Announcement Announcement Module
Collapse
No announcement yet.
Spring MVC + tiles working; now adding Acegi to no avail. Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring MVC + tiles working; now adding Acegi to no avail.

    Have been working on Spring MVC in combination with Tiles for the last few weeks. After some serious hair pulling, I was able to get this combination working...

    Now I want to integrate this with Acegi. Have working with a couple of examples (which are all very similar). Studied the documentation extensively, and am still not able to get the thing working.

    The login apge shows up, but I keep getting this j_acegi_security_check not found problem (also found this in other postings). For this, I changed all references to j_acegi_security_check.htm and j_acegi_security_check.jsp to no avail.

    So far I've been doing this:

    1 - registered my acegilogin.jsp in my controller which extends an AbstractController, like this:
    Code:
    	<bean id="indexController" class="nl.aegon.sscp.output.web.tiles.IndexController"/>
    	<!--URLs MAPPED TO THE SPRING CONTROLLERS &#40;DEFINED BELOW&#41; -->
    	<bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">        
    		<property name="mappings">            
    			<props>         
    				<!-- The mother of all pages -->       
    				<prop key="rootlayout.htm">indexController</prop>
    				
    				<!-- and here siblings... -->
    				<prop key="/addoutputflow.htm">addOutputFlow</prop>
    <!--                                         |
                  A lot of other jsp's here; which I left out
                                                 |
     -->
    <!-- I'm unsure if below line is required; tried with and without -->
    				<prop key="/j_acegi_security_check.htm">authenticationEntryPoint</prop>
    
    <!-- This one, Im quite sure... -->
    				<prop key="/acegilogin.htm">acegilogin</prop>
    			</props>       
    		</property>
    	</bean>
    2 - implemented an Acegi filter
    3 - implemented an Acegi entry point:
    Code:
      <bean id="authenticationEntryPoint"
          parent="baseAuthenticationEntryPoint">
        <property name="loginFormUrl"><value>/WEB-INF/jsp/acegilogin.jsp</value></property>      
      </bean>
    3 - mapped all *.htm in web.xml like this:

    Code:
      	<servlet-mapping>
    	    <servlet-name>outputManagement</servlet-name>
        	<url-pattern>*.htm</url-pattern>
    	</servlet-mapping>
    What am I missing here.

    If required, I'm willing to post more coding.

    Kind regards,

    Marcel Zeeuw.

  • #2
    A bit further...

    Found out that I didn't have to hassle with my existing application; so removed all junk from my indexController.

    Removed all /WEB-INF/jsp/ prefixes before my acegilogin.jsp references. Never introduce these prefixes; these are insecure!

    Moved my acegilogin.jsp to my web-root, which did the trick. Also it could reside in an insecure subdirectory. This could be done by having something like:

    Code:
       <bean id="channelProcessingFilter" class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter">
          <property name="channelDecisionManager"><ref local="channelDecisionManager"/></property>
          <property name="filterInvocationDefinitionSource">
             <value>
    			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				\A/img/.*\Z=REQUIRES_INSECURE_CHANNEL 
    				\A/theme*/.*\Z=REQUIRES_INSECURE_CHANNEL 
    				\A/secure/.*\Z=REQUIRES_SECURE_CHANNEL 
    				\A/acegilogin.jsp.*\Z=REQUIRES_INSECURE_CHANNEL 
    				\A/debugacegi.jsp.*\Z=REQUIRES_SECURE_CHANNEL 
    				\A/j_acegi_security_check.*\Z=REQUIRES_INSECURE_CHANNEL 
    				\A.*\Z=REQUIRES_SECURE_CHANNEL
             </value>
          </property>
       </bean>

    Comment

    Working...
    X