Announcement Announcement Module
Collapse
No announcement yet.
Jquery Tabs Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Jquery Tabs

    Hi,

    I am having an issue with spring security and jquery tabs. All of my tabs are loading their content via ajax. At the top of each of the pages being loaded by the tabs I have the following piece of code:

    Code:
    <sec:authorize access="isAuthenticated()">
        <% response.setHeader("REQUIRES_AUTH", "1"); %>
    </sec:authorize>
    Then in my tabs javascript code I have the following option:

    Code:
    complete: function(xhr, status) {
        if (status != "error" && xhr.getResponseHeader("REQUIRES_AUTH") != "1")
            window.location.replace("../../login.jsp");
    }
    The issue happens when I am already logged in and I create a new tab. If I close the new tab I just created, an already existing tab is selected, but I get thrown out of my app and back to my login.jsp page even though I'm already authenticated and logged in.

    Here is the appsecurity.xml file

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <beans:beans xmlns="http://www.springframework.org/schema/security" 
                 xmlns:beans="http://www.springframework.org/schema/beans" 
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xsi:schemaLocation="http://www.springframework.org/schema/beans
                                     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                                     http://www.springframework.org/schema/security
                                     http://www.springframework.org/schema/security/spring-security-3.0.xsd">
        
        <http use-expressions="true" lowercase-comparisons="false">
            <intercept-url pattern="/css/**" filters="none" />
            <intercept-url pattern="/img/**" filters="none" />
            <intercept-url pattern="/js/**" filters="none" />
            <intercept-url pattern="/secure/**" access="isAuthenticated()" />
            <intercept-url pattern="/**" access="permitAll" />
            <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1" default-target-url="/secure/index.jsp" always-use-default-target="true" />
            <logout invalidate-session="true"  logout-success-url="/login.jsp" />
            <remember-me data-source-ref="inMemDataSource" user-service-ref="myUserDetails" token-validity-seconds="1800" />
            <access-denied-handler error-page="/login.jsp?login_error=1" />
            <session-management session-authentication-error-url="/login.jsp?login_error=1" session-fixation-protection="migrateSession" invalid-session-url="/login.jsp">
                <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/timeout.jsp" />
            </session-management>
        </http>
        
        <global-method-security secured-annotations="enabled" jsr250-annotations="enabled" pre-post-annotations="enabled" />
        
        <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
            <beans:constructor-arg value=""/>
            <beans:property name="password" value="password"/>
        </beans:bean>
        
        <beans:bean id="authPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
            <beans:constructor-arg ref="contextSource"/>
            <beans:constructor-arg value="" />
            <beans:property name="groupRoleAttribute" value="cn" />
            <beans:property name="searchSubtree" value="true" />
            <beans:property name="rolePrefix" value="ROLE_" />
        </beans:bean>
        
        <beans:bean id="myUserDetails" class="org.springframework.security.ldap.userdetails.LdapUserDetailsService">
            <beans:constructor-arg>
                <beans:bean class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                    <beans:constructor-arg value="" />
                    <beans:constructor-arg value="" />
                    <beans:constructor-arg ref="contextSource" />
                </beans:bean>
            </beans:constructor-arg>
            <beans:constructor-arg ref="authPopulator" />
        </beans:bean>
    
        <beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
            <beans:constructor-arg>
                <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
                    <beans:constructor-arg ref="contextSource"/>
                    <beans:property name="userDnPatterns">
                        <beans:list><beans:value>cn={0},ou=provenirusers,o=bnk</beans:value></beans:list>
                    </beans:property>
                </beans:bean>
            </beans:constructor-arg>
            <beans:constructor-arg ref="authPopulator" />
        </beans:bean>
        
        <authentication-manager>
            <authentication-provider ref="ldapAuthProvider" user-service-ref="myUserDetails">
                <password-encoder hash="md5" />
            </authentication-provider>
        </authentication-manager>
    
    </beans:beans>

  • #2
    Here is the log output I see:

