Acegi .80 not Updating ContextHolder

[RichardC]

I am upgrading to .80 and the AbstractProcessingFilter is not Updating the ContextHolder. I am missing something here, and I just can't figure it out.

The only real change is that I have converted to the FilterChainProxy.

I have stripped down the Sample app to only do what my app does (No Anon, or RememberMe stuff). Except for the DaoAuthenticationProvider everything is the same that I can think of (I am using a custom made provider with Hibernate - that was/is working with .70).

Anyway, here is what blows my mind:
This is from the Sample Apps Log

Code:

[DEBUG,EhCacheBasedUserCache,http-8080-Processor24] Cache hit: false; username: marissa
[DEBUG,EhCacheBasedUserCache,http-8080-Processor24] Cache put: marissa
[INFO,LoggerListener,http-8080-Processor24] Authentication success for user: marissa; details: net.sf.acegisecurity.ui.WebAuthenticationDetails@13d7254: RemoteIpAddress: 127.0.0.1; SessionId: F9E86703A0F34A9AB0D78C516BC1FD63
[DEBUG,AbstractProcessingFilter,http-8080-Processor24] Authentication success: net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@11d20d3: Username: marissa; Password: [PROTECTED]; Authenticated: false; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@13d7254: RemoteIpAddress: 127.0.0.1; SessionId: F9E86703A0F34A9AB0D78C516BC1FD63; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER
[DEBUG,AbstractProcessingFilter,http-8080-Processor24] Updated ContextHolder to contain the following Authentication: 'net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@11d20d3: Username: marissa; Password: [PROTECTED]; Authenticated: false; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@13d7254: RemoteIpAddress: 127.0.0.1; SessionId: F9E86703A0F34A9AB0D78C516BC1FD63; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER'
[DEBUG,AbstractProcessingFilter,http-8080-Processor24] Redirecting to target URL from HTTP Session (or default): http://localhost:8080/acegi-security-sample-contacts-filter/secure/index.htm

This is from my log:
Slightly edited to protect a bit of privacy

Code:

2005-03-10 22&#58;02&#58;53,564 DEBUG &#91;net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache&#93; - <Cache hit&#58; false; username&#58; joe@blow.com>
2005-03-10 22&#58;02&#58;53,564 DEBUG &#91;com.bifco.orma.dao.hibernate.UserDAOHibernate&#93; - <loadUserByUsername called with joe@blow.com>
2005-03-10 22&#58;02&#58;53,623 DEBUG &#91;net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache&#93; - <Cache put&#58; joe@blow.com>
2005-03-10 22&#58;02&#58;53,624 INFO &#91;net.sf.acegisecurity.providers.dao.event.LoggerListener&#93; - <Authentication success for user&#58; joe@blow.com; details&#58; 127.0.0.1>
2005-03-10 22&#58;02&#58;53,671 DEBUG &#91;net.sf.acegisecurity.ui.AbstractProcessingFilter&#93; - <Authentication success&#58; net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@17a6686&#58; Username&#58; com.flarn.wibble.model.User@b81eaa&#91;
  log=org.apache.commons.logging.impl.Log4JLogger@74b10b
  id=10
  name=joe@blow.com
  password=apassword
  description=Dude
  roles=&#91;abc, default, test, flarn&#93;
  authorities=&#123;ROLE_ABC,ROLE_DEFAULT,ROLE_TEST,ROLE_FLARN&#125;
&#93;; Password&#58; &#91;PROTECTED&#93;; Authenticated&#58; false; Details&#58; 127.0.0.1; Granted Authorities&#58; ROLE_ABC, ROLE_DEFAULT, ROLE_TEST, ROLE_FLARN>
2005-03-10 22&#58;02&#58;53,671 DEBUG &#91;net.sf.acegisecurity.ui.AbstractProcessingFilter&#93; - <Redirecting to target URL from HTTP Session &#40;or default&#41;&#58; http&#58;//localhost&#58;8080/flarn/welcome.htm>

What I am missing is the

Code:

Updated ContextHolder to contain the following Authentication:....

section.

From the successfulAuthentication method of AbstractProcessingFilter

Code:

....
        if (logger.isDebugEnabled()) {
            logger.debug("Authentication success: " + authResult.toString());
        }

        SecureContext sc = SecureContextUtils.getSecureContext();
        sc.setAuthentication(authResult);

        if (logger.isDebugEnabled()) {
            logger.debug(
                "Updated ContextHolder to contain the following Authentication: '"
                + authResult + "'");
        }

        String targetUrl = (String) request.getSession().getAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
        request.getSession().removeAttribute(ACEGI_SECURITY_TARGET_URL_KEY);

        if (alwaysUseDefaultTargetUrl == true) {
            targetUrl = null;
        }

        if (targetUrl == null) {
            targetUrl = request.getContