Announcement Announcement Module
Collapse
No announcement yet.
Error in overriding EXCEPTION_TRANSLATION_FILTER Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Error in overriding EXCEPTION_TRANSLATION_FILTER

    Using spring security 2.0.4 and have below configuration
    Code:
    	<http auto-config="false" entry-point-ref="authenticationEntryPoint">
     		
     		<!-- Things that should be totally ignored by Spring Security -->
     		<intercept-url pattern="/**/*.js" filters="none" access="ROLE_USER,ROLE_ANONYMOUS"/>
      		<intercept-url pattern="/**/*.css" filters="none" access="ROLE_USER,ROLE_ANONYMOUS"/>
      		<intercept-url pattern="/**/*.gif" filters="none" access="ROLE_USER,ROLE_ANONYMOUS"/>
      		<intercept-url pattern="/**/*.jpg" filters="none" access="ROLE_USER,ROLE_ANONYMOUS"/>
     		<intercept-url pattern="/dwr/call/plaincall/FCLogout.getLogouts.dwr" filters="none" access="ROLE_USER,ROLE_ANONYMOUS"/>
     		
     		<intercept-url pattern="/**" access="ROLE_USER" />
      		
      		<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" /> 
      		<anonymous />
      		
    	</http>
    	
    	<beans:bean id="authenticationEntryPoint"
            class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        		<beans:property name="loginFormUrl" value="/login.ht" />
       			<beans:property name="forceHttps" value="true" />
       			
      	</beans:bean>
      	
      
      	<beans:bean id="exceptionTranslationFilter"
    			class="org.springframework.security.ui.ExceptionTranslationFilter">
    			<custom-filter position="EXCEPTION_TRANSLATION_FILTER"/>
    			<beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
    			<beans:property name="accessDeniedHandler" ref="accessDeniedHandler" />
    	</beans:bean>
    	
    	<beans:bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDeniedHandlerImpl">
    		<beans:property name="errorPage" value="/error.ht" />
    	</beans:bean>
    	
     	
     	<authentication-manager alias="authenticationManager"/>
     
     	<beans:bean id="tscAuthenticationProcessingFilter" class="AuthenticationProcessingFilter">
      		<custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
      		<beans:property name="authenticationManager" ref="authenticationManager"/>
      		
      		<beans:property name="targetUrlResolver">
      			<beans:bean class="TargetUrlResolver"/>
      		</beans:property>
      		
      		<beans:property name="defaultTargetUrl" value="/nowhere.ht"/>
      		<beans:property name="filterProcessesUrl" value="/j_spring_security_check.ht"/>
      		<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
    	</beans:bean>
    and I am getting the follwoing exception
    Code:
    [2010-07-14 17:31:41,341] ERROR - server.startup : 1 - org.springframework.web.servlet.FrameworkServlet initServletBean - Context initialization failed 
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainProxy': Initialization of bean failed; nested exception is org.springframework.security.config.SecurityConfigurationException: Filters 'org.springframework.security.ui.ExceptionTranslationFilter[ order=1400; ]' and 'org.springframework.security.ui.ExceptionTranslationFilter[ order=1400; ]' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:480)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
    	at java.security.AccessController.doPrivileged(AccessController.java:214)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
    	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
    	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
    	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
    	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)
    	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)
    	at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:255)
    	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199)
    	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
    	at com.ibm.ws.wswebcontainer.webapp.WebApp.notifyServletContextCreated(WebApp.java:608)
    	at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinish(WebApp.java:266)
    	at com.ibm.ws.wswebcontainer.webapp.WebApp.initialize(WebApp.java:272)
    	at com.ibm.ws.wswebcontainer.webapp.WebGroup.addWebApplication(WebGroup.java:88)
    	at com.ibm.ws.wswebcontainer.VirtualHost.addWebApplication(VirtualHost.java:157)
    	at com.ibm.ws.wswebcontainer.WebContainer.addWebApp(WebContainer.java:655)
    	at com.ibm.ws.wswebcontainer.WebContainer.addWebApplication(WebContainer.java:608)
    	at com.ibm.ws.webcontainer.component.WebContainerImpl.install(WebContainerImpl.java:333)
    	at com.ibm.ws.webcontainer.component.WebContainerImpl.start(WebContainerImpl.java:549)
    	at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1295)
    	at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart(DeployedApplicationImpl.java:1129)
    	at com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl.java:567)
    	at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:814)
    	at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:948)
    	at com.ibm.ws.runtime.component.ApplicationMgrImpl$AppInitializer.run(ApplicationMgrImpl.java:2114)
    	at com.ibm.wsspi.runtime.component.WsComponentImpl$_AsynchInitializer.run(WsComponentImpl.java:340)
    	at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510)
    Caused by: 
    org.springframework.security.config.SecurityConfigurationException: Filters 'org.springframework.security.ui.ExceptionTranslationFilter[ order=1400; ]' and 'org.springframework.security.ui.ExceptionTranslationFilter[ order=1400; ]' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.
    	at org.springframework.security.config.FilterChainProxyPostProcessor.postProcessBeforeInitialization(FilterChainProxyPostProcessor.java:65)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:350)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1331)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)
    	... 31 more

  • #2
    You can't replace the ExceptionTranslationFilter when using the namespace. You can inject a custom AuthenticationEntryPoint and in 3.0, you can inject an AccesDeniedHandler. Alternatively map your access-denied logic to a controller and handle it here.

    Comment

    Working...
    X