Results 1 to 4 of 4

Thread: Initial setup with 0.8.0

  1. Mar 10th, 2005, 10:12 PM #1
    robmonie
    robmonie is offline Member
    Join Date
    Sep 2004
    Location
    Melbourne, Australia
    Posts
    36

    Default Initial setup with 0.8.0

    Hi Guys,

    I think i've missed something obvious here but I can't nut it out. Hopefully someone can set me straight. I had everything working in a previous version of acegi but when I built from CVS including the LDAP stuff i've found that some of the classes / packages have changed so i've started from scratch using the contacts example to get me going.

    I'm getting the following when I try to access a secure page. The login form appears fine but after I attempt to login it goes to a page not found error and no more debug messages appear in the console. Subsequent attempts to access a secured page result in the login page being presented so I know the authentication has not been successful.

    Code:
    DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(108) | Converted URL to lowercase, from: '/timesheet.do?method=list'; to: '/timesheet.do?method=list'
DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(119) | Candidate is: '/timesheet.do?method=list'; pattern is /**; matched=true
DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(305) | /timesheet.do?method=list at position 1 of 4 in additional filter chain; firing Filter: 'net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter@1fbafbb'
DEBUG - HttpSessionContextIntegrationFilter.doFilter(180) | Obtained from ACEGI_SECURITY_CONTEXT a valid Context and set to ContextHolder: 'net.sf.acegisecurity.context.security.SecureContextImpl@ce2c57: Authentication: net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@c91629: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ANONYMOUS'
DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(305) | /timesheet.do?method=list at position 2 of 4 in additional filter chain; firing Filter: 'net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter@1c118ae'
DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(305) | /timesheet.do?method=list at position 3 of 4 in additional filter chain; firing Filter: 'net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter@3b84ee'
DEBUG - AnonymousProcessingFilter.doFilter(147) | ContextHolder not replaced with anonymous token, as ContextHolder already contained: 'net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@c91629: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ANONYMOUS'
DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(305) | /timesheet.do?method=list at position 4 of 4 in additional filter chain; firing Filter: 'net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter@1ce0314'
DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(108) | Converted URL to lowercase, from: '/timesheet.do?method=list'; to: '/timesheet.do?method=list'
DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(119) | Candidate is: '/timesheet.do?method=list'; pattern is /timesheet.do*; matched=true
DEBUG - AbstractSecurityInterceptor.beforeInvocation(373) | Secure object: FilterInvocation: URL: /timesheet.do?method=list; ConfigAttributes: [ROLE_EMPLOYEE]
DEBUG - ProviderManager.doAuthentication(156) | Authentication attempt using net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
DEBUG - AbstractSecurityInterceptor.beforeInvocation(411) | Authenticated: net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@c91629: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ANONYMOUS
DEBUG - SecurityEnforcementFilter.doFilter(197) | Access is denied (user is anonymous); redirecting to authentication entry point
net.sf.acegisecurity.AccessDeniedException: Access is denied.
	at net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:86)
	at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:419)
	at net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:81)
	at net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter(SecurityEnforcementFilter.java:181)
	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:153)
	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at net.sf.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:374)
	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:217)
	at net.sf.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at net.sf.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:179)
	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:233)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204)
	at org.springframework.orm.hibernate.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:172)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:233)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
	at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
	at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
	at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:245)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:199)
	at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:509)
	at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
	at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:195)
	at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164)
	at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
	at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:156)
	at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
	at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
	at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:972)
	at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:211)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:805)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:696)
	at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
	at java.lang.Thread.run(Thread.java:534)
DEBUG - SecurityEnforcementFilter.sendStartAuthentication(246) | Authentication entry point being called; target URL added to Session: http://localhost/timesheets/timesheet.do?method=list
DEBUG - AuthenticationProcessingFilterEntryPoint.commence(178) | Redirecting to: http://localhost/timesheets/acegilogin.jsp
DEBUG - HttpSessionContextIntegrationFilter.doFilter(256) | Context stored to HttpSession: 'net.sf.acegisecurity.context.security.SecureContextImpl@ce2c57: Authentication: net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@c91629: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ANONYMOUS'
DEBUG - HttpSessionContextIntegrationFilter.doFilter(265) | ContextHolder set to null as request processing completed