    Code:
    [#|2010-06-09T19:02:44.179-0400|INFO|glassfishv3.0|javax.enterprise.system.std.com.sun.enterprise.v3.services.impl|_ThreadID=39;_ThreadName=http-thread-pool-8080-(8);|[DEBUG,FilterChainProxy,http-thread-pool-8080-(8)] Candidate is: '/secure/air/airGuarantors.jsp'; pattern is /css/**; matched=false
    |#]
    
    [#|2010-06-09T19:02:44.179-0400|INFO|glassfishv3.0|javax.enterprise.system.std.com.sun.enterprise.v3.services.impl|_ThreadID=39;_ThreadName=http-thread-pool-8080-(8);|[DEBUG,FilterChainProxy,http-thread-pool-8080-(8)] Candidate is: '/secure/air/airGuarantors.jsp'; pattern is /img/**; matched=false
    |#]
    
    [#|2010-06-09T19:02:44.179-0400|INFO|glassfishv3.0|javax.enterprise.system.std.com.sun.enterprise.v3.services.impl|_ThreadID=39;_ThreadName=http-thread-pool-8080-(8);|[DEBUG,FilterChainProxy,http-thread-pool-8080-(8)] Candidate is: '/secure/air/airGuarantors.jsp'; pattern is /js/**; matched=false
    |#]
    
    [#|2010-06-09T19:02:44.179-0400|INFO|glassfishv3.0|javax.enterprise.system.std.com.sun.enterprise.v3.services.impl|_ThreadID=39;_ThreadName=http-thread-pool-8080-(8);|[DEBUG,FilterChainProxy,http-thread-pool-8080-(8)] Candidate is: '/secure/air/airGuarantors.jsp'; pattern is /**; matched=true
    |#]
    
    [#|2010-06-09T19:02:44.179-0400|INFO|glassfishv3.0|javax.enterprise.system.std.com.sun.enterprise.v3.services.impl|_ThreadID=39;_ThreadName=http-thread-pool-8080-(8);|[DEBUG,FilterChainProxy,http-thread-pool-8080-(8)] /secure/air/airGuarantors.jsp?_=1276124564179 at position 1 of 11 in additional filter chain; firing Filter: '[email protected]c9fc25'
    |#]
    
    [#|2010-06-09T19:02:44.179-0400|INFO|glassfishv3.0|javax.enterprise.system.std.com.sun.enterprise.v3.services.impl|_ThreadID=39;_ThreadName=http-thread-pool-8080-(8);|[DEBUG,FilterChainProxy,http-thread-pool-8080-(8)] /secure/air/airGuarantors.jsp?_=1276124564179 at position 2 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@841423'
    |#]
    
