Announcement Announcement Module
Collapse
No announcement yet.
javax.servlet.ServletException - SecurityEnforcementFilter Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • javax.servlet.ServletException - SecurityEnforcementFilter

    Greetings,

    I'm fairly new to Spring and acegi security. I'm in the process of developing a simple app using appfuse and I've encountered a problem after modifying the user and role functionality to use id's instead of names. After logging in I get the following error -

    javax.servlet.ServletException
    at net.sf.acegisecurity.intercept.web.SecurityEnforce mentFilter.doFilter(SecurityEnforcementFilter.java :214)
    at net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:303)
    at net.sf.acegisecurity.providers.anonymous.Anonymous ProcessingFilter.doFilter(AnonymousProcessingFilte r.java:153)
    at net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:303)
    at net.sf.acegisecurity.wrapper.ContextHolderAwareReq uestFilter.doFilter(ContextHolderAwareRequestFilte r.java:50)
    at net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:303)
    at net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter.doFilter(HttpSessionContextIntegrat ionFilter.java:225)
    at net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:303)
    at net.sf.acegisecurity.util.FilterChainProxy.doFilte r(FilterChainProxy.java:173)
    at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er(FilterToBeanProxy.java:125)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:186)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:157)
    at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:214)
    at org.apache.catalina.core.StandardValveContext.invo keNext(StandardValveContext.java:104)
    at org.apache.catalina.core.StandardPipeline.invoke(S tandardPipeline.java:520)
    at org.apache.catalina.core.StandardContextValve.invo keInternal(StandardContextValve.java:198)
    at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:152)
    at org.apache.catalina.core.StandardValveContext.invo keNext(StandardValveContext.java:104)
    at org.apache.catalina.core.StandardPipeline.invoke(S tandardPipeline.java:520)
    at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:137)
    at org.apache.catalina.core.StandardValveContext.invo keNext(StandardValveContext.java:104)
    at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:118)
    at org.apache.catalina.core.StandardValveContext.invo keNext(StandardValveContext.java:102)
    at org.apache.catalina.core.StandardPipeline.invoke(S tandardPipeline.java:520)
    at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:109)
    at org.apache.catalina.core.StandardValveContext.invo keNext(StandardValveContext.java:104)
    at org.apache.catalina.core.StandardPipeline.invoke(S tandardPipeline.java:520)
    at org.apache.catalina.core.ContainerBase.invoke(Cont ainerBase.java:929)
    at org.apache.coyote.tomcat5.CoyoteAdapter.service(Co yoteAdapter.java:160)
    at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:799)
    at org.apache.coyote.http11.Http11Protocol$Http11Conn ectionHandler.processConnection(Http11Protocol.jav a:705)
    at org.apache.tomcat.util.net.TcpWorkerThread.runIt(P oolTcpEndpoint.java:577)
    at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:683)
    at java.lang.Thread.run(Thread.java:536)

    From what I can see the authenticating is working since the log4j generates this message in my Tomcat window -

    DEBUG [http-8080-Processor24] AbstractSecurityInterceptor.beforeInvo
    cation(386) | Authenticated: net.sf.acegisecurity.providers.UsernamePasswordAut h
    enticationToken@30b601: Username: net.sf.acegisecurity.providers.dao.User@86d597
    : Username: tomcat; Password: [PROTECTED]; Enabled: true; AccountNonExpired: tru
    e; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: tom
    cat; Password: [PROTECTED]; Authenticated: true; Details: net.sf.acegisecurity.u
    i.WebAuthenticationDetails@7f5bf9: RemoteIpAddress: 127.0.0.1; SessionId: 3AD771
    CA92A563BF9D181F6BB597ADB7; Granted Authorities: tomcat
    [raceevent] DEBUG [http-8080-Processor24] AbstractSecurityInterceptor.beforeInvo
    cation(404) | Authorization successful
    [raceevent] DEBUG [http-8080-Processor24] AbstractSecurityInterceptor.beforeInvo
    cation(417) | RunAsManager did not change Authentication object
    [raceevent] DEBUG [http-8080-Processor24] FilterChainProxy$VirtualFilterChain.do
    Filter(288) | /mainMenu.html reached end of additional filter chain; proceeding
    with original chain
    [raceevent] DEBUG [http-8080-Processor24] ApplicationDispatcher.<init>(148) | se
    rvletPath=/error.jsp, pathInfo=null, queryString=null, name=null
    [raceevent] DEBUG [http-8080-Processor24] ApplicationDispatcher.doForward(381) |
    Path Based Forward
    [raceevent] DEBUG [http-8080-Processor24] ApplicationDispatcher.doForward(418) |
    Disabling the response for futher output

    So it looks like the authentication worked, I'm not sure why the application will not redirect me to the mainmenu.jsp. If I remove the
    following line /*.html*=admin,tomcat from

    <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSe curityInterceptor">
    <property name="authenticationManager"><ref local="authenticationManager"/></property>
    <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>

    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /signup.html=ROLE_ANONYMOUS,admin,tomcat
    /passwordhint.html*=ROLE_ANONYMOUS,admin,tomcat
    /*.html*=admin,tomcat
    </value>
    </property>
    </bean>

    then it can access the mainmenu page, however now security and authentication is obviously not being used.

    Does anyone have any suggestion why this may be happening?

  • #2
    Nevermind. I solved it.

    I didn't modify the LoginServlet to use the userid now, instead of username.

    Comment

    Working...
    X