    My spring mappings are as follows:

    applicationContext-acegi-security.xml
    Code:
    <beans>

   <!-- ======================== FILTER CHAIN ======================= -->

	<!--  if you wish to use channel security, add "channelProcessingFilter," in front
	      of "httpSessionContextIntegrationFilter" in the list below -->
	<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
      <property name="filterInvocationDefinitionSource">
         <value>
		    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
		    PATTERN_TYPE_APACHE_ANT
            /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter
         </value>
      </property>
    </bean>
    
    <!-- ======================== AUTHENTICATION ======================= -->
    
    <bean id="authenticationManager"
		class="net.sf.acegisecurity.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref bean="daoAuthenticationProvider" />
				<ref local="anonymousAuthenticationProvider"/>
			</list>
		</property>
	</bean>
	<bean id="authenticationDao"
		class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
		<property name="dataSource">
			<ref bean="dataSource" />
		</property>
	</bean>

	<bean id="daoAuthenticationProvider"
		class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
		<property name="authenticationDao">
			<ref bean="authenticationDao" />
		</property>
		<property name="userCache">
			<ref bean="userCache" />
		</property>
	</bean>
	
	<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
<!--	<bean id="cacheManager"-->
<!--		class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">-->
<!--		<property name="configLocation">-->
<!--			<value>classpath&#58;/ehcache-failsafe.xml</value>-->
<!--		</property>-->
<!--	</bean>-->
	
	
	<bean id="userCacheBackend"
		class="org.springframework.cache.ehcache.EhCacheFactoryBean">
		<property name="cacheManager">
			<ref local="cacheManager" />
		</property>
		<property name="cacheName">
			<value>userCache</value>
		</property>
	</bean>
	<bean id="userCache"
		class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
		<property name="cache">
			<ref local="userCacheBackend" />
		</property>
	</bean>
	
	<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
   <bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
   
	<bean id="anonymousProcessingFilter" class="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
      <property name="key"><value>foobar</value></property>
      <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
   </bean>

   <bean id="anonymousAuthenticationProvider" class="net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
      <property name="key"><value>foobar</value></property>
   </bean>
   
	<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter" />

	<bean id="accessDecisionManager"
		class="net.sf.acegisecurity.vote.AffirmativeBased">
		<property name="allowIfAllAbstainDecisions">
			<value>false</value>
		</property>
		<property name="decisionVoters">
			<list>
				<ref bean="roleVoter" />
			</list>
		</property>
	</bean>
	<bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
      <property name="context">
      	<value>net.sf.acegisecurity.context.security.SecureContextImpl</value>
      </property>
   </bean>
   
	<bean id="securityEnforcementFilter"
		class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
		<property name="filterSecurityInterceptor">
			<ref bean="filterInvocationInterceptor" />
		</property>
		<property name="authenticationEntryPoint">
			<ref bean="authenticationEntryPoint" />
		</property>
	</bean>
	
	<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
      <property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
      <property name="defaultTargetUrl"><value>/</value></property>
      <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
<!--      <property name="rememberMeServices"><ref local="rememberMeServices"/></property>-->
   </bean>
   
	<bean id="authenticationEntryPoint"
		class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
		<property name="loginFormUrl">
			<value>/acegilogin.jsp</value>
		</property>
		<property name="forceHttps">
			<value>false</value>
		</property>
	</bean>
	
	<bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
      <property name="allowIfAllAbstainDecisions"><value>false</value></property>
      <property name="decisionVoters">
         <list>
            <ref bean="roleVoter"/>
         </list>
      </property>
   </bean>
   
	<bean id="filterInvocationInterceptor"
		class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
		<property name="authenticationManager">
			<ref bean="authenticationManager" />
		</property>
		<property name="accessDecisionManager">
			<ref bean="accessDecisionManager" />
		</property>
<!--		<property name="runAsManager">-->
<!--			<ref bean="runAsManager" />-->
<!--		</property>-->
		<property name="objectDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT 
				/timesheet.do*=ROLE_EMPLOYEE
				/task.do*=ROLE_EMPLOYEE 
				/helpdeskcall.do*=ROLE_EMPLOYEE
				/user.do*=ROLE_ADMINISTRATOR
				/authority.do*=ROLE_ADMINISTRATOR
			</value>
		</property>
	</bean>
	
	<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
		<property name="key"><value>my_run_as_password</value></property>
	</bean>
	
</beans>

    web.xml

    Code:
    <display-name>Timesheets</display-name>

	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/applicationContext.xml /WEB-INF/action-servlet.xml
			/WEB-INF/applicationContext-acegi-security.xml

			<!--    		/WEB-INF/applicationContext-common-authorization.xml-->
		</param-value>
	</context-param>


