
        dianne=emu,ROLE_TELLER
        scott=wombat,ROLE_TELLER
        peter=opal,disabled,ROLE_TELLER
        </value>
        </property>
        </bean>


        <bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased" >
        <property name="allowIfAllAbstainDecisions"><value>false</value></property>
        <property name="decisionVoters">
        <list>
        <ref local="roleVoter"/>
        </list>
        </property>
        </bean>

        <bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl ">
        <property name="key"><value>my_run_as_password</value></property>
        </bean>


        <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>


        <bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProc essingFilter">
        <property name="authenticationManager"><ref local="authenticationManager"/></property>
        <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
        </bean>

        <bean id="basicProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProc essingFilterEntryPoint">
        <property name="realmName"><value>Test Realm</value></property>
        </bean>


        <bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionCon textIntegrationFilter">
        <property name="context"><value>net.sf.acegisecurity.context .security.SecureContextImpl</value></property>
        </bean>

        </beans>

        Myweb.xml file

        <?xml version="1.0" encoding="UTF-8"?>
        <web-app version="2.4"
        xmlns="http://java.sun.com/xml/ns/j2ee"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
        http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">


        <!-- Auto load the ApplicationContext -->
        <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/applicationContext.xml</param-value>
        </context-param>

        <listener>
        <listener-class>org.springframework.web.context.ContextLoade rListener</listener-class>
        </listener>

        <!--
        NOTE: ORDER OF FILTERS IS IMPORTANT.
        Filters for Acegi Security
        -->

        <filter>
        <filter-name>Acegi session context integration Filter</filter-name>
        <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
        <param-name>targetClass</param-name>
        <param-value>net.sf.acegisecurity.context.HttpSessionCont extIntegrationFilter</param-value>
        </init-param>
        </filter>

        <filter>
        <filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
        <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
        <param-name>targetClass</param-name>
        <param-value>net.sf.acegisecurity.ui.basicauth.BasicProce ssingFilter</param-value>
        </init-param>
        </filter>


        <filter>
        <filter-name>Acegi HTTP Request Security Filter</filter-name>
        <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
        <param-name>targetClass</param-name>
        <param-value>net.sf.acegisecurity.intercept.web.SecurityE nforcementFilter</param-value>
        </init-param>
        </filter>


        <filter-mapping>
        <filter-name>Acegi session context integration Filter</filter-name>
        <url-pattern>/secure/*</url-pattern>
        </filter-mapping>


        <!-- dont protect the remoteAuthenticationManager only other resources -->
        <filter-mapping>
        <filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
        <url-pattern>/secure/*</url-pattern>
        </filter-mapping>


        <filter-mapping>
        <filter-name>Acegi HTTP Request Security Filter</filter-name>
        <url-pattern>/secure/*</url-pattern>
        </filter-mapping>




        <servlet>
        <servlet-name>remoting</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
        <load-on-startup>1</load-on-startup>
        </servlet>

        <servlet>
        <servlet-name>secureRemoting</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
        <load-on-startup>1</load-on-startup>
        </servlet>

        <servlet-mapping>
        <servlet-name>remoting</servlet-name>
        <url-pattern>/remoting/*</url-pattern>
        </servlet-mapping>


        <servlet-mapping>
        <servlet-name>secureRemoting</servlet-name>
        <url-pattern>/secure/remoting/*</url-pattern>
        </servlet-mapping>

        <session-config>
        <session-timeout>10</session-timeout>
        </session-config>

        </web-app>

        My <servlet_name>-servlet.xml for secure resources:

        <?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
        "http://www.springframework.org/dtd/spring-beans.dtd">

        <beans>

        <bean id="accountServiceTarget" class="test.hessian.service.remote.AccountServiceI mpl"/>

        <bean name="/accountService" class="org.springframework.remoting.httpinvoker.Ht tpInvokerServiceExporter">
        <property name="service"><ref bean="accountService"/></property>
        <property name="serviceInterface">
        <value>test.hessian.service.client.AccountServic e</value>
        </property>
        </bean>



        </beans>

        My <servlet_name>-servlet.xml for non-secure resources

        <?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
        "http://www.springframework.org/dtd/spring-beans.dtd">

        <beans>



        <bean name="/accountService" class="org.springframework.remoting.httpinvoker.Ht tpInvokerServiceExporter">
        <property name="service"><ref bean="accountService"/></property>
        <property name="serviceInterface">
        <value>test.hessian.service.client.AccountServic e</value>
        </property>
        </bean>



        </beans>

        Comment


        • #5
          In your serverside context:
          /secure/*=ROLE_USER,ROLE_SUPERVISOR

          shouldn't that be "/secure/**"?

          Otherwise I cannot see anything special at first glance. Anyway I haven't used the filters explicitly, but used net.sf.acegisecurity.util.FilterChainProxy. Maybe you can try that out.

          Another idea: Are you possibly using a servlet 2.3 container? Maybe in that case you could try the context initialization with a servlet instead of a listener.