    [#|2010-06-09T19:02:44.179-0400|INFO|glassfishv3.0|javax.enterprise.system.std.com.sun.enterprise.v3.services.impl|_ThreadID=39;_ThreadName=http-thread-pool-8080-(8);|[DEBUG,HttpSessionSecurityContextRepository,http-thread-pool-8080-(8)] Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: '[email protected]688f0: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@359688f0: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@1be7fb2: Username: tlaverriere; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_PRSB_TEST_PROVENIRADMIN, ROLE_PRSB_PROVENIRADMIN, ROLE_PROVENIR_DEV_ADMIN_REPO, ROLE_PRCL_QA_PROVENIRADMIN, ROLE_PRSB_ADMINRSB_ADMIN, ROLE_PRSB_QA_PROVENIRADMIN, ROLE_PRCL_DEV_PROVENIRADMIN, ROLE_PRSB_BAT_PROVENIRADMIN, ROLE_PROVENIR_DEV_ADMIN_JMX, ROLE_PRSB_PROVPAGEDEVTEST, ROLE_PROVROLE, ROLE_PRSB_ADMINDATAENTRY, ROLE_PROVENIR_DEV_ADMIN_DE, ROLE_PROVENIR_DEV_DEVELOPER, ROLE_PROVENIRADMIN, ROLE_PRSB_DEV_PROVENIRADMIN, ROLE_PRCL_TEST_PROVENIRADMIN, ROLE_ROLE1, ROLE_PRCL_PROVPAGEDEVTEST, ROLE_PRSB_SIT_PROVENIRADMIN, ROLE_PRSB_PAT_PROVENIRADMIN, ROLE_PRCL_ADMINRSB_ADMIN, ROLE_PROVPAGE, ROLE_PRCL_SIT_PROVENIRADMIN, ROLE_PROVENIR_DEV_ADMIN_TOMCAT, ROLE_NOWORKFOCEID DYNAMIC GROUP, ROLE_EVERYONE DYNAMIC USER, ROLE_PRCL_PROVENIRADMIN, ROLE_PRCL_BAT_PROVENIRADMIN, ROLE_PRCL_PAT_PROVENIRADMIN; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1c07a: RemoteIpAddress: 127.0.0.1; SessionId: ef30057a0fe1b06a3ba8df5705b1; Granted Authorities: ROLE_PRSB_TEST_PROVENIRADMIN, ROLE_PRSB_PROVENIRADMIN, ROLE_PROVENIR_DEV_ADMIN_REPO, ROLE_PRCL_QA_PROVENIRADMIN, ROLE_PRSB_ADMINRSB_ADMIN, ROLE_PRSB_QA_PROVENIRADMIN, ROLE_PRCL_DEV_PROVENIRADMIN, ROLE_PRSB_BAT_PROVENIRADMIN, ROLE_PROVENIR_DEV_ADMIN_JMX, ROLE_PRSB_PROVPAGEDEVTEST, ROLE_PROVROLE, ROLE_PRSB_ADMINDATAENTRY, ROLE_PROVENIR_DEV_ADMIN_DE, ROLE_PROVENIR_DEV_DEVELOPER, ROLE_PROVENIRADMIN, ROLE_PRSB_DEV_PROVENIRADMIN, ROLE_PRCL_TEST_PROVENIRADMIN, ROLE_ROLE1, ROLE_PRCL_PROVPAGEDEVTEST, ROLE_PRSB_SIT_PROVENIRADMIN, ROLE_PRSB_PAT_PROVENIRADMIN, ROLE_PRCL_ADMINRSB_ADMIN, ROLE_PROVPAGE, ROLE_PRCL_SIT_PROVENIRADMIN, ROLE_PROVENIR_DEV_ADMIN_TOMCAT, ROLE_NOWORKFOCEID DYNAMIC GROUP, ROLE_EVERYONE DYNAMIC USER, ROLE_PRCL_PROVENIRADMIN, ROLE_PRCL_BAT_PROVENIRADMIN, ROLE_PRCL_PAT_PROVENIRADMIN'
    |#]
    
    [#|2010-06-09T19:02:44.179-0400|INFO|glassfishv3.0|javax.enterprise.system.std.com.sun.enterprise.v3.services.impl|_ThreadID=39;_ThreadName=http-thread-pool-8080-(8);|[DEBUG,FilterChainProxy,http-thread-pool-8080-(8)] /secure/air/airGuarantors.jsp?_=1276124564179 at position 3 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@1463027'
    |#]
    
    [#|2010-06-09T19:02:44.179-0400|INFO|glassfishv3.0|javax.enterprise.system.std.com.sun.enterprise.v3.services.impl|_ThreadID=39;_ThreadName=http-thread-pool-8080-(8);|[DEBUG,FilterChainProxy,http-thread-pool-8080-(8)] /secure/air/airGuarantors.jsp?_=1276124564179 at position 4 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1038048'
    |#]
    
    [#|2010-06-09T19:02:44.273-0400|INFO|glassfishv3.0|javax.enterprise.system.std.com.sun.enterprise.v3.services.impl|_ThreadID=41;_ThreadName=http-thread-pool-8080-(7);|[DEBUG,FilterChainProxy,http-thread-pool-8080-(7)] Candidate is: '/secure/air/airLoans.jsp'; pattern is /css/**; matched=false
    |#]
    
    [#|2010-06-09T19:02:44.273-0400|INFO|glassfishv3.0|javax.enterprise.system.std.com.sun.enterprise.v3.services.impl|_ThreadID=28;_ThreadName=http-thread-pool-8080-(1);|[DEBUG,FilterChainProxy,http-thread-pool-8080-(1)] Candidate is: '/login.jsp'; pattern is /css/**; matched=false
    |#]

    Comment

    Working...
    X