Announcement Announcement Module
Collapse
No announcement yet.
Login screen not appearing Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Login screen not appearing

    I just started with Acegi security. I copied and tweaked application-context.xml and most of the web.xml file from a sample app that I (finally) got to work. However, my login screen never appears. Here's the code:

    application-context.xml:
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN/EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd" >
    <beans>
    
    
    
    	<bean id="memoryAuthenticationDao" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
    	    <property name="userMap">
    	        <value>
    	            user=pass,ROLE_USER,ROLE_SUPERVISOR
    	            user1=pass,ROLE_USER
    	            user2=pass,ROLE_USER
    	        </value>
    	    </property>
    	</bean>
    	
    	<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
    	     <property name="authenticationDao">
    	         <ref local="memoryAuthenticationDao"/>
    	     </property>
    	</bean>
    	
    	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
    	    <property name="providers">
    	        <list>
    	            <ref bean="daoAuthenticationProvider"/>
    	        </list>
    	    </property>
    	</bean>
    	
    	<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
    	    <property name="authenticationManager">
    	        <ref bean="authenticationManager"/>
    	    </property>
    	    <property name="authenticationFailureUrl">
    	        <value>/login.jsp?error=1</value>
    	    </property>
    	    <property  name="defaultTargetUrl">
    	        <value>/</value>
    	    </property>
    	    <property name="filterProcessesUrl">
    	        <value>/j_acegi_security_check</value>
    	    </property>
    	</bean>
    	
    	<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
    
    	<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.UnanimousBased">
    	    <property name="allowIfAllAbstainDecisions">
    	        <value>false</value>
    	    </property>
    	    <property name="decisionVoters">
    	        <list>
    	           <ref local="roleVoter"/>
    	        </list>
    	    </property>
    	</bean>
    
    	<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
    	    <property name="filterSecurityInterceptor">
    	        <ref bean="filterInvocationInterceptor"/>
    	    </property>
    	    <property name="authenticationEntryPoint">
    	        <ref bean="authenticationEntryPoint"/>
    	    </property>
    	</bean>
    
    
    	<!--
    	<bean id="httpSessionIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
    	-->
    	<bean id="httpSessionIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
                <property name="context">
                    <value>net.sf.acegisecurity.context.security.SecureContextImpl</value>
                </property>
    	</bean>
    		
    	<bean id="authenticationEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    	    <property name="loginFormUrl">
    	        <value>/login.jsp</value>
    	    </property>
    	</bean>
    	
    	<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
    	    <property name="authenticationManager">
    	        <ref bean="authenticationManager"/></property>
    	    <property name="accessDecisionManager">
    	        <ref bean="accessDecisionManager"/></property>
    	    <property name="objectDefinitionSource">
                    <value>
                      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                      PATTERN_TYPE_APACHE_ANT
                       /WEB-INF/jsp/**=ROLE_SUPERVISOR
                       /WEB-INF/**=ROLE_USER,ROLE_SUPERVISOR
    
                    </value>
    	    </property>
    	</bean>
    	
    </beans>
    portions of web.xml:
    Code:
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/applicationContext.xml
    	</param-value>
        </context-param>
    	
        <!-- Obtains Authentication from HttpSession attribute, puts it into
            ContextHolder for request duration, proceeds with request, then
            copies Authentication from ContextHolder back into HttpSession -->
        <filter>
            <filter-name>Acegi Security System for Spring HttpSession Integration Filter
            </filter-name>
            <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
            <init-param>
                <param-name>targetClass</param-name>
                <param-value>net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter
                </param-value>
            </init-param>
        </filter>
        
        <filter>
    	    <filter-name>Acegi Authentication Processing Filter</filter-name>
    	    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    	    <init-param>
    	        <param-name>targetClass</param-name>
    	        <param-value>net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter
                    </param-value>
    	    </init-param>
    	</filter>
    
    	<filter>
    	    <filter-name>Acegi HTTP Request Security Filter</filter-name>
    	    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    	    <init-param>
    	        <param-name>targetClass</param-name>
    	        <param-value>net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter
                    </param-value>
    	    </init-param>
    	</filter>
    	
      <filter> 
        <filter-name>multipartFilter</filter-name> 
        <filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class> 
      </filter>
    
    
        <filter-mapping>
            <filter-name>Acegi Security System for Spring HttpSession Integration Filter
            </filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        	
        <filter-mapping>
            <filter-name>Acegi Authentication Processing Filter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        	
        <filter-mapping>
            <filter-name>Acegi HTTP Request Security Filter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>	
    	
        <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener
            </listener-class>
        </listener>
    and my login.jsp:
    Code:
    <%
    //	response.sendRedirect&#40;"login.action"&#41;;
    %>
    
    <html>
    <body>
    
    <p>JSESSIONID&#58; <%= session.getId&#40;&#41; %>
    
    <h2>Login.jsp</h2>
    
    <form method="post" action="<%= response.encodeURL&#40;"/cwa/j_acegi_security_check"&#41; %>">
    <p>Username <input type="text" name="j_username" >
    
    <p>Password <input type="password" name="j_password" >
    
    <p><input type="submit" >
    
    </form>
    
    </body>
    </html>
    My jsp pages are in WEB-INF/jsp (I did try moving the jsp directory to a secure directory like the example but had the same results.) What's wrong?

    Thanks for the help!

  • #2
    login.jsp should be in the root of your WAR.

    WEB-INF is automatically protected by your container - there's no need to define it against FilterSecurityInterceptor.

    Comment


    • #3
      I guess I'm still a little confused (having files under WEB-INF didn't cause the login to happen.) I did get the login screen to come up by playing around with the patterns. My goal is to eventually authenitcate either by the web service or by my database, and to obtain all of the roles in the database.

      My next problem is how to get the username of the person who logged in so I can retrieve related data (e.g. the person's name to show on the screen or their id to save with records they commit.) I see documentation on SecurityContextHolder but I can't find it in my version of Ageci. Is this a 9.0 class? When will 9.0 be available for download as a zip (I have so many 'new' things I'm trying to learn that I hate to add maven to the list at this point?) Thanks in advance!

      Comment


      • #4
        0.9.0 is not currently scheduled for release.

        For now you might like to try 0.8.3, in which case you need to call ContextHolder.getContext().getAuthentication().

        Comment

        Working...
        X