          Regards,
          Andreas

          Comment


          • #6
            Nothing doing

            Hi Andreas

            I have changed the url-pattern from /secure/* to /secure/** and I am now using the FilterChainProxy but neither change has helped.
            Maybe this would help, cause the first exception trace I sent may have been a bit misleading, I actually get that exception when I comment out the securityEnforcement Filter. This is the trace I get when I uncomment the securityEnforcement Filter. This is what lead me to believe that the actual authentication process is not even taking place.



            org.springframework.remoting.RemoteAccessException : Cannot access HTTP invoker remote service at [http://localhost:8080/HessianServerT...countService]; nested exception is java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost:8080/HessianServerT...accountService
            java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost:8080/HessianServerT...accountService
            at sun.net.www.protocol.http.HttpURLConnection.getInp utStream(Unknown Source)
            at org.springframework.remoting.httpinvoker.SimpleHtt pInvokerRequestExecutor.doExecuteRequest(SimpleHtt pInvokerRequestExecutor.java:55)
            at org.springframework.remoting.httpinvoker.AbstractH ttpInvokerRequestExecutor.executeRequest(AbstractH ttpInvokerRequestExecutor.java:68)
            at org.springframework.remoting.httpinvoker.HttpInvok erClientInterceptor.executeRequest(HttpInvokerClie ntInterceptor.java:146)
            at org.springframework.remoting.httpinvoker.HttpInvok erClientInterceptor.invoke(HttpInvokerClientInterc eptor.java:120)
            at org.springframework.aop.framework.ReflectiveMethod Invocation.proceed(ReflectiveMethodInvocation.java :144)
            at org.springframework.aop.framework.JdkDynamicAopPro xy.invoke(JdkDynamicAopProxy.java:174)
            at $Proxy1.getAccount(Unknown Source)
            at test.hessian.service.client.Testing.main(Testing.j ava:68)

            Comment


            • #7
              In my chain I only use "HttpSessionContextIntegrationFilter,BasicProcessi ngFilter". I guess the SecurityEnforcementFilter is only relevant for web applications as it can redirect to a login page. This fails in your case and yields a 401 error (not authorized access).
              If you are sure that the SecurityContext on the client side is correctly filled before the call, I would say the problem is the re-establishment of the context on the server side. This should be done by HttpSessionContextIntegrationFilter (afaik).

              I fear I'm also a little bit at a loss here.

              Regards,
              Andreas

              Comment


              • #8
                what could be the problem

                Hi Andreas.

                Your statement about if I am sure that the SecureContext on the client is properly populated has raised another question. On my client code I do a print of the Authentication Object I have before authentication and the populated one after I have called the authenticate method. These are the outputs I get.

                Before: net.sf.acegisecurity.providers.UsernamePasswordAut henticationToken@145c859: Username: marissa; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities

                After: net.sf.acegisecurity.providers.UsernamePasswordAut henticationToken@19b04e2: Username: marissa; Password: [PROTECTED]; Authenticated: false; Details: null; Granted Authorities: ROLE_TELLER, ROLE_SUPERVISOR

                I don't know if I am right but I would expect the Authenticated field to be true in the returned authentication. Could this be an isssue?

                rgds Tanaka

                Comment


                • #9
                  Re: what could be the problem

                  Originally posted by tmusendo
                  I don't know if I am right but I would expect the Authenticated field to be true in the returned authentication. Could this be an isssue?
                  As far as I understood from the API, this flag seems to be used on the server by a security interceptor. So I would not bother that. In my working example I noticed this flag being set to false, too.

                  But since your client context seems to be ok, I would try to debug the serverside code (e.g. setting some breakpoints in the HttpContextIntegrationFilter to see if it is being invoked and if a context is available).

                  Regards,
                  Andreas

                  Comment


                  • #10
                    Problem resolved

                    Hi Andreas

                    Turns out the whole thing was working all the time, the problem was on the client in the AuthenticationSimpleHttpInvokerRequestExecutor, well more accurately with me because I had an older acegi-security jar on my classpath anyway the short of it is that in the class there is a test for the fact that the ContextHolder.getContext() returns an instance of a SecureContext. In the old version all this was in the package
                    net.sf.acegisecurity.context and in 0.8 it is now
                    net.sf.acegisecurity.context.security so somehow the system was getting mixed up in which version to use such that the test always failed and the basic authentication header was never set on the client.

                    Thank you so much for your time, CHEERS. :wink:

                    Comment


                    • #11
                      how do you do resolve it?

                      Hi,Sir,
                      I meet the problem too.but I cant understand you how to deal with it. could u please explain more?

                      Comment


                      • #12
                        Re: how do you do resolve it?

                        Originally posted by lin_xd
                        I meet the problem too.but I cant understand you how to deal with it. could u please explain more?
                        My suggestion is take a look at the Contacts Sample, which includes configuration for the HTTP Invoker remoting protocol and a client that uses BASIC Authentication against the server backend. If it doesn't work, check your JAR versions on the client side match the JAR versions used on the server side. That should get you going, or enable you to post a specific question with your own debug log messages and configuration files so that we can help you.

                        Comment

                        Working...
                        X