Announcement Announcement Module
Collapse
No announcement yet.
ExceptionTranslationFilter with FlowSecurityInterceptor Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • ExceptionTranslationFilter with FlowSecurityInterceptor

    Hi All,

    I have configured acegi with the default config and everything works fine, when I add the FlowSecurityInterceptor and call a secured webflow (after debugging) I find out that the acegi is throwing AuthenticationCredentialsNotFoundException for the ExceptionTranslationFilter to catch in the HandleException method only that when I use the default config it catches the exception and redirects me to the login page and when using the flow config I just get the exception and the ExceptionTranslationFilter doesn't catch the exception...

    Any ideas why this is hapenning???

    Please Advise,
    Thanks,
    Kobi

  • #2
    More info

    I found out that the Exception is wrapped by a NestedServletException and the root cause is of type AuthenticationException, I am using the new ExceptionTranslationFilter written by mdeinum but it doesn't traverse to the acegi exception in getAcegiSecurityException.

    I don't want to change the code b/c I think there might be something else wrong...

    Any ideas??

    mdeinum maybe??

    Thanks in advance,
    Kobi

    Comment


    • #3
      I am not sure if this is the solution - please help!

      This is how I changed the doFilter in ExceptionTranslation.. class

      I am not sure this is the best solution and why do I have to go to the root and the cause of the root..

      Anyone has an idea?

      Code:
       public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
      	           ServletException {
      	       if (!(request instanceof HttpServletRequest)) {
      	           throw new ServletException("HttpServletRequest required");
      	       }
      
      	       if (!(response instanceof HttpServletResponse)) {
      	           throw new ServletException("HttpServletResponse required");
      	       }
      
      	       try {
      	           chain.doFilter(request, response);
      
      	           if (logger.isDebugEnabled()) {
      	               logger.debug("Chain processed normally");
      	           }
      	       }
      	       catch (AuthenticationException ex) {
      	           handleException(request, response, chain, ex);
      	       }
      	       catch (AccessDeniedException ex) {
      	           handleException(request, response, chain, ex);
      	       }catch (ServletException ex) {
      				if (ex.getRootCause() instanceof AuthenticationException
      						|| ex.getRootCause() instanceof AccessDeniedException) {
      					handleException(request, response, chain, (AcegiSecurityException) ex.getRootCause());
      				}
      				else if (ex.getRootCause().getCause() instanceof AuthenticationException
      						|| ex.getRootCause().getCause() instanceof AccessDeniedException) {
      					handleException(request, response, chain, (AcegiSecurityException) ex.getRootCause().getCause());
      				}
      				else {
      					throw ex;
      				}
      			}
      			catch (IOException ex) {
      				throw ex;
      			}
      	   }

      Comment


      • #4
        We uses the filter without any problems are you SURE you use the filter I wrote, also try to use a debugging tool and see what is happening why the exception isn't resolved.

        Comment


        • #5
          Exception

          In my case the exception is wrapped twice...
          Can you think of a reason why the exception is wrapped again?

          Comment


          • #6
            If you use the correct filter (my modified version) that unwinds the whole exception stack so even it it is wrapper 123 times it still will resolve. For some reason I still doubt if you use the correct filter.

            Code:
            AcegiSecurityException getAcegiSecurityException(Exception e) {
               if (e instanceof IOException) {
                   return null;
               }
               
               AcegiSecurityException ase = null;
               
               Throwable t = e;
               while (ase == null && t != null) {
                   if (t instanceof AccessDeniedException || t instanceof AuthenticationException) {
                       ase = (AcegiSecurityException) t;
                   }
                   t = t.getCause();
               }
               return ase;
            }
            This method (which comes from my modified filter) traverses the whole stack until one of the desired exceptions is found.

            Post your configuration.
            Last edited by Marten Deinum; Feb 12th, 2008, 11:47 AM.

            Comment


            • #7
              Modified version

              Thanks for the reply!

              I did use this version that traverses the entire stack BUT when it does the t = t.getCause(); the cause in my case is the same type of exception (NestedServletException) so what happen is (take a look at the getCause code) the cause returned is null and your code does not go over the entire stack...

              I debugged it and saw it returned null instantly instead of going over the stack.

              Let me know what you think..

              Thanks,
              Kobi

              Comment


              • #8
                Why do you even have 2 NestedServletExceptions?! As stated before post your configuration, because that shouldn't even happen.

