PDA

View Full Version : Pls, give some example Acegi usage in the servlets.


blandger
Nov 1st, 2004, 02:24 AM
How can I use it in the servlets? I'd like to look at some example.
I'm not very experienced in jstl.

1.
What's value for: <form action="<c:url value='j_security_check'/>" method="POST">? How to set/get it? It seems action just has a value 'j_security_check' and that's all. Is it correct?

What to do with application-context XML settings?
<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProce ssingFilter">.........
<property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
<property name="defaultTargetUrl"><value>/</value></property>
<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
........
<bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProce ssingFilterEntryPoint">
<property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
........


2. The second part of the question.

I need instance-based ACL so I looked 'contacts.war'. I have 'transaction supported' component which should be controlled with ACL. So I used 'contacts example' and wrote:


.....
<bean id="backendContactManagerTarget" class="business.CommunityManagerImpl"/>......

I'm getting error:
.....
Context initialization failed org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'backendContactManagerTarget' defined in resource [/WEB-INF/applicationContext-hibernate.xml] of ServletContext: Initialization of bean failed; nested exception is java.lang.IllegalArgumentException: sessionFactory or hibernateTemplate is required java.lang.IllegalArgumentException: sessionFactory or hibernateTemplate is required.

That's correct. So I changed this bean to:

<bean id="backendCommunityManagerTarget" parent="baseTransactionProxy">
<property name="target" >
<bean class="CommunityManagerImpl">
<property name="sessionFactory">
<ref local="sessionFactory"/>
</property>
</bean>
</property>
</bean>

So I'm getting several errors for every 'acegi filter' from the web.xml:

..........
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'channelProcessingFilter'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'channelDecisionManager'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'secureChannelProcessor'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'insecureChannelProcessor'
INFO [ChannelProcessingFilter] Validated configuration attributes
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'authenticationProcessingFilter'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'securityEnforcementFilter'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'filterInvocationInterceptor'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'httpRequestAccessDecisionManager'
INFO [AbstractSecurityInterceptor] Validated configuration attributes
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'authenticationProcessingFilterEntryPoint'
INFO [ContextLoader] Using context class [org.springframework.web.context.support.XmlWebAppl icationContext] for root WebApplicationContext
INFO [ContextLoader] Published root WebApplicationContext [org.springframework.web.context.support.XmlWebAppl icationContext: displayName=[Root XmlWebApplicationContext]; startup date=[Mon Nov 01 17:39:23 EET 2004]; root of ApplicationContext hierarchy; config locations=[/WEB-INF/applicationContext-hibernate.xml]; ] as ServletContext attribute with name [interface org.springframework.web.context.WebApplicationCont ext.ROOT]

1) ERROR [Engine] StandardContext[]Exception starting filter Acegi Authentication Processing Filter org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
.........
2) ERROR [Engine] StandardContext[]Exception starting filter Acegi Security System for Spring Auto Integration Filter org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
.........
3) ERROR [Engine] StandardContext[]Exception starting filter Acegi Channel Processing Filter
org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
.......
4) ERROR [Engine] StandardContext[]Exception starting filter Acegi HTTP Request Security Filter org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
........
5) ERROR [Engine] StandardContext[]Exception starting filter Acegi HTTP BASIC Authorization Filter org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
..........

But I have other 'transaction supported' componets and they work fine.

<bean id="baseTransactionProxy" class="org.springframework.transaction.interceptor.Transa ctionProxyFactoryBean"
abstract="true">
<property name="transactionManager">
<ref bean="transactionManager"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="get*">PROPAGATION_REQUIRED,readOnly</prop>
..........
</props>
</property>
</bean>

<bean id="questionManager" parent="baseTransactionProxy">
<property name="target">
<bean class="business.QuestionnaireManagerImpl">
<property name="sessionFactory">
<ref local="sessionFactory"/>
</property>
</bean>
</property>
</bean>

What's wrong with component which must be 'transactional + secured'?

