Announcement Announcement Module
Collapse
No announcement yet.
Spring 2.5 login not responding even with correct username/password Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring 2.5 login not responding even with correct username/password

    Hi all!
    I'm developing a login mechanism for one of my projects and I'm facing a very weird problem.When in development login works fine but when I deployed it in my production server login doesnt work even for the correct username/password.No exception is thrown and I'm redirected to the error page as if I give wrong username/password.I even copy/pasted username/password from the production database in case it was en encoding problem but nothing changed!Am I missing something here?Did anyone had the same problem?Any help would be appreciated as it is kind of urgent!
    Here is the application context:
    Code:
     <bean id="authedicationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
            <property name="userDetailsService" ref="userDetailService"/>
        </bean>
        <bean id="authenticationEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
            <property name="loginFormUrl" value="/login.htm" />
        </bean>
        <bean id="filterChainProxy"
          class="org.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
          <value>
            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
            PATTERN_TYPE_APACHE_ANT
            /**=authenticationProcessingFilter,exceptionTranslationFilter
          </value>
        </property>
      </bean>
      <bean id="authenticationProcessingFilter"
          class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl" value="/error.htm" />
        <property name="defaultTargetUrl" value="/admin_menu.htm" />
        <property name="filterProcessesUrl" value="/j_acegi_security_check" />
    
      </bean>
      <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>
      <bean id="accessDecisionManager" class="org.acegisecurity.vote.UnanimousBased">
          <property name="decisionVoters">
              <list>
                  <ref bean="roleVoter"/>
              </list>
          </property>
          <property name="allowIfAllAbstainDecisions" value="true"/>
      </bean>
      <bean id="filterSecurityInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
          <property name="authenticationManager" ref="authenticationManager"/>
          <property name="accessDecisionManager" ref="accessDecisionManager"/>
          <property name="objectDefinitionSource">
              <value>
                  CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                  PATTERN_TYPE_APACHE_ANT
                  /add_article.htm=ROLE_ADMIN
                  /add_publication.htm=ROLE_ADMIN
                  /admin_menu.htm=ROLE_ADMIN
              </value>
          </bean>
      </property>
      </bean>
      <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
          <property name="providers">
              <list>
                  <ref bean="authedicationProvider"/>
              </list>
          </property>
      </bean>
    
        <bean id="userDetailService" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
            <property name="dataSource" ref="datasource"/>
            <property name="usersByUsernameQuery">
                <value>
                    SELECT username,password,'true' AS enabled FROM Users where username=?
                </value>
            </property>
            <property name="authoritiesByUsernameQuery">
                <value>
                    SELECT username,role_name FROM Roles r,Users u WHERE r.user=u.id AND u.username=?
                </value>
            </property>
        </bean>
    and here is the web.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/applicationContext.xml</param-value>
        </context-param>
        <filter>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
              <param-name>targetClass</param-name>
              <param-value>org.acegisecurity.util.FilterChainProxy</param-value>
        </init-param>
      </filter>
      <filter-mapping>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>
        <filter>
                <filter-name>UrlRewriteFilter</filter-name>
                <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
                <init-param>
                <param-name>confReloadCheckInterval</param-name>
                <param-value>0</param-value>
            </init-param>
    
                <init-param>
                    <param-name>logLevel</param-name>
                    <param-value>WARN</param-value>
                </init-param>
            </filter>
            <filter-mapping>
                <filter-name>UrlRewriteFilter</filter-name>
                <url-pattern>/*</url-pattern>
            </filter-mapping>
        <filter>
            <filter-name>charsetFilter</filter-name>
            <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
            <init-param>
                <param-name>encoding</param-name>
                <param-value>UTF-8</param-value>
            </init-param>
            <init-param>
                <param-name>forceEncoding</param-name>
                <param-value>true</param-value>
            </init-param>
    
        </filter>
    
        <filter-mapping>
            <filter-name>charsetFilter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>
        <servlet>
            <servlet-name>dispatcher</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <load-on-startup>2</load-on-startup>
        </servlet>
        <servlet-mapping>
            <servlet-name>dispatcher</servlet-name>
            <url-pattern>*.htm</url-pattern>
        </servlet-mapping>
        <session-config>
            <session-timeout>
                30
            </session-timeout>
        </session-config>
        <welcome-file-list>
            <welcome-file>redirect.jsp</welcome-file>
        </welcome-file-list>
    </web-app>

  • #2
    In production environment does it come to DaoAuthenticationProvider? Other thing is why do you use acegi not spring security?

    Comment


    • #3
      Yes as far as I know it reaches DaoAuthenticationProvider!.And I use acegi because I use spring version 2.5

      Comment


      • #4
        http://static.springsource.org/sprin...downloads.html

        It says,

        Spring Security 2.0.6

        This is the latest release of Spring Security 2. It is compatible with Spring 2.0 and 2.5 releases and requires a minimum of Java 1.4. New users should use Spring Security 3 in preference.

        Comment


        • #5
          Thank you for the info.I shall try it.But the question remains the same!I mean why login to work on the development server and not on the production server.Btw they are both tomcat 6!This is a "great" mystery!

          Comment


          • #6
            What does your dataSource bean definition look like? Are you certain you are pointing to the correct database? Are you certain there are granted authorities for the user you are logging in as? If there are no granted authorities for the user, it will not successfully login. Try enabling logging and see if that helps.

            PS: I also recommend you upgrade as acegi security is no longer maintained.

            Comment

            Working...
            X