Announcement Announcement Module
Collapse
No announcement yet.
AuthenticationProcessingFilter Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • AuthenticationProcessingFilter

    I am trying to integrate my app with spring security 2.0.4. When redirecting j_spring_security_check, 404 error is shown:

    ------------------------------------------------------------------
    Error 404--Not Found
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.5 404 Not Found

    The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

    If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.
    -------------------------------------------------------------

    Here's the web.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
    version="2.4">
    <display-name>onsh</display-name>

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
    /WEB-INF/applicationContext.xml
    /WEB-INF/auth-servlet.xml
    </param-value>
    </context-param>

    <filter>
    <filter-name>ONSHAuthFilter</filter-name>
    <filter-class>
    org.springframework.web.filter.DelegatingFilterPro xy
    </filter-class>
    <init-param>
    <param-name>targetBeanName</param-name>
    <param-value>
    filterChainProxy
    </param-value>
    </init-param>
    </filter>

    <filter-mapping>
    <filter-name>ONSHAuthFilter</filter-name>
    <url-pattern>/main.html</url-pattern>
    </filter-mapping>

    <listener>
    <listener-class>org.springframework.web.context.ContextLoade rListener</listener-class>
    </listener>

    <session-config>
    <session-timeout>120</session-timeout>
    </session-config>

    <welcome-file-list>
    <welcome-file>main.html</welcome-file>
    </welcome-file-list>

    </web-app>


    And below is the auth-servlet.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans
    xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-2.5.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">

    <alias name="onshAuthenticationManager" alias="_authenticationManager"/>

    <bean id="authSecurityPropertyConfig" class="org.springframework.beans.factory.config.Pr opertyPlaceholderConfigurer">
    <property name="locations">
    <list>
    <value>/WEB-INF/auth.properties</value>
    </list>
    </property>
    <property name="ignoreUnresolvablePlaceholders" value="true" />
    </bean>

    <bean id="filterChainProxy" class="org.springframework.security.util.FilterCha inProxy">
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /main.html=authenticationFilter,exceptionTranslatio nFilter,filterSecurityInterceptor
    </value>
    </property>
    </bean>

    <bean id="exceptionTranslationFilter"
    class="org.springframework.security.ui.ExceptionTr anslationFilter">
    <property name="authenticationEntryPoint" ref="defaultAuthenticationEntryPoint" />
    <property name="accessDeniedHandler">
    <bean
    class="org.springframework.security.ui.AccessDenie dHandlerImpl">
    <property name="errorPage"
    value="/logfail.jsp" />
    </bean>
    </property>
    </bean>

    <bean id="defaultAuthenticationEntryPoint"
    class="org.springframework.security.ui.webapp.Auth enticationProcessingFilterEntryPoint">
    <property name="loginFormUrl" value="/login.jsp" />
    </bean>

    <bean id="authenticationFilter" class="org.springframework.security.ui.webapp.Auth enticationProcessingFilter">
    <property name="filterProcessesUrl" value="/onsh/j_spring_security_check" />
    <property name="authenticationManager" ref="onshAuthenticationManager" />
    <property name="authenticationFailureUrl" value="/onsh/logfail.jsp" />
    <property name="defaultTargetUrl" value="/" />
    </bean>

    <bean id="onshAuthenticationManager" class="onsh.server.auth.ONSHAuthenticationManager" >
    <property name="authService" ref="onshAuthenticator" />
    </bean>

    <bean id="onshAuthenticator" class="onsh.server.auth.ONSHAuthenticator" />

    <bean id="accessDecisionManager" class="org.springframework.security.vote.Affirmati veBased">
    <property name="decisionVoters">
    <list>
    <ref bean="roleVoter" />
    </list>
    </property>
    </bean>

    <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter ">
    <!-- <property name="rolePrefix" value="ROLE_" /> -->
    </bean>

    <bean id="authenticatedVoter"
    class="org.springframework.security.vote.Authentic atedVoter">
    </bean>

    <bean id="filterSecurityInterceptor"
    class="org.springframework.security.intercept.web. FilterSecurityInterceptor">
    <property name="authenticationManager" ref="onshAuthenticationManager" />
    <property name="accessDecisionManager" ref="accessDecisionManager" />
    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /main.html=ROLE_ONSHUSER
    </value>
    </property>
    </bean>

    </beans>


    and below is the login.jsp

    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Login page</title>
    </head>
    <body>
    <form name="f" action="j_spring_security_check" method="POST">
    <table>
    <tr><td>username:</td><td><input type='text' name='j_username' value='qweqwe'/></td></tr>
    <tr><td>password:</td><td><input type='password' name='j_password'></td></tr>

    <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
    <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
    </table>

    </form>
    </body>
    </html>

    Any advise would be appreciated.

  • #2
    It doesn't look like you have any filter mapping for Spring Security in your web.xml. There is only some other filter "ONSHAuthFilter".

    Comment


    • #3
      What filter mapping for Spring Security in web.xml should I put in? Thanks for help.

      why this filter mapping not work?

      <filter>
      <filter-name>ONSHAuthFilter</filter-name>
      <filter-class>
      org.springframework.web.filter.DelegatingFilterPro xy
      </filter-class>
      <init-param>
      <param-name>targetBeanName</param-name>
      <param-value>
      filterChainProxy
      </param-value>
      </init-param>
      </filter>

      <filter-mapping>
      <filter-name>ONSHAuthFilter</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>

      Comment


      • #4
        That's not what you had in your original post - the mapping only included "main.htm", as did the FilterChainProxy. So all other URLs will be ignored.

