Announcement Announcement Module
Collapse
No announcement yet.
Authentication object disappears Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authentication object disappears

    Hi again guys,

    I'm still suffering from the problem with passed authentication but no authorization. I noticed that after authentication has been successfully performed the debug log says that Authentication object is not found:

    Code:
    DEBUG 2009-12-20 16:27:00,740 (org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource) - Candidate is: '/internalapplication/fetch_site_configurations.htm'; pattern is /internalapplication/**; matched=true
    DEBUG 2009-12-20 16:27:00,740 (org.springframework.security.intercept.AbstractSecurityInterceptor) - Secure object: FilterInvocation: URL: /internalapplication/fetch_site_configurations.htm; ConfigAttributes: [ROLE_RLE-US-IT DEVELOPMENT-FORMS-STAFF]
    DEBUG 2009-12-20 16:27:00,740 (org.springframework.web.context.support.XmlWebApplicationContext) - Publishing event in context [[email protected]2da0700]: org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent[source=FilterInvocation: URL: /internalapplication/fetch_site_configurations.htm]
    DEBUG 2009-12-20 16:27:00,740 (org.springframework.security.ui.ExceptionTranslationFilter) - Authentication exception occurred; redirecting to authentication entry point
    org.springframework.security.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
    	at org.springframework.security.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:342)
    	at org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:254)
    	at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106)
    	at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    	at org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:52)
    	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    I configured everything by the book, how comes it disappears?

    Could my Weblogic 10 server interfere with the Spring authorization?

  • #2
    I also noticed a frequent session creation and destruction during the authenticating process. Is that normal? Can anyone post a debug log of a working Spring security functionality so I can compare?
    Last edited by Lolas Cat; Dec 21st, 2009, 11:57 AM.

    Comment


    • #3
      Run one of the sample applications and you will obtain the expected out put from a working application.

      Comment


      • #4
        Luke,

        Can you think of any reason why HttpSessionContextIntegrationFilter wouldn't find the session? This is what happens to me after Authentication. The details are stored into Session but when the time comes to authorize HttpSessionContextIntegrationFilter complains that no HTTP Session exist.
        H
        However, I know for a fact that the session with the stored Context exist (I see it in the debugger).

        Comment

        Working...
        X