I've tried another configuration:

<bean id="communityManagerFacade" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces"><value>business.CommunityManager</value></property>
<property name="target"><ref local="backendCommunityManagerTarget"/></property>
<property name="interceptorNames">
<list>
<idref local="publicCommunityManagerSecurity"/>
</list>
</property>
</bean>
........
<bean id="backendCommunityManagerTarget" parent="baseTransactionProxy">
<property name="target" >
<bean class="business.CommunityManagerImpl">
<property name="sessionFactory">
<ref local="sessionFactory"/>
</property>
</bean>
</property>
</bean>

The result is the same - errors for every acegi filter.


3.
Where I can put my 'own' filter which corrects encoding, before or after 'Acegi filters'? I tried both approaches but result is the same.

<filter>
<filter-name>WebAction</filter-name>
<filter-class>web.WebAction</filter-class>
<init-param>
<param-name>requestEncoding</param-name>
<param-value>Cp1251</param-value>
</init-param>
</filter>


Thanks in advance.
Ben Alex
Nov 1st, 2004, 02:55 PM
Have you tried using org.springframework.aop.framework.ProxyFactoryBean to wire your security, transaction and then target bean?

Regarding your encoding filter not working Acegi Security filters, would you please describe the behaviour you're seeing a little more.

Concerning your first question, the form posts to j_security_check. In the default configuration AuthenticationProcessingFilter listens for requests to /j_acegi_security_check. So unless your have changed this configuration setting (and it has not been changed in the XML you included in your post) you will need to ensure the form HTML posts to /j_acegi_security_check.
blandger
Nov 2nd, 2004, 03:07 AM
>>Have you tried using org.springframework.aop.framework.
>>ProxyFactoryBean to wire your security, transaction and then target bean?

Now I don't have a clue how make it in the right way... There is only 'security wiring' in the 'contacts.war' but not 'security + transaction'.

I'm using Jboss 3.2.5, Spring 1.1, Hibernate 2.1.6 for the Web applicatioin (serlvets + Freemaker template engine) trying to use Acegi as main security framework and remove all custom security checks/implementation.

'Transational' beans with proxies work fine. They are implemented on the Spring base classes and have 'SessionFactory' (hibernate) + 'transaction' injection.

Now I have architecture for 'secured' bean:
'Facade' class holds 'backend' bean. They both implement common interface. I'd like to set up 'security wrapper' (also for ACL) around 'facade' and 'transactional wrapper' around 'backend'. Something doesn't work as deployment fails. Or may be better make 'transaction' around 'facade' also? But I don't know how make it better.

>>Regarding your encoding filter not working Acegi Security filters,
>>would you please describe the behaviour you're seeing a little more.

Deployment fails on the app startup.

Project deploys 'almost fine' and fails at the end. Sorry for such a long log.

[DefaultListableBeanFactory] Creating shared instance of singleton bean 'basicProcessingFilter'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'basicProcessingFilterEntryPoint'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'autoIntegrationFilter'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'roleVoter'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'communitySecurityVoter'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'businessAccessDecisionManager'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'publicCommunityManagerSecurity'
.........
INFO [AbstractSecurityInterceptor] Validated configuration attributes
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'communityManagerFacade'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'backendCommunityManagerTarget'
.....
[HERE AS IT WAS SHOWN EARLIER]....
.....
ERROR [Engine] StandardContext[]Exception starting filter Acegi Authentication Processing Filter org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
at org.apache.catalina.core.ApplicationFilterConfig.s etFilterDef(ApplicationFilterConfig.java:308)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:79)
at org.apache.catalina.core.StandardContext.filterSta rt(StandardContext.java:3676)
at org.apache.catalina.core.StandardContext.start(Sta ndardContext.java:4327)
at org.apache.catalina.core.ContainerBase.addChildInt ernal(ContainerBase.java:823)
at org.apache.catalina.core.ContainerBase.addChild(Co ntainerBase.java:807)
at org.apache.catalina.core.StandardHost.addChild(Sta ndardHost.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.commons.modeler.BaseModelMBean.invoke(B aseModelMBean.java:503)
at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDy namicInvoker.java:109)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:473)
at org.apache.catalina.core.StandardContext.init(Stan dardContext.java:5412)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.commons.modeler.BaseModelMBean.invoke(B aseModelMBean.java:503)
at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDy namicInvoker.java:109)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:473)
at org.jboss.web.tomcat.tc5.TomcatDeployer.performDep loyInternal(TomcatDeployer.java:286)
at org.jboss.web.tomcat.tc5.TomcatDeployer.performDep loy(TomcatDeployer.java:70)
at org.jboss.web.AbstractWebDeployer.start(AbstractWe bDeployer.java:306)
at org.jboss.web.WebModule.startModule(WebModule.java :62)
at org.jboss.web.WebModule.startService(WebModule.jav a:40)
at org.jboss.system.ServiceMBeanSupport.jbossInternal Start(ServiceMBeanSupport.java:271)
......
INFO [STDOUT] web.WebAction init
INFO: .::WEB Action init...
INFO [STDOUT] web.WebAction loadProperties
INFO: loadProperties
>>> My own filter starts fine. <<<