        Your configuration is also missing an HttpSessionContextIntegrationFilter so it will leak security contexts into the server thread pool.

        Comment


        • #5
          Thanks for the advise.

          I have updated the mapping included and the filter included, but still get the same error message.

          ------------------------------------------------------------------
          Error 404--Not Found
          From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
          10.4.5 404 Not Found

          The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

          If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.
          -------------------------------------------------------------
          web.xml

          <?xml version="1.0" encoding="UTF-8"?>
          <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
          version="2.4">
          <display-name>onsh</display-name>

          <context-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>
          /WEB-INF/applicationContext.xml
          /WEB-INF/auth-servlet.xml
          </param-value>
          </context-param>

          <filter>
          <filter-name>springSecurityFilterChain</filter-name>
          <filter-class>
          org.springframework.web.filter.DelegatingFilterPro xy
          </filter-class>
          <init-param>
          <param-name>targetBeanName</param-name>
          <param-value>filterChainProxy</param-value>
          </init-param>
          </filter>

          <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
          <url-pattern>/*</url-pattern>
          </filter-mapping>

          <listener>
          <listener-class>org.springframework.web.context.ContextLoade rListener</listener-class>
          </listener>

          <session-config>
          <session-timeout>2</session-timeout>
          </session-config>

          <welcome-file-list>
          <welcome-file>main.html</welcome-file>
          </welcome-file-list>

          </web-app>


          auth-servlet.xml

          <?xml version="1.0" encoding="UTF-8"?>
          <beans
          xmlns="http://www.springframework.org/schema/beans"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-2.5.xsd
          http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">

          <alias name="onshAuthenticationManager" alias="_authenticationManager"/>

          <bean id="authSecurityPropertyConfig" class="org.springframework.beans.factory.config.Pr opertyPlaceholderConfigurer">
          <property name="locations">
          <list>
          <value>/WEB-INF/auth.properties</value>
          </list>
          </property>
          <property name="ignoreUnresolvablePlaceholders" value="true" />
          </bean>

          <bean id="filterChainProxy" class="org.springframework.security.util.FilterCha inProxy">
          <property name="filterInvocationDefinitionSource">
          <value>
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT
          /main.html=httpSessionIntegrationFilter,authenticat ionFilter,exceptionTranslationFilter,filterSecurit yInterceptor
          /public/**=#NONE#
          </value>
          </property>
          </bean>

          <bean id="httpSessionIntegrationFilter"
          class="org.springframework.security.context.HttpSe ssionContextIntegrationFilter" />

          <bean id="exceptionTranslationFilter"
          class="org.springframework.security.ui.ExceptionTr anslationFilter">
          <property name="authenticationEntryPoint" ref="defaultAuthenticationEntryPoint" />
          <property name="accessDeniedHandler">
          <bean
          class="org.springframework.security.ui.AccessDenie dHandlerImpl">
          <property name="errorPage"
          value="/public/logfail.jsp" />
          </bean>
          </property>
          </bean>

          <bean id="defaultAuthenticationEntryPoint"
          class="org.springframework.security.ui.webapp.Auth enticationProcessingFilterEntryPoint">
          <property name="loginFormUrl" value="/public/login.jsp" />
          </bean>

          <bean id="authenticationFilter" class="org.springframework.security.ui.webapp.Auth enticationProcessingFilter">
          <property name="filterProcessesUrl" value="/j_spring_security_check" />
          <property name="authenticationManager" ref="onshAuthenticationManager" />
          <property name="authenticationFailureUrl" value="/public/logfail.jsp" />
          <property name="defaultTargetUrl" value="/" />
          </bean>

          <bean id="onshAuthenticationManager" class="onsh.server.auth.ONSHAuthenticationManager" >
          <property name="authService" ref="onshAuthenticator" />
          </bean>

          <bean id="onshAuthenticator" class="onsh.server.auth.ONSHAuthenticator" />

          <bean id="accessDecisionManager" class="org.springframework.security.vote.Affirmati veBased">
          <property name="decisionVoters">
          <list>
          <ref bean="roleVoter" />
          </list>
          </property>
          </bean>

          <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter ">
          <!-- <property name="rolePrefix" value="ROLE_" /> -->
          </bean>

          <bean id="authenticatedVoter"
          class="org.springframework.security.vote.Authentic atedVoter">
          </bean>

          <bean id="filterSecurityInterceptor"
          class="org.springframework.security.intercept.web. FilterSecurityInterceptor">
          <property name="authenticationManager" ref="onshAuthenticationManager" />
          <property name="accessDecisionManager" ref="accessDecisionManager" />
          <property name="objectDefinitionSource">
          <value>
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT
          /main.html=ROLE_ONSHUSER
          </value>
          </property>
          </bean>

          </beans>

          Comment


          • #6
            Any advise would be appreciated.

            May I ask if redirect to j_spring_security_check, is there any setting needed beside in web.xml and in the AuthenticationProcessingFilter ?

            Comment


            • #7
              Have you considered using the namespace configuration? This makes the configuration a lot easier and is less prone to errors. Also try starting from one of the sample application configurations.

              Comment

              Working...
              X