Announcement Announcement Module
Collapse
No announcement yet.
endless redirect when hitting application Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • endless redirect when hitting application

    I am new to acegi... my app is using the latest Spring MVC and latest acegi production builds.

    I can't tell what exactly is happening but it seems that I get into an endless redirect when trying to hit anything within my application.

    The following is my applicationContext.xml, web.xml, and my applicationContext-acegi-security.xml files

    I would imagine it is something simple but I don't see anything right off the bat that would cause this.

    ------------------------------------------------
    web.xml
    ------------------------------------------------
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
    version="2.4">

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
    /WEB-INF/applicationContext.xml
    /WEB-INF/applicationContext-acegi-security.xml
    </param-value>
    </context-param>

    <listener>
    <listener-class>
    org.springframework.web.context.ContextLoaderListe ner
    </listener-class>
    </listener>

    <servlet>
    <servlet-name>erapp</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
    <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
    <servlet-name>erapp</servlet-name>
    <url-pattern>*.htm</url-pattern>
    </servlet-mapping>

    <!-- - - - - - - - ACEGI FILTERS - - - - - - - - -->
    <filter>
    <filter-name>Acegi Integration Filter</filter-name>
    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
    <param-name>targetClass</param-name>
    <param-value>net.sf.acegisecurity.context.HttpSessionCont extIntegrationFilter</param-value>
    </init-param>
    </filter>

    <filter>
    <filter-name>Acegi Authentication Processing Filter</filter-name>
    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
    <param-name>targetClass</param-name>
    <param-value>net.sf.acegisecurity.ui.webapp.Authenticatio nProcessingFilter</param-value>
    </init-param>
    </filter>

    <filter>
    <filter-name>Acegi HTTP Request Security Filter</filter-name>
    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
    <param-name>targetBean</param-name>
    <param-value>securityEnforcementFilter</param-value>
    </init-param>
    </filter>

    <filter-mapping>
    <filter-name>Acegi Integration Filter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
    <filter-name>Acegi Authentication Processing Filter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
    <filter-name>Acegi HTTP Request Security Filter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!-- - - - - - - - END ACEGI FILTERS - - - - - - - - -->

    <welcome-file-list>
    <welcome-file>
    login.jsp
    </welcome-file>
    </welcome-file-list>

    </web-app>

    -------------------------------------------
    applicationContext.xml
    -------------------------------------------
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

    <beans>

    <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.Pr opertyPlaceholderConfigurer">
    <property name="location" value="/WEB-INF/jdbc.properties"/>
    </bean>

    <!-- Local C3P0 DataSource that works in any environment -->
    <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close">
    <property name="driverClass" value="${jdbc.driverClassName}"/>
    <property name="jdbcUrl" value="${jdbc.url}"/>
    <property name="user" value="${jdbc.username}"/>
    <property name="password" value="${jdbc.password}"/>
    </bean>

    <!-- Hibernate SessionFactory -->
    <bean id="sessionFactory" class="org.springframework.orm.hibernate3.LocalSes sionFactoryBean">
    <property name="dataSource" ref="dataSource"/>
    <property name="configLocation">
    <value>/WEB-INF/hibernate.cfg.xml</value>
    </property>
    <property name="configurationClass">
    <value>org.hibernate.cfg.AnnotationConfiguration </value>
    </property>
    <property name="hibernateProperties">
    <props>
    <prop key="hibernate.dialect">${hibernate.dialect}</prop>
    <prop key="hibernate.show_sql">true</prop>
    <prop key="hibernate.generate_statistics">true</prop>
    </props>
    </property>
    <property name="eventListeners">
    <map>
    <entry key="merge">
    <bean class="org.springframework.orm.hibernate3.support. IdTransferringMergeEventListener"/>
    </entry>
    </map>
    </property>
    </bean>

