MethodSecurityInterceptor not finding Authentication Credentials
I'm having trouble implementing the default Method Security Interceptor into my Spring Security Servlet. I keep getting a AuthenticationCredentialsNotFoundException when I fire up my servlet. Could anyone shed light on this issue and explain why this could be occurring?
Console output
Here is part of my security-app-context.xmlCode:[11/29/11 15:43:14:588 CST] 00000016 SystemOut O [ERROR,ContextLoader] Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bankDao' defined in class path resource [applicationContext-business.xml]: Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'msi' defined in ServletContext resource [/WEB-INF/security-app-context.xml]: Invocation of init method failed; nested exception is org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:527) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:574) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425) at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47) ...
Finally, here is the MetaDataSource fileCode:<!-- Create MethodSecurityInterceptor --> <beans:bean id="msi" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor"> <beans:property name="validateConfigAttributes" value="false" /> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="accessDecisionManager" ref="universalAccessDecisionManager" /> <beans:property name="securityMetadataSource" ref="MethodSecurityMetaData" /> </beans:bean> <beans:bean id="MethodSecurityMetaData" class="bigbank.security.MyMethodSecurityMetaDataSource"> <beans:property name="serviceId" value="user-portal" /> </beans:bean> <beans:bean id="methodSecurityMetadataSourceAdvisor" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor"> <beans:constructor-arg value="msi" /> <beans:constructor-arg ref="MethodSecurityMetaData" /> <beans:constructor-arg value="test" /> </beans:bean>
Thanks in advance,Code:package bigbank.security; import java.lang.reflect.Method; import java.util.ArrayList; import java.util.Collection; import java.util.Iterator; import java.util.List; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; import org.springframework.security.access.method.MethodSecurityMetadataSource; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.FilterInvocation; public class MyMethodSecurityMetaDataSource implements MethodSecurityMetadataSource { // service ID for credentials manager private String serviceId; public void setServiceId(String id) { serviceId = id; } public String getServiceId() { return serviceId; } @Override public Collection<ConfigAttribute> getAllConfigAttributes() { // create dummy variable Collection<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(); attributes.add(new SecurityConfig("Call Method Access Decision Manager")); return null; } @Override public Collection<ConfigAttribute> getAttributes(Object arg0) throws IllegalArgumentException { Collection<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(); // create dummy variable attributes.add(new SecurityConfig("Call Method Access Decision Manager")); return attributes; } @Override public boolean supports(Class<?> arg0) { return true; } @Override public Collection<ConfigAttribute> getAttributes(Method arg0, Class<?> arg1) { Collection<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(); // create dummy attribute attributes.add(new SecurityConfig("Call Method Access Decision Manager")); return attributes; } }
Jim
Reply With Quote