	<filter>
		<filter-name>hibernateFilter</filter-name>
		<filter-class>org.springframework.orm.hibernate.support.OpenSessionInViewFilter</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>hibernateFilter</filter-name>
		<url-pattern>*.do</url-pattern>
	</filter-mapping>

	<filter>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
            <param-name>targetClass</param-name>
            <param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value>
        </init-param>
   </filter>

    <filter-mapping>
      <filter-name>Acegi Filter Chain Proxy</filter-name>
      <url-pattern>*.do</url-pattern>
    </filter-mapping>

	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	
	<listener>
		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
	</listener>
	
	<listener>
        <listener-class>net.sf.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class>
    </listener>

	<filter>
		<filter-name>sitemesh</filter-name>
		<filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>sitemesh</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>REQUEST</dispatcher>
		<dispatcher>FORWARD</dispatcher>
	</filter-mapping>

	<servlet>
		<servlet-name>action</servlet-name>
		<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>

	<servlet-mapping>
		<servlet-name>action</servlet-name>
		<url-pattern>*.do</url-pattern>
	</servlet-mapping>



	<welcome-file-list>
		<welcome-file>/index.jsp</welcome-file>
	</welcome-file-list>

	<error-page>
		<error-code>404</error-code>
		<location>/404.jsp</location>
	</error-page>

	<error-page>
		<error-code>403</error-code>
		<location>/403.jsp</location>
	</error-page>

	<error-page>
		<error-code>500</error-code>
		<location>/error.jsp</location>
	</error-page>

	<!--  protect direct access to jsp files in pages directory-->

	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Deny Direct Access</web-resource-name>
			<description>Deny direct access to jsps through the denied role</description>
			<url-pattern>/pages/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>Denied</role-name>
		</auth-constraint>
	</security-constraint>
	<security-role>
		<role-name>Denied</role-name>
	</security-role>
	<!--
		
		<taglib>
		<taglib-uri>/struts-layout.tld</taglib-uri>
		<taglib-location>/WEB-INF/struts-layout.tld</taglib-location>
		</taglib>
		
	-->
</web-app>
    thanks,
    rob
  2. Mar 13th, 2005, 03:06 PM #2
    Ben Alex
    Ben Alex is offline Senior Member Spring Team
    Join Date
    Aug 2004
    Location
    Sydney, Australia
    Posts
    2,768

    Default

    Hi Rob

    Could you please confirm /acegilogin.jsp is POSTing to /j_acegi_security_check. Do any log messages appear when the loginc form has been POSTed?
  3. Mar 14th, 2005, 01:11 AM #3
    robmonie
    robmonie is offline Member
    Join Date
    Sep 2004
    Location
    Melbourne, Australia
    Posts
    36

    Default

    Hi Ben,

    Yes the login form is posting as follows

    <form action="<c:url value='j_acegi_security_check'/>" method="POST">

    The debug messages that I posted initially are the only messages that appear in the log. These appear when the secure page is initially requested and the login form is presented. When the login form is submitted no more log messages appear.
  4. Mar 16th, 2005, 10:23 PM #4
    robmonie
    robmonie is offline Member
    Join Date
    Sep 2004
    Location
    Melbourne, Australia
    Posts
    36

    Default

    I figured it out after much frustration. Turned out I had

    Code:
        <filter-mapping>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <url-pattern>*.do</url-pattern>
    </filter-mapping>
    whereas it should have been mapped as follows

    Code:
        <filter-mapping>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    It was therefor not passing the post of the login form "j_acegi_security_check" through the filter chain proxy.

    thanks for your help Ben.

    cheers,
    rob
« Previous Thread | Next Thread »

Similar Threads

  1. CompositeAction Setup
    By curtney in forum Web Flow
    Replies: 4
    Last Post: Aug 27th, 2005, 07:44 PM
  2. Strange setup bean behaviour with validation
    By Christian in forum Web Flow
    Replies: 4
    Last Post: Jun 20th, 2005, 05:27 PM
  3. setup commons-configuration as spring context bean
    By ndeloof in forum Container
    Replies: 2
    Last Post: Jun 6th, 2005, 10:00 AM
  4. Switch from 0.8.0 to 0.8.1 and anonymous authentication
    By smileys in forum Security
    Replies: 1
    Last Post: Apr 8th, 2005, 05:51 PM
  5. Acegi Security 0.8.0 and subproject status
    By Ben Alex in forum Announcements
    Replies: 0
    Last Post: Mar 3rd, 2005, 11:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules