Announcement Announcement Module
Collapse
No announcement yet.
ContextHolder invalid: 'null' in WLS 8.1 SP4 Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • ContextHolder invalid: 'null' in WLS 8.1 SP4

    Hi,

    Using Acegi 0.8.0, Spring 1.1.5, BEA WLS 8.1 SP4 in my project. My scenario look like (used basic authenticate): the first time user visit web site, dialog display to ask user/password. When user click logout, my app must reset session,... in order that when user click login again, he must present user/password.

    - My web.xml (fragment):

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/acegi.xml</param-value>
    </context-param>

    <filter>
    <filter-name>Acegi ContextHolder aware request Filter</filter-name>
    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
    <param-name>targetClass</param-name>
    <param-value>net.sf.acegisecurity.wrapper.ContextHolderAw areRequestFilter</param-value>
    </init-param>
    </filter>
    <filter>
    <filter-name>Acegi Filter Chain Proxy</filter-name>
    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
    <param-name>targetClass</param-name>
    <param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value>
    </init-param>
    </filter>

    <filter-mapping>
    <filter-name>Acegi Filter Chain Proxy</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
    <filter-name>Acegi ContextHolder aware request Filter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
    <listener-class>
    org.springframework.web.context.ContextLoaderListe ner
    </listener-class>
    </listener>

    - And here is the whole Acegi's configuration XML:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

    <beans>
    <bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy" >
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=httpSessionContextIntegrationFilter,basicAuthen ticationFilter,securityEnforcementFilter
    </value>
    </property>
    </bean>

    <bean id="authenticationDAO" class="net.sf.acegisecurity.providers.dao.memory.I nMemoryDaoImpl">
    <property name="userMap">
    <value>
    mmessori=mme,ROLE_INTEGRATEUR_FACTURES
    lchapuis=lch,ROLE_INTEGRATEUR_FACTURES
    </value>
    </property>
    </bean>

    <!-- Manage authentication process -->
    <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderMana ger">
    <property name="providers">
    <list>
    <ref bean="authenticationProvider"/>
    </list>
    </property>
    </bean>
    <bean id="authenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthe nticationProvider">
    <property name="authenticationDao"><ref bean="authenticationDAO"/></property>
    </bean>

    <!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
    <bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.Lo ggerListener"/>

    <bean id="basicAuthenticationFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProc essingFilter">
    <property name="authenticationManager"><ref bean="authenticationManager"/></property>
    <property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
    </bean>

    <!-- Needed by Acegi to put SecureContext to HTTP session -->
    <bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionCon textIntegrationFilter">
    <property name="context"><value>net.sf.acegisecurity.context .security.SecureContextImpl</value></property>
    </bean>

    <!-- Allow the use of getRemoteUser(), getUserPrincipal(), etc on request for Acegi -->
    <bean id="contextHolderAwareRequestFilter" class="net.sf.acegisecurity.wrapper.ContextHolderA wareRequestFilter"/>

    <bean id="basicProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProc essingFilterEntryPoint">
    <!-- Page to be called when unauthenticated user requests a secured page -->
    <property name="realmName"><value>default</value></property>
    </bean>


    <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSe curityInterceptor">
    <property name="authenticationManager"><ref bean="authenticationManager"/></property>
    <property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>
    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=ROLE_INTEGRATEUR_FACTURES
    </value>
    </property>
    </bean>

    <!-- An access decision voter that reads ROLE_* configuration settings -->
    <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>


    <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.Security EnforcementFilter">
    <property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property>
    <property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
    </bean>

    <bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased" >
    <property name="allowIfAllAbstainDecisions"><value>false</value></property>
    <property name="decisionVoters">
    <list> <ref bean="roleVoter"/> </list>
    </property>
    </bean>

    <bean id="channelProcessingFilter" class="net.sf.acegisecurity.securechannel.ChannelP rocessingFilter">
    <property name="channelDecisionManager"><ref bean="channelDecisionManager"/></property>
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    \A/.*login.*\Z=REQUIRES_SECURE_CHANNEL
    \A/.*j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANN EL
    \A.*\Z=REQUIRES_INSECURE_CHANNEL
    </value>
    </property>
    </bean>

    <bean id="channelDecisionManager" class="net.sf.acegisecurity.securechannel.ChannelD ecisionManagerImpl">
    <property name="channelProcessors">
    <list>
    <ref bean="secureChannelProcessor"/>
    <ref bean="insecureChannelProcessor"/>
    </list>
    </property>
    </bean>

    <bean id="secureChannelProcessor" class="net.sf.acegisecurity.securechannel.SecureCh annelProcessor"/>
    <bean id="insecureChannelProcessor" class="net.sf.acegisecurity.securechannel.Insecure ChannelProcessor"/>

    </beans>

    User click logoff, one method in controller will be called to handle that request, the code in that method like:
    - remove all session attributes
    - remove SecureContext: ContextHolder.setContext(null);
    - Invalidate session

