request.getRemoteUser()

[Ben Alex]

Yes, the old "/src" tree was used with Ant, we've now moved to Maven style directories thus "/core/src/main/java" is used.

[briankuhn]

Hi all.

I'm getting a NullPointerException using this code. It only happens when I try to log in using an non-existant username/password. Everything works fine otherwise, so I'm not sure where to start troubleshooting.

The exception occurs when I submit my login form to j_security_check:

Code:

java.lang.NullPointerException
net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider.authenticate(DaoAuthenticationProvider.java:237)
net.sf.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:128)
net.sf.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:49)
net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:82)
net.sf.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:296)
net.sf.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:105)
net.sf.acegisecurity.ui.wrapper.ContextHolderAwareRequestFilter.doFilter(ContextHolderAwareRequestFilter.java:50)

I'm using the filter and wrapper from:
http://acegisecurity.sourceforge.net...estFilter.html
http://acegisecurity.sourceforge.net...stWrapper.html

Here's the relevant part of my web.xml:

Code:

<filter>
    <filter-name>Acegi Http Servlet Request Filter</filter-name>            
    <filter-class>net.sf.acegisecurity.ui.wrapper.ContextHolderAwareRequestFilter</filter-class>
</filter>
...
<filter-mapping>
    <filter-name>Acegi Http Servlet Request Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

And my securityContext.xml:

Code:

<beans>
	
	<bean id="authenticationDao" 
	    class="com.briankuhn.birthdays.web.acegi.AccountAuthenticationDAO">
	    <property name="accountDAO"><ref bean="accountDAO"/></property>
	</bean>

	<bean id="filterInvocationInterceptor" 
	    class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
    	<property name="authenticationManager">
    	    <ref local="authenticationManager"/>
    	</property>
    	<property name="accessDecisionManager">
    	    <ref local="accessDecisionManager"/>
    	</property>
 		<property name="objectDefinitionSource">
			<value>
			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
			    PATTERN_TYPE_APACHE_ANT
				/secure/**=ROLE_USER
			</value>
		</property>
	</bean>
	
	<bean id="daoAuthenticationProvider" 
	    class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
     	<property name="authenticationDao">
     	    <ref local="authenticationDao"/>
     	</property>
     	<property name="userCache">
     	    <ref local="userCache"/>
     	</property>
	</bean>
	
	<bean id="userCache" 
	    class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
		<property name="minutesToIdle"><value>5</value></property>
	</bean>

	<bean id="authenticationManager" 
	    class="net.sf.acegisecurity.providers.ProviderManager">
		<property name="providers">
		  <list>
		    <ref local="daoAuthenticationProvider"/>
		  </list>
		</property>
	</bean>

	<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>

	<bean id="accessDecisionManager" 
	    class="net.sf.acegisecurity.vote.AffirmativeBased">
   		<property name="allowIfAllAbstainDecisions">
   		    <value>false</value>
   		</property>
		<property name="decisionVoters">
		  <list>
		    <ref local="roleVoter"/>
		  </list>
		</property>
	</bean>

	<bean id="authenticationProcessingFilter" 
	    class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
		<property name="authenticationManager">
		    <ref local="authenticationManager"/>
		</property>
		<property name="authenticationFailureUrl">
		    <value>/loginForm.html?denied=true</value>
		</property>
		<property name="defaultTargetUrl">
		    <value>/secure/birthdayList.html</value>
		</property>
		<property name="filterProcessesUrl">
		    <value>/j_security_check</value>
		</property>
	</bean>

	<bean id="securityEnforcementFilter" 
	    class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
		<property name="filterSecurityInterceptor">
		    <ref local="filterInvocationInterceptor"/>
		</property>
		<property name="authenticationEntryPoint">
		    <ref local="authenticationProcessingFilterEntryPoint"/>
		</property>
	</bean>

	<bean id="authenticationProcessingFilterEntryPoint" 
	    class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
		<property name="loginFormUrl">
		    <value>/loginForm.html</value>
		</property>
		<property name="forceHttps">
		    <value>false</value>
		</property>
	</bean>

	<bean id="autoIntegrationFilter" 
	    class="net.sf.acegisecurity.ui.AutoIntegrationFilter" />

</beans>

Any ideas? I've done a lot of testing and have gotten no where so far...

Thanks,
Brian Kuhn

[Ben Alex]

That line of DaoAuthenticationProvider is blank in the current CVS HEAD, so would you please checkout from CVS and try again, posting the resulting error message along with your full web.xml (in case it is web filter ordering related, which is the main source of most support issues with Acegi Security).

[briankuhn]

I'm using the 0.6.1 release + the 2 classes from cvs. I thought this would work as an independant patch. I guess I need to pull everything from CVS...

[briankuhn]

These two classes do work as a stand alone patch to 0.6.1. My problem was that my AuthenticationDao was returning null instead of throwing a UsernameNotFoundException.

[Ben Alex]

I've just made a change so DaoAuthenticationProvider ensures the UserDetails returned by the AuthenticationDao is not null, throwing a descriptive AuthenticationServiceException if necessary.