Hi guys,

I'm using the setup described in the following configuration files, with Acegi v0.6.1 (inside of WebSphere). I'm using the security filter to redirect to my login.jsp. At the moment I am just running with the example in memory authentication DAO.

This seems to work in that I don't get any error when I supply the correct username/password combination. However, I don't get redirected to the originally requested URL, after authentication. Instead, I end up back at the login.jsp, with no error message.

I followed it through in the debugger and have noticed that the the authenticated attribute on the Authentication object is not set to true despite successful authentication. Not sure why this should be so. Have I got my filters out of order in the configuration? Does it matter? (I've just tried it with the authentication filter before the auto-integration filter - still no joy.)

Thanks, Owen

Here's my web.xml excerpt:

<filter>
<filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.ui.AutoIntegrationFilter</param-value>
</init-param>
</filter>

<filter>
<filter-name>Acegi Authentication Processing Filter</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.ui.webapp.AuthenticationProce ssingFilter</param-value>
</init-param>
</filter>

<filter>
<filter-name>Acegi HTTP Request Security Filter</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.intercept.web.SecurityEnforce mentFilter</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>Acegi HTTP Request Security Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>Acegi Authentication Processing Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

and here's my applicationContext.xml excerpt:

<bean id="autoIntegrationFilter" class="net.sf.acegisecurity.ui.AutoIntegrationFilter" />

<!-- If you replace this bean with say JdbcDaoImpl, just ensure your replacement
has the same bean id &#40;authenticationDao&#41; -->
<bean id="authenticationDao" class="net.sf.acegisecurity.providers.dao.memory.InMemory DaoImpl">
<property name="userMap">
<value>
marissa=koala,ROLE_SUPERVISOR
dianne=emu,ROLE_TELLER
scott=wombat,ROLE_TELLER
peter=opal,disabled,ROLE_TELLER
</value>
</property>
</bean>

<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
Accordingly, you should place MOST SPECIFIC &#40;ie a/b/c/d.*&#41; expressions first, with LEAST SPECIFIC &#40;ie a/.*&#41; expressions last -->
<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityI nterceptor">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/**=ROLE_SUPERVISOR
</value>
</property>
</bean>

<!-- probably don't need to change the following ever -->

<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticati onProvider">
<property name="authenticationDao"><ref local="authenticationDao"/></property>
<property name="userCache"><ref local="userCache"/></property>
</bean>

<bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBa sedUserCache">
<property name="minutesToIdle"><value>5</value></property>
</bean>

<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
</list>
</property>
</bean>

<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>

<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref local="roleVoter"/>
</list>
</property>
</bean>

<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProce ssingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="authenticationFailureUrl"><value>/login.jsp?login_error=1</value></property>
<property name="defaultTargetUrl"><value>/</value></property>
<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
</bean>

<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforce mentFilter">
<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
</bean>

<bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProce ssingFilterEntryPoint">
<property name="loginFormUrl"><value>/login.jsp</value></property>
<property name="forceHttps"><value>false</value></property>
</bean>

Yes, your filter-mappings are in the wrong order. They should be:

ChannelProcessingFilter
AuthenticationProcessingFilter
CasProcessingFilter
BasicProcessingFilter
AutoIntegrationFilter
SecurityEnforcementFilter

I've listed all of them for the benefit of the archives. They're also listed in hte reference guide toward the end.

The reason this order is required is because you ChannelProcessingFilter, if used, redirects to the correct channel (eg HTTPS). The various *ProcessingFilters then actually login the user if the HTTP request related to a login (eg a login form or a BASIC authentication header or a CAS redirect etc). The result of these *ProcessingFilters is to put the known-to-be-valid username and password into an Authentication object and put it into a "well-known location" - typically HttpSession. AutoIntegrationFilter "reads" this well-known location and puts it onto the ContextHolder. SecurityEnforcementFilter refers solely to the ContextHolder and will use the username and password to re-authenticate the user as part of AbstractSecurityInterceptor processing. When the request ends, the AutoIntegrationFilter reads the ContextHolder and copies the Authentication off it and back into the well-known location, ready for next request.

HTH

I can't access too. It's always an anonymous. Please help me! I'm beginner, sorry and thanks so much.

applicationContext.xml


<beans>

<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilte r,authenticationProcessingFilter,securityContextHo lderAwareRequestFilter,rememberMeProcessingFilter, anonymousProcessingFilter,exceptionTranslationFilt er,filterInvocationInterceptor
]]></value>
</property>
</bean>

<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegr ationFilter"/>

<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/template/default/template.jsf"/> <!-- URL redirected to after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutH andler"/>
</list>
</constructor-arg>
</bean>

<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessi ngFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/login/login.jsf"/>
<property name="defaultTargetUrl" value="/template/default/template.jsf"/>
<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>

<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwa reRequestFilter"/>

<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessi ngFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>

<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousPro cessingFilter">
<property name="key" value="changeThis"/>
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessi ngFilterEntryPoint">
<property name="loginFormUrl" value="/login/login.jsf"/>
<property name="forceHttps" value="false"/>
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/login/error.jsf"/>
</bean>
</property>
</bean>

<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInte rceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter"/>
<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/qlhochieu/**=ROLE_MANAGER
/qldoanra/**=ROLE_MANAGER
/qldoanvao/**=ROLE_MANAGER
</value>
</property>
</bean>

<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRemember MeServices">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="key" value="changeThis"/>
</bean>

<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<bean class="org.acegisecurity.providers.anonymous.AnonymousAut henticationProvider">
<property name="key" value="changeThis"/>
</bean>
<bean class="org.acegisecurity.providers.rememberme.RememberMeA uthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
</list>
</property>
</bean>

<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationP rovider">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>

<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoIm pl">
<property name="userProperties">
<bean class="org.springframework.beans.factory.config.Propertie sFactoryBean">
<property name="location" value="/WEB-INF/users.properties"/>
</bean>
</property>
</bean>

<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListe ner"/>

</beans>


My configs in web.xml



<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-acegi-security.xml
</param-value>
</context-param>

<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>
org.acegisecurity.util.FilterToBeanProxy
</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>
org.acegisecurity.util.FilterChainProxy
</param-value>
</init-param>
</filter>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListe ner
</listener-class>
</listener>

<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>

</filter-mapping>



I can't find any reason for this error. If i use SSL to access via HTTPS, how i must configure them?
どうも、ありがとう　ございます。