                Comment


                • #9
                  My configuration

                  Thanks again, I figured this is my problem but I can understand why it is hapenning ...

                  Here is my configuration, if you need anything else let me know..

                  Acegi config:

                  Code:
                      <!-- ****** START ACEGI Security Configuration *******-->
                      <!-- ======================== FILTER CHAIN ======================= -->
                  
                      <!--  if you wish to use channel security, add "channelProcessingFilter," in front
                  		of "httpSessionContextIntegrationFilter" in the list below -->
                      <bean id="filterChainProxy"
                            class="org.acegisecurity.util.FilterChainProxy">
                          <property name="filterInvocationDefinitionSource">
                              <value>
                                  CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                                  PATTERN_TYPE_APACHE_ANT
                                  /**=httpSessionContextIntegrationFilter,formAuthenticationProcessingFilter,exceptionTranslationFilter<!-- ,filterSecurityInterceptor --> 
                              </value>
                          </property>
                      </bean>
                      
                      <!-- Start Security filter config -->
                      
                      <bean id="exceptionTranslationFilter"
                            class="com.tangentlogic.uptous.spring.util.security.ExceptionTranslationFilter">
                          <property name="authenticationEntryPoint">
                              <ref bean="formLoginAuthenticationEntryPoint" />
                          </property>
                          <property name="accessDeniedHandler">
                              <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
                                  <property name="errorPage" value="/accessDenied.htm"/>
                              </bean>
                          </property>
                      </bean>
                      
                      <!-- Define filter to handle BASIC authentication -->
                      <bean id="basicProcessingFilter"
                            class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
                          <property name="authenticationManager">
                              <ref bean="authenticationManager" />
                          </property>
                          <property name="authenticationEntryPoint">
                              <ref bean="authenticationEntryPoint" />
                          </property>
                      </bean>
                      
                      <!-- Define realm for BASIC login-->
                      <bean id="authenticationEntryPoint"
                            class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
                          <property name="realmName">
                              <value>Spring Web Realm</value>
                          </property>
                      </bean>
                      
                      <!-- Define filter to handle FORM authentication -->
                      <bean id="formAuthenticationProcessingFilter"
                            class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
                          <property name="filterProcessesUrl">
                              <value>/j_acegi_security_check</value>
                          </property>
                          <property name="authenticationFailureUrl">
                              <value>/uptous.htm?_flowId=login-flow</value>
                          </property>
                          <property name="defaultTargetUrl">
                              <value>/</value>
                          </property>
                          <property name="authenticationManager">
                              <ref bean="authenticationManager" />
                          </property>
                      </bean>
                      
                      <!-- Define realm for FORM login-->
                      <bean id="formLoginAuthenticationEntryPoint"
                            class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                          <property name="loginFormUrl">
                              <value>/uptous.htm?_flowId=login-flow</value>
                          </property>
                          <property name="forceHttps">
                              <value>false</value>
                          </property>
                      </bean>
                      
                      <bean id="httpSessionContextIntegrationFilter"
                            class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">          
                      </bean>
                      <!-- End Security filter config -->
                      
                      <!-- Start Security interceptor config -->
                      <!-- Define authentication manager, decision manager and secure URL patterns-->
                       <bean id="flowSecurityListener" class="org.springframework.webflow.security.FlowSecurityInterceptor">     		   		
                            <property name="authenticationManager">
                            	<ref bean="authenticationManager" />
                            </property>
                            <property name="accessDecisionManager">
                            	<ref bean="accessDecisionManager" />
                            </property>
                            <property name="flowDefinitionSource">
                              <value>                          	
                                  createAccount-flow=ROLE_TEST
                                  invites-flow=ROLE_TEST  
                                  main-flow=ROLE_TEST                     
                              </value>
                          </property>
                      </bean> 
                       
                      
                       <!-- <bean id="filterSecurityInterceptor"
                  		class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
                  		<property name="authenticationManager">
                  			<ref bean="authenticationManager" />
                  		</property>
                  		<property name="accessDecisionManager">
                  			<ref bean="accessDecisionManager" />
                  		</property>
                  		<property name="objectDefinitionSource">
                  			<value>
                  				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                  				PATTERN_TYPE_APACHE_ANT
                  				/main*=ROLE_TEST						
                  			</value>
                  		</property>
                  	</bean> --> 
                      <!-- End Security interceptor config -->
                      
                      <!-- Start authentication config -->
                      <bean id="authenticationManager"
                            class="org.acegisecurity.providers.ProviderManager">
                          <property name="providers">
                              <list>
                                  <ref bean="daoAuthenticationProvider" />
                              </list>
                          </property>        
                      </bean>
                      
                      <bean id="daoAuthenticationProvider"
                            class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
                          <property name="userDetailsService">
                              <ref bean="userDetailsService" />
                          </property>        
                      </bean>
                          
                      <!-- Authentication using JDBC Dao -->
                      <bean id="userDetailsService"
                            class="com.tangentlogic.uptous.spring.util.security.AuthenticationJdbcDaoImpl">
                          <property name="userDAO">
                              <ref bean="userDAO"/>
                          </property>       
                          <property name="dataSource" ref="myDataSource"/>
                         	<property name="usersByUsernameQuery">
                  			<value>
                  				SELECT EMAIL USERNAME,PASSWORD, ENABLED
                  				FROM USERS WHERE EMAIL=?
                  			</value>
                  		</property>		
                      </bean>
                   
                      
                      <!-- End authentication config -->
                      
                      <!-- Start authorization config -->
                      <bean id="accessDecisionManager"
                            class="org.acegisecurity.vote.UnanimousBased">
                          <property name="decisionVoters">
                              <list>
                                  <ref bean="roleVoter" />
                              </list>
                          </property>
                      </bean>
                      
                      <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
                          <property name="rolePrefix">
                              <value>ROLE_</value>
                          </property>
                      </bean>
                  web.xml
                  Code:
                      <listener>
                  		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
                  	</listener>
                  
                  	
                      
                      <context-param>		
                  		<param-name>contextConfigLocation</param-name>
                  		<param-value>
                  			/WEB-INF/uptous-spring-hibernate.xml ,/WEB-INF/uptous-security-config.xml 
                  		</param-value>
                  	</context-param>
                  		
                  	
                      
                   <!-- ****************** Acegi Filter ***********************-->
                      <filter>
                          <filter-name>Acegi Filter Chain Proxy</filter-name>
                          <filter-class>
                              org.acegisecurity.util.FilterToBeanProxy
                          </filter-class>
                          <init-param>
                              <param-name>targetBean</param-name>
                              <param-value>filterChainProxy</param-value>
                          </init-param>
                      </filter>
                      <filter-mapping>
                          <filter-name>Acegi Filter Chain Proxy</filter-name>
                          <url-pattern>/*</url-pattern>
                      </filter-mapping>  
                      <listener>
                          <listener-class>org.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class>
                      </listener>  
                      
                      <!-- ************************ End ***************************-->
                  	
                  	<servlet>
                  		<servlet-name>uptous</servlet-name>		
                  		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
                  		<init-param>
                  			<param-name>contextConfigLocation</param-name>
                  			<param-value>
                  				/WEB-INF/uptous-servlet-config.xml
                  				/WEB-INF/uptous-spring-hibernate.xml
                  				/WEB-INF/uptous-webflow-config.xml
                  				/WEB-INF/uptous-validation-config.xml				
                  			</param-value>
                  		</init-param>
                  		<load-on-startup>1</load-on-startup>
                  	</servlet>
                  	
                  	
                  	
                  	<welcome-file-list>
                  		<welcome-file>main.jsp</welcome-file>
                  	</welcome-file-list>
                  	
                  	<servlet-mapping>
                  		<servlet-name>uptous</servlet-name>
                  		<url-pattern>*.htm</url-pattern>
                  	</servlet-mapping>
                  	
                    	<display-name>UpToUs</display-name>
                  webflow config:
                  Code:
                  <flow:executor id="flowExecutor" registry-ref="flowRegistry" repository-type="continuation">
                  	 	<flow:execution-listeners>	
                  			<flow:listener ref="flowSecurityListener"/>
                  		</flow:execution-listeners>  
                  	</flow:executor>
                  	
                  	
                  	
                  	<!-- Creates the registry of flow definitions for this application -->
                  	<flow:registry id="flowRegistry">
                  		<flow:location path="/WEB-INF/flows/**-flow.xml"/>
                  	</flow:registry>
                  I am using spring 2.0.7 with swf 1.0.5 with Acegi 1.0.6

                  Comment


                  • #10
                    Anyone?

                    Anyone has an idea why I have 2 nestedservletexceptions wrapped in my exception???

                    Please help...

                    Comment

                    Working...
                    X