ERROR [Engine] StandardContext[]Exception starting filter Acegi Security System for Spring Auto Integration Filter
org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
............
ERROR [Engine] StandardContext[]Exception starting filter Acegi Channel Processing Filter
org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
...........
ERROR [Engine] StandardContext[]Exception starting filter Acegi HTTP Request Security Filter
org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
.............
ERROR [Engine] StandardContext[]Exception starting filter Acegi HTTP BASIC Authorization Filter
org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
.........
ERROR [Context] Error filterStart
ERROR [Context] Context startup failed due to previous errors
INFO [Engine] StandardContext[]Closing root WebApplicationContext
INFO [XmlWebApplicationContext] Closing application context [Root XmlWebApplicationContext]
INFO [DefaultListableBeanFactory] Destroying singletons in factory {org.springframework.beans.factory.support.Default ListableBeanFactory defining beans [dataSource,sessionFactory,transactionManager,baseT ransactionProxy,.................,runAsManager,
runAsAuthenticationProvider,authByAdapterProvider, authenticationManager,inMemoryDaoImpl,daoAuthentic ationProvider,basicProcessingFilter,basicProcessin gFilterEntryPoint,
autoIntegrationFilter,roleVoter,communitySecurityV oter,businessAccessDecisionManager,publicCommunity ManagerSecurity,communityManagerFacade,backendComm unityManagerTarget,
channelProcessingFilter,authenticationProcessingFi lter,securityEnforcementFilter,authenticationProce ssingFilterEntryPoint,httpRequestAccessDecisionMan ager,
channelDecisionManager,secureChannelProcessor,inse cureChannelProcessor,filterInvocationInterceptor]; Root of BeanFactory hierarchy}
10:43:50,348 INFO [LocalSessionFactoryBean] Closing Hibernate SessionFactory
10:43:50,348 INFO [SessionFactoryImpl] closing
.......
And Web app deployment fails at the end.

>>Concerning your first question, the form posts to j_security_check. In the default configuration
>>AuthenticationProcessingFilter listens for requests to /j_acegi_security_check.
Thanks. I've left it as it's in the example.


I've already tried to use ProxyFactoryBean. I used custom 'Advice' and custom 'Interceptor' they work fine. Something like that:

<bean id="communityManager" parent="baseTransactionProxy">
<property name="target">
<bean class="business.CommunityManagerImpl">
<property name="sessionFactory">
<ref local="sessionFactory"/>
</property>
</bean>
</property>
<property name="preInterceptors">
<list>
<ref local="myAdvisor"/>
</list>
</property>
</bean>

<bean id="myAdvice" class="security.advice.CommunityBeforeAdvice">
<property name="securityManager">
<ref bean="securityManager"/>
</property>
</bean>

<bean id="myAdvisor" class="org.springframework.aop.support.NameMatchMethodPoi ntcutAdvisor">
<constructor-arg>
<ref local="myAdvice"/>
</constructor-arg>
<property name="mappedNames">
<list>
<value>storeCommunity</value>
<value>deleteCommunity</value>
</list>
</property>

But I hope the Acegi is better approach then 'custom implementation'. Is case I'm not be able use Acegi I'll write my own 'Interceptors' and will check ACL using custom scenario.
blandger
Nov 2nd, 2004, 07:17 AM
[quote="blandger"]>>Have you tried using org.springframework.aop.framework.
>>ProxyFactoryBean to wire your security, transaction and then target bean?

Now I don't have a clue how make it in the right way... There is only 'security wiring' in the 'contacts.war' but not 'security + transaction'.

I'm using Jboss 3.2.5, Spring 1.1, Hibernate 2.1.6 for the Web applicatioin (serlvets + Freemaker template engine) trying to use Acegi as main security framework and remove all custom security checks/implementation.

'Transational' beans with proxies work fine. They are implemented on the Spring base classes and have 'SessionFactory' (hibernate) + 'transaction' injection.

Now I have architecture for 'secured' bean:
'Facade' class holds 'backend' bean. They both implement common interface. I'd like to set up 'security wrapper' (also for ACL) around 'facade' and 'transactional wrapper' around 'backend'. Something doesn't work as deployment fails. Or may be better make 'transaction' around 'facade' also? But I don't know how make it better.

>>Regarding your encoding filter not working Acegi Security filters,
>>would you please describe the behaviour you're seeing a little more.
Deployment fails on the app startup.

I can easy remove 'filters' from the application.xml
( <bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProce ssingFilter">...) the deployment exception is still there. But If I remove 'filters' from the web.xml when error goes away (but nothing works of course).

Project deploys 'almost fine' and fails at the end. Sorry for such a long log.

[DefaultListableBeanFactory] Creating shared instance of singleton bean 'basicProcessingFilter'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'basicProcessingFilterEntryPoint'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'autoIntegrationFilter'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'roleVoter'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'communitySecurityVoter'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'businessAccessDecisionManager'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'publicCommunityManagerSecurity'
.........
INFO [AbstractSecurityInterceptor] Validated configuration attributes
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'communityManagerFacade'
INFO [DefaultListableBeanFactory] Creating shared instance of singleton bean 'backendCommunityManagerTarget'
.....
[HERE AS IT WAS SHOWN EARLIER]....
.....
ERROR [Engine] StandardContext[]Exception starting filter Acegi Authentication Processing Filter org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
at org.apache.catalina.core.ApplicationFilterConfig.s etFilterDef(ApplicationFilterConfig.java:308)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:79)
at org.apache.catalina.core.StandardContext.filterSta rt(StandardContext.java:3676)
at org.apache.catalina.core.StandardContext.start(Sta ndardContext.java:4327)
at org.apache.catalina.core.ContainerBase.addChildInt ernal(ContainerBase.java:823)
at org.apache.catalina.core.ContainerBase.addChild(Co ntainerBase.java:807)
at org.apache.catalina.core.StandardHost.addChild(Sta ndardHost.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.commons.modeler.BaseModelMBean.invoke(B aseModelMBean.java:503)
at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDy namicInvoker.java:109)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:473)
at org.apache.catalina.core.StandardContext.init(Stan dardContext.java:5412)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.commons.modeler.BaseModelMBean.invoke(B aseModelMBean.java:503)
at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDy namicInvoker.java:109)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:473)
at org.jboss.web.tomcat.tc5.TomcatDeployer.performDep loyInternal(TomcatDeployer.java:286)
at org.jboss.web.tomcat.tc5.TomcatDeployer.performDep loy(TomcatDeployer.java:70)
at org.jboss.web.AbstractWebDeployer.start(AbstractWe bDeployer.java:306)
at org.jboss.web.WebModule.startModule(WebModule.java :62)
at org.jboss.web.WebModule.startService(WebModule.jav a:40)
at org.jboss.system.ServiceMBeanSupport.jbossInternal Start(ServiceMBeanSupport.java:271)
......
INFO [STDOUT] web.WebAction init
INFO: .::WEB Action init...
INFO [STDOUT] web.WebAction loadProperties
INFO: loadProperties
>>> My own filter starts fine. <<<

ERROR [Engine] StandardContext[]Exception starting filter Acegi Security System for Spring Auto Integration Filter
org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
............
ERROR [Engine] StandardContext[]Exception starting filter Acegi Channel Processing Filter
org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
...........
ERROR [Engine] StandardContext[]Exception starting filter Acegi HTTP Request Security Filter
org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
.............
ERROR [Engine] StandardContext[]Exception starting filter Acegi HTTP BASIC Authorization Filter
org.springframework.beans.factory.BeanIsAbstractEx ception: Tried to instantiate abstract bean definition '&baseTransactionProxy'
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:177)
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:136)
at org.springframework.beans.factory.support.DefaultL istableBeanFactory.getBeansOfType(DefaultListableB eanFactory.java:177)
at org.springframework.context.support.AbstractApplic ationContext.getBeansOfType(AbstractApplicationCon text.java:473)
at net.sf.acegisecurity.util.FilterToBeanProxy.doInit (FilterToBeanProxy.java:170)
at net.sf.acegisecurity.util.FilterToBeanProxy.init(F ilterToBeanProxy.java:117)
at org.apache.catalina.core.ApplicationFilterConfig.g etFilter(ApplicationFilterConfig.java:225)
.........
ERROR [Context] Error filterStart
ERROR [Context] Context startup failed due to previous errors
INFO [Engine] StandardContext[]Closing root WebApplicationContext
INFO [XmlWebApplicationContext] Closing application context [Root XmlWebApplicationContext]
INFO [DefaultListableBeanFactory] Destroying singletons in factory {org.springframework.beans.factory.support.Default ListableBeanFactory defining beans [dataSource,sessionFactory,transactionManager,baseT ransactionProxy,.................,runAsManager,
runAsAuthenticationProvider,authByAdapterProvider, authenticationManager,inMemoryDaoImpl,daoAuthentic ationProvider,basicProcessingFilter,basicProcessin gFilterEntryPoint,
autoIntegrationFilter,roleVoter,communitySecurityV oter,businessAccessDecisionManager,publicCommunity ManagerSecurity,communityManagerFacade,backendComm unityManagerTarget,
channelProcessingFilter,authenticationProcessingFi lter,securityEnforcementFilter,authenticationProce ssingFilterEntryPoint,httpRequestAccessDecisionMan ager,
channelDecisionManager,secureChannelProcessor,inse cureChannelProcessor,filterInvocationInterceptor]; Root of BeanFactory hierarchy}
10:43:50,348 INFO [LocalSessionFactoryBean] Closing Hibernate SessionFactory
10:43:50,348 INFO [SessionFactoryImpl] closing
.......
And Web app deployment fails at the end.

>>Concerning your first question, the form posts to j_security_check. In the default configuration
>>AuthenticationProcessingFilter listens for requests to /j_acegi_security_check.
Thanks. I've left it as it's in the example.


I've already tried to use ProxyFactoryBean. I used custom 'Advice' and custom 'Interceptor' they work fine. Something like that:

<bean id="communityManager" parent="baseTransactionProxy">
<property name="target">
<bean class="business.CommunityManagerImpl">
<property name="sessionFactory">
<ref local="sessionFactory"/>
</property>
</bean>
</property>
<property name="preInterceptors">
<list>
<ref local="myAdvisor"/>
</list>
</property>
</bean>

<bean id="myAdvice" class="security.advice.CommunityBeforeAdvice">
<property name="securityManager">
<ref bean="securityManager"/>
</property>
</bean>

<bean id="myAdvisor" class="org.springframework.aop.support.NameMatchMethodPoi ntcutAdvisor">
<constructor-arg>
<ref local="myAdvice"/>
</constructor-arg>
<property name="mappedNames">
<list>
<value>storeCommunity</value>
<value>deleteCommunity</value>
</list>
</property>

But I hope the Acegi is better approach then 'custom implementation'. Is case I'm not be able use Acegi I'll write my own 'Interceptors' and will check ACL using custom scenario.
Ben Alex
Nov 2nd, 2004, 02:11 PM
I am successfully using both Acegi Security's MethodSecurityInterceptor and Spring's TransactionInterceptor for the same beans. I am using Acegi Security's new MethodDefinitionSourceAdvisor and Spring's AttributesTransactionAttributeSource along with DefaultAdvisorAutoProxyCreator to do this.

Regarding the filter errors, they appear related to the problematic bean configuration related to combined secured/transactional beans, so once you sort this out I am sure the filters will load correctly.