PDA

View Full Version : 403 error even though user is authenticated


huggy77
Mar 31st, 2012, 03:15 PM
When using a jdbc-user-service i am getting a 403 error after logging in with good credentials. Yet when attempting to log in with bad credentials i am shown my loginfailed page (which is what we want).

i tested the http block in my security-context by using the generic user-service and it worked fine.

Please help me understand what is wrong and how to fix it. Also please explain what clues brought you to your conclusion.

i am including my code.
sql (authority table) :


-- ----------------------------
-- Table structure for `authorities`
-- ----------------------------
DROP TABLE IF EXISTS `authorities`;
CREATE TABLE `authorities` (
`client_email_address` varchar(60) NOT NULL,
`authority` varchar(50) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;



customer table


SET FOREIGN_KEY_CHECKS=0;

-- ----------------------------
-- Table structure for `customer`
-- ----------------------------
DROP TABLE IF EXISTS `customer`;
CREATE TABLE `customer` (
`client_id` int(7) unsigned NOT NULL AUTO_INCREMENT,
`client_name_first` varchar(40) NOT NULL,
`client_name_last` varchar(40) NOT NULL,
`client_name_middle_initial` char(1) DEFAULT NULL,
`client_phone_home` varchar(14) DEFAULT NULL,
`client_phone_cell` varchar(14) DEFAULT NULL,
`client_addr_shipping_line_one` varchar(80) NOT NULL,
`client_addr_shipping_line_two` varchar(80) DEFAULT NULL,
`client_addr_shipping_city` varchar(30) NOT NULL,
`client_addr_shipping_state` char(2) NOT NULL,
`client_addr_shipping_zip` char(5) NOT NULL,
`client_addr_shipping_country_code` char(2) NOT NULL DEFAULT 'US',
`client_addr_billing_line_one` varchar(80) NOT NULL,
`client_addr_billing_line_two` varchar(80) DEFAULT NULL,
`client_addr_billing_city` varchar(30) NOT NULL,
`client_addr_billing_state` char(2) NOT NULL,
`client_addr_billing_zip` char(5) NOT NULL,
`client_addr_billing_country_code` char(2) NOT NULL DEFAULT 'US',
`client_status_code` smallint(1) unsigned NOT NULL DEFAULT '0',
`client_date_created` date NOT NULL,
`client_email_address` varchar(60) NOT NULL,
`client_password` varchar(16) NOT NULL,
`enabled` tinyint(1) NOT NULL,
PRIMARY KEY (`client_id`,`client_email_address`),
UNIQUE KEY `idx_clientEmail` (`client_email_address`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=latin1;


my security context is


<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http auto-config="true">
<intercept-url pattern="/members/*" access="ROLE_ADMIN" />
<form-login login-page="/login.xhtml" authentication-failure-url="/loginfailed.xhtml" />
</http>

<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="mysqlDataSource"
users-by-username-query="
select client_email_address, client_password, enabled
from customer where client_email_address=?"
authorities-by-username-query="
select au.authority, c.client_email_address
from customer c, authorities au
where au.client_email_address = c.client_email_address and c.client_email_address =?"
/>
</authentication-provider>
</authentication-manager>


<!-- ================ OLD WAY ==================================================
<authentication-manager>
<authentication-provider>
<user-service>
<user name="rexryan" password="jets" authorities="ROLE_ADMIN" />
<user name="djeter" password="17684514" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
-->
</beans:beans>


my authentication bean


package security;

import java.io.IOException;
import javax.enterprise.context.RequestScoped;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.inject.Named;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

@Named
@RequestScoped
public class AuthenticationBean {

public String doLogin() throws IOException, ServletException{
ExternalContext context = FacesContext.getCurrentInstance().getExternalConte xt();
RequestDispatcher dispatcher = ((ServletRequest) context.getRequest()).getRequestDispatcher("/j_spring_security_check");
dispatcher.forward((ServletRequest) context.getRequest(), (ServletResponse) context.getResponse());
FacesContext.getCurrentInstance().responseComplete ();
return null;
}

public String doLogout() {
FacesContext.getCurrentInstance().getExternalConte xt().invalidateSession();
return "/logout.xhtml";
}
}



i will attach my shortened log file below...
huggy77
Mar 31st, 2012, 03:16 PM
here is my shortened log file (i hope i pulled the helpful info)