    <!-- Transaction manager for a single Hibernate SessionFactory (alternative to JTA) -->
    <bean id="transactionManager" class="org.springframework.orm.hibernate3.Hibernat eTransactionManager">
    <property name="sessionFactory" ref="sessionFactory"/>
    </bean>

    </beans>


    -----------------------------------------------
    applicationContext-acegi-security.xml
    -----------------------------------------------
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

    <!--
    - Application context containing authentication, channel
    - security and web URI beans.
    -
    - Only used by "filter" artifact.
    -
    - $Id: applicationContext-acegi-security.xml,v 1.9 2005/09/04 20:09:56 markstg Exp $
    -->

    <beans>

    <!-- = = = = = = = SECURITY FILTERS = = = = = = = -->
    <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.Security EnforcementFilter">
    <property name="filterSecurityInterceptor">
    <ref bean="filterInvocationInterceptor"/>
    </property>
    <property name="authenticationEntryPoint">
    <ref bean="authenticationEntryPoint"/>
    </property>
    </bean>

    <bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.Authenticati onProcessingFilter">
    <property name="filterProcessesUrl">
    <value>/j_acegi_security_check</value>
    </property>
    <property name="authenticationFailureUrl">
    <value>/login.jsp?failed=true</value>
    </property>
    <property name="defaultTargetUrl">
    <value>/</value>
    </property>
    <property name="authenticationManager">
    <ref bean="authenticationManager"/>
    </property>
    </bean>


    <bean id="integrationFilter" class="net.sf.acegisecurity.context.HttpSessionCon textIntegrationFilter">
    <property name="context">
    <value>net.sf.acegisecurity.context.security.Secur eContextImpl</value>
    </property>
    </bean>

    <bean id="authenticationEntryPoint" class="net.sf.acegisecurity.ui.webapp.Authenticati onProcessingFilterEntryPoint">
    <property name="loginFormUrl">
    <value>/login.jsp</value>
    </property>
    </bean>

    <!-- = = = = = = = = SECURITY INTERCEPTOR = = = = = = = = -->
    <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSe curityInterceptor">
    <property name="authenticationManager">
    <ref bean="authenticationManager"/>
    </property>
    <property name="accessDecisionManager">
    <ref bean="accessDecisionManager"/>
    </property>
    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=ROLE_USER,ROLE_ADMIN
    </value>
    </property>
    </bean>

    <!-- = = = = = = = = AUTHENTICATION = = = = = = = -->
    <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderMana ger">
    <property name="providers">
    <list>
    <ref bean="daoAuthenticationProvider"/>
    </list>
    </property>
    </bean>

    <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthe nticationProvider">
    <property name="authenticationDao">
    <ref bean="authenticationDao"/>
    </property>
    </bean>

    <bean id="authenticationDao" class="net.sf.acegisecurity.providers.dao.jdbc.Jdb cDaoImpl">
    <property name="dataSource">
    <ref bean="dataSource"/>
    </property>
    </bean>

    <!-- = = = = = = = = ACCESS CONTROL = = = = = = = -->
    <bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased" >
    <property name="allowIfAllAbstainDecisions">
    <value>false</value>
    </property>
    <property name="decisionVoters">
    <list>
    <ref bean="roleVoter"/>
    </list>
    </property>
    </bean>

    <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>

    </beans>



    Thanks,
    Steve

  • #2
    Your logon page is being picked up as a secure resource

    Code:
    <value> 
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 
    PATTERN_TYPE_APACHE_ANT 
    /**=ROLE_USER,ROLE_ADMIN 
    </value>
    If your redirect to /login.jsp

    Code:
    <bean id="authenticationEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> 
    <property name="loginFormUrl"> 
    <value>/login.jsp</value> 
    </property> 
    </bean>
    its going to endlessly loop.

    Basically you are redirecting to a secured resource (/login.jsp)

    See the Acegi forums for the same issue... its a common one.

    Cheers
    Mark

    Comment


    • #3
      That was it... thanks, Steve

      Comment

      Working...
      X