    But an exception is thrown when ContextHolder.setContext(null) is executed.
    Exception:
    java.lang.IllegalStateException: ContextHolder invalid: 'null': are your filters ordered correctly? HttpSessionContextIntegrationFilter should have already executed by this time (look for it in the stack dump below)
    at net.sf.acegisecurity.context.security.SecureContex tUtils.getSecureCon
    text(SecureContextUtils.java:38)
    at net.sf.acegisecurity.ui.basicauth.BasicProcessingF ilter.doFilter(Basi
    cProcessingFilter.java:185)
    at net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilte
    r(FilterChainProxy.java:311)
    at net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter.doFi
    lter(HttpSessionContextIntegrationFilter.java:152)
    at net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilte
    r(FilterChainProxy.java:311)
    ....

    So did i miss something in configure/code?

    Thank you very much.
    QMV

  • #2
    There was a bug in 0.8.0 to do with logout handling. Please try 0.8.2 and re-post if you have further issues.

    Comment


    • #3
      Hi,
      I tried with Acegi 0.8.2 and Spring 1.2.1, but the problem still happen.
      I repost the exception stack trace:
      java.lang.IllegalStateException: ContextHolder invalid: 'null': are your filters
      ordered correctly? HttpSessionContextIntegrationFilter should have already executed by this time (look for it in the stack dump below)
      at net.sf.acegisecurity.context.security.SecureContex tUtils.getSecureContext(SecureContextUtils.java:38 )
      at net.sf.acegisecurity.ui.basicauth.BasicProcessingF ilter.doFilter(BasicProcessingFilter.java:179)
      at net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:303)
      at net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter.doFilter(HttpSessionContextIntegrat ionFilter.java:152)
      at net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:303)
      at net.sf.acegisecurity.util.FilterChainProxy.doFilte r(FilterChainProxy.java:173)
      at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er(FilterToBeanProxy.java:125)
      at weblogic.servlet.internal.FilterChainImpl.doFilter (FilterChainImpl.java:27)
      at net.sf.acegisecurity.wrapper.ContextHolderAwareReq uestFilter.doFilter(ContextHolderAwareRequestFilte r.java:50)
      at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er(FilterToBeanProxy.java:125)
      at weblogic.servlet.internal.FilterChainImpl.doFilter (FilterChainImpl.java:27)
      at weblogic.servlet.internal.RequestDispatcherImpl.fo rward(RequestDispatcherImpl.java:326)
      at weblogic.servlet.internal.ForwardAction.run(Forwar dAction.java:23)
      at weblogic.security.acl.internal.AuthenticatedSubjec t.doAs(AuthenticatedSubject.java:321)
      at weblogic.security.service.SecurityManager.runAs(Se curityManager.java:121)
      at weblogic.servlet.internal.WebAppServletContext.han dleException(WebAppServletContext.java:4009)
      at weblogic.servlet.internal.WebAppServletContext.han dleThrowableFromInvocation(WebAppServletContext.ja va:3834)
      at weblogic.servlet.internal.WebAppServletContext.inv okeServlet(WebAppServletContext.java:3780)
      at weblogic.servlet.internal.ServletRequestImpl.execu te(ServletRequestImpl.java:2644)
      at weblogic.kernel.ExecuteThread.execute(ExecuteThrea d.java:219)
      at weblogic.kernel.ExecuteThread.run(ExecuteThread.ja va:178)

      Thanks
      Minh

      Comment


      • #4
        Re: ContextHolder invalid: 'null' in WLS 8.1 SP4

        Originally posted by qmv_05
        User click logoff, one method in controller will be called to handle that request, the code in that method like:
        - remove all session attributes
        - remove SecureContext: ContextHolder.setContext(null);
        - Invalidate session
        All you need to do in order to achieve a logout is:

        Code:
        ContextHolder.setContext&#40;new SecureContextImpl&#40;&#41;&#41;;
        From 0.9.0/CVS:

        Code:
        SecurityContextHolder.setContext&#40;new SecurityContextImpl&#40;&#41;&#41;;
        Or, just do a:

        Code:
        httpSession.invalidate&#40;&#41;;

        Comment


        • #5
          Hi,

          Code:
          ContextHolder.setContext&#40;new SecureContextImpl&#40;&#41;&#41;;
          or
          Code:
          httpRequest.getSession&#40;false&#41;.invalidate&#40;&#41;;
          ---> it's works now. .

          One more question:
          With BASIC Authentication, after logoff and user click login again (without close the current IE) --> the dialog for enter user name/password is not display, so I think we can not force the IE to forget the username/password. Is it correct? If so, do you have any idea to overcome that problem (logoff, login without close IE and the user must present username/password again)?

          Thank you in advance

          Comment


          • #6
            Hi,

            Short of closing the browser, I don't think there's anything you can do about this. Not in a browser-independent fashion anyway.

            Luke.

            Comment

            Working...
            X