INFO: [31/03/12 04:04:43:043 EDT] DEBUG context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed
INFO: [31/03/12 04:04:43:043 EDT] DEBUG intercept.FilterSecurityInterceptor: Secure object: FilterInvocation: URL: /members/index.xhtml; Attributes: [ROLE_ADMIN]
INFO: [31/03/12 04:04:43:043 EDT] DEBUG intercept.FilterSecurityInterceptor: Previously Authenticated: org.springframework.security.authentication.Userna mePasswordAuthenticationToken@ffff6aba: Principal: org.springframework.security.core.userdetails.User @ac78c08f: Username: webinspired@gmail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: webinspired@gmail.com; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.We bAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: a5bf43173b732a74bdeac9279de2; Granted Authorities: webinspired@gmail.com
INFO: [31/03/12 04:04:43:043 EDT] DEBUG vote.AffirmativeBased: Voter: org.springframework.security.access.vote.RoleVoter @44392c06, returned: -1
INFO: [31/03/12 04:04:43:043 EDT] DEBUG vote.AffirmativeBased: Voter: org.springframework.security.access.vote.Authentic atedVoter@57960e8, returned: 0
INFO: [31/03/12 04:04:43:043 EDT] DEBUG access.ExceptionTranslationFilter: Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedEx ception: Access is denied
at org.springframework.security.access.vote.Affirmati veBased.decide(AffirmativeBased.java:83)
at org.springframework.security.access.intercept.Abst ractSecurityInterceptor.beforeInvocation(AbstractS ecurityInterceptor.java:205)
at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.invoke(FilterSecurityInt erceptor.java:114)
at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.doFilter(FilterSecurityI nterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 323)
at org.springframework.security.web.access.ExceptionT ranslationFilter.doFilter(ExceptionTranslationFilt er.java:113)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 323)
at org.springframework.security.web.session.SessionMa nagementFilter.doFilter(SessionManagementFilter.ja va:101)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 323)
at org.springframework.security.web.authentication.An onymousAuthenticationFilter.doFilter(AnonymousAuth enticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 323)
at org.springframework.security.web.servletapi.Securi tyContextHolderAwareRequestFilter.doFilter(Securit yContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 323)
at org.springframework.security.web.savedrequest.Requ estCacheAwareFilter.doFilter(RequestCacheAwareFilt er.java:45)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 323)
at org.springframework.security.web.authentication.ww w.BasicAuthenticationFilter.doFilter(BasicAuthenti cationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 323)
at org.springframework.security.web.authentication.Ab stractAuthenticationProcessingFilter.doFilter(Abst ractAuthenticationProcessingFilter.java:182)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 323)
at org.springframework.security.web.authentication.lo gout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 323)
at org.springframework.security.web.context.SecurityC ontextPersistenceFilter.doFilter(SecurityContextPe rsistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 323)
at org.springframework.security.web.FilterChainProxy. doFilter(FilterChainProxy.java:173)
at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:256)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:217)
at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:279)
at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke (StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(S tandardPipeline.java:595)
at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:161)
at org.apache.catalina.connector.CoyoteAdapter.doServ ice(CoyoteAdapter.java:331)
at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:231)
at com.sun.enterprise.v3.services.impl.ContainerMappe r$AdapterCallable.call(ContainerMapper.java:317)
at com.sun.enterprise.v3.services.impl.ContainerMappe r.service(ContainerMapper.java:195)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(P rocessorTask.java:849)
at com.sun.grizzly.http.ProcessorTask.doProcess(Proce ssorTask.java:746)
at com.sun.grizzly.http.ProcessorTask.process(Process orTask.java:1045)
at com.sun.grizzly.http.DefaultProtocolFilter.execute (DefaultProtocolFilter.java:228)
at com.sun.grizzly.DefaultProtocolChain.executeProtoc olFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(Defau ltProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(Defau ltProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(Htt pProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(Pr otocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(Selec tionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:7 1)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doW ork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run (AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
INFO: [31/03/12 04:04:43:043 EDT] DEBUG context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed