Announcement Announcement Module
Collapse
No announcement yet.
Security tags not working? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security tags not working?

    Hello, I've been using Spring Security (1.x) with an old project with no problems, but now I have ported the security code to a new project, with Spring Security 2.0.5, and seems like the tags don't work:

    In my JSP:
    Code:
                
    <%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec"%>
    
    ...
    
    <div id="user_info">
        <sec:authentication property="principal.authorities"/> 
        <sec:authentication property="principal.lastname" /> 
        <sec:authentication property="principal.username" /> &nbsp; 
        ${SPRING_SECURITY_CONTEXT.authentication.principal.username}
    </div>
    The tags don't show anything, and if I debug through the source code, it's like the SecurityContext is not in the session. However, the ${SPRING_SECURITY_CONTEXT.authentication.principal .username} expression shows the correct username of the logged in user:

    http://i298.photobucket.com/albums/m...curityTags.png

    My Spring Security configuration is quite simple, but I don't think it has something to do with this problem:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:context="http://www.springframework.org/schema/context"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd
            http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd">
    
        
        <http auto-config="true"  access-decision-manager-ref="accessDecisionManager">
            <form-login login-page="/jsp/login.jsp"/>
            <intercept-url pattern="/index.jsp" access="ROLE_ANONYMOUS, ROLE_USER" />
            <intercept-url pattern="/jsp/login.jsp" filters="none"/>
            <intercept-url pattern="/menu/MenuGenerator.action" access="ROLE_ANONYMOUS, ROLE_USER" />
            <intercept-url pattern="/**/*.action" access="ROLE_USER" />
            <intercept-url pattern="/**/*.jsp" access="ROLE_USER" />
        </http>
        <authentication-provider user-service-ref="userService" >
            <password-encoder ref="passEncoder"/>
        </authentication-provider>
        
        <beans:bean id="passEncoder" class="org.springframework.security.providers.encoding.PlaintextPasswordEncoder"/>
        
        <beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
            <beans:property name="allowIfAllAbstainDecisions" value="false"/>
            <beans:property name="decisionVoters">
                <beans:list>
                    <beans:bean class="com.playjam.webuser.impl.AdministratorVoter"/>
                    <beans:bean class="org.springframework.security.vote.RoleVoter"/>
                    <beans:bean class="org.springframework.security.vote.AuthenticatedVoter"/>
                </beans:list>
             </beans:property>
        </beans:bean>
        
    </beans:beans>
    The log seems to be normal to me:
    Code:
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource  - Converted URL to lowercase, from: '/menu/menugenerator.action'; to: '/menu/menugenerator.action'
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource  - Candidate is: '/menu/menugenerator.action'; pattern is /index.jsp; matched=false
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource  - Candidate is: '/menu/menugenerator.action'; pattern is /menu/menugenerator.action; matched=true
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.AbstractSecurityInterceptor  - Secure object: FilterInvocation: URL: /menu/MenuGenerator.action; ConfigAttributes: [ROLE_ANONYMOUS, ROLE_USER]
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.AbstractSecurityInterceptor  - Previously Authenticated: org.springframework.security.providers.UsernamePasswordAuthenticationToken@6d9d22e7: Principal: com.playjam.webuser.PlayJamUser@3ad4f000: Username: asarco; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN, ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: DEE2653B1CEFE29CF58D47C179C1B224; Granted Authorities: ROLE_ADMIN, ROLE_USER
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.AbstractSecurityInterceptor  - Authorization successful
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.AbstractSecurityInterceptor  - RunAsManager did not change Authentication object
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.util.FilterChainProxy  - /menu/MenuGenerator.action reached end of additional filter chain; proceeding with original chain
    However this piece looks like the SecurityContext is being cleared, however not being removed from the session:
    Code:
    2009-12-29 16:37:47,994 [http-8080-5] DEBUG org.springframework.security.context.HttpSessionContextIntegrationFilter  - SecurityContextHolder now cleared, as request processing completed
    Any ideas?
    Thanks.
Working...
X