Problem with https channel processing.
Hi,
I'm using tomcat 5.5.4 with ssl enabled. When I attempt to hit a page on my application that REQUIRES_SECURE_CHANNEL, acegi attempts to redirect me to the root of my context. This then triggers the REQUIRES_INSECURE_CHANNEL rule and I'm left sitting at the SSL altar.
Any help would be appreciated.
Relevant Trace:
Context files (Using a variation on Craig's Simplifying Acegi Configuration http://jroller.com/page/habuma/20041..._configuration)Code:17:11:33.796 DEBUG (net.sf.acegisecurity.securechannel.ChannelProcessingFilter:165) - Request: http://localhost:8081/HealthTracker/login.jsp; ConfigAttributes: [REQUIRES_SECURE_CHANNEL] 17:11:33.796 DEBUG (net.sf.acegisecurity.securechannel.RetryWithHttpsEntryPoint:117) - Redirecting to: /HealthTracker 17:11:33.875 DEBUG (net.sf.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap:129) - Converted URL to lowercase, from: '/index.jsp'; to: '/index.jsp' 17:11:33.891 DEBUG (net.sf.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap:141) - Candidate is: '/index.jsp'; pattern is \A/login.jsp\Z; matched=false 17:11:33.891 DEBUG (net.sf.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap:141) - Candidate is: '/index.jsp'; pattern is \A/j_acegi_security_check.*\Z; matched=false 17:11:33.891 DEBUG (net.sf.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap:141) - Candidate is: '/index.jsp'; pattern is \A.*\Z; matched=true 17:11:33.906 DEBUG (net.sf.acegisecurity.securechannel.ChannelProcessingFilter:165) - Request: http://localhost:8081/HealthTracker/index.jsp; ConfigAttributes: [REQUIRES_INSECURE_CHANNEL] 17:11:33.906 DEBUG (net.sf.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap:129) - Converted URL to lowercase, from: '/index.jsp'; to: '/index.jsp' 17:11:33.906 DEBUG (net.sf.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap:141) - Candidate is: '/index.jsp'; pattern is \A/admin/.*\Z; matched=false 17:11:33.906 DEBUG (net.sf.acegisecurity.intercept.AbstractSecurityInterceptor:462) - Public object - authentication not attempted 17:11:34.282 DEBUG (net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter:172) - Chain processed normally
Code:<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <beans> <bean id="authenticationProcessingFilter" parent="baseAuthenticationProcessingFilter"> <property name="authenticationFailureUrl"> <value>/auth/login.jsp?login_error=1</value> </property> </bean> <bean id="authenticationEntryPoint" parent="baseAuthenticationEntryPoint"> <property name="loginFormUrl"> <value>/auth/login.jsp</value> </property> </bean> <bean id="filterInvocationInterceptor" parent="baseFilterInvocationInterceptor"> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON \A/admin/.*\Z=ROLE_ADMIN </value> </property> </bean> <bean id="authenticationDao" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl"> <property name="userMap"> <value>admin=password,ROLE_ADMIN</value> </property> </bean> <bean id="channelProcessingFilter" parent="baseChannelProcessingFilter"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON \A/login.jsp\Z=REQUIRES_SECURE_CHANNEL \A/j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANNEL \A.*\Z=REQUIRES_INSECURE_CHANNEL </value> </property> </bean> </beans>Thanks in advance,Code:<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <!-- = = = = = = = = = = = = = = = = = = = = = SECURING AT THE HTTP REQUEST LEVEL = = = = = = = = = = = = = = = = = = = = = --> <beans> <!-- = = = = = = = SECURITY FILTERS = = = = = = = --> <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter"> <property name="filterSecurityInterceptor"> <ref bean="filterInvocationInterceptor" /> </property> <property name="authenticationEntryPoint"> <ref bean="authenticationEntryPoint" /> </property> </bean> <bean id="baseAuthenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter" lazy-init="true"> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property> <property name="filterProcessesUrl"> <value>/j_acegi_security_check</value> </property> <property name="authenticationFailureUrl"> <value>/jsp/login.jsp?login_error=1</value> </property> <property name="defaultTargetUrl"> <value>/</value> </property> </bean> <bean id="baseAuthenticationEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint" lazy-init="true"> <property name="loginFormUrl"> <value>/jsp/login.jsp</value> </property> <property name="forceHttps"> <value>false</value> </property> </bean> <!-- = = = = = = = = SECURITY INTERCEPTOR = = = = = = = = --> <bean id="baseFilterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor" lazy-init="true"> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property> <property name="accessDecisionManager"> <ref bean="accessDecisionManager" /> </property> </bean> <!-- = = = = = = = = AUTHENTICATION = = = = = = = --> <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref bean="daoAuthenticationProvider" /> </list> </property> </bean> <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="authenticationDao"> <ref bean="authenticationDao" /> </property> </bean> <!-- = = = = = = = = ACCESS CONTROL = = = = = = = --> <bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.UnanimousBased"> <property name="allowIfAllAbstainDecisions"> <value>false</value> </property> <property name="decisionVoters"> <list> <ref bean="roleVoter" /> </list> </property> </bean> <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter" /> <!-- = = = = = = = = CACHING = = = = = = = = = = --> <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" /> <bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean"> <property name="cacheManager"> <ref local="cacheManager" /> </property> <property name="cacheName"> <value>userCache</value> </property> <property name="timeToIdle"> <value>300</value> </property> </bean> <bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache"> <property name="cache"> <ref local="userCacheBackend" /> </property> </bean> <!-- = = = = = = = = GENERAL UTILITY = = = = = = = --> <bean id="httpSessionIntegrationFilter" class="net.sf.acegisecurity.ui.webapp.HttpSessionIntegrationFilter" /> <!-- = = = = = = = = CHANNEL SECURITY = = = = = = = --> <bean id="baseChannelProcessingFilter" class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter" lazy-init="true"> <property name="channelDecisionManager"> <ref bean="channelDecisionManager" /> </property> <property name="filterInvocationDefinitionSource"> <value></value> </property> </bean> <bean id="channelDecisionManager" class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl"> <property name="channelProcessors"> <list> <ref bean="secureChannelProcessor" /> <ref bean="insecureChannelProcessor" /> </list> </property> </bean> <bean id="secureChannelProcessor" class="net.sf.acegisecurity.securechannel.SecureChannelProcessor" /> <bean id="insecureChannelProcessor" class="net.sf.acegisecurity.securechannel.InsecureChannelProcessor" /> </beans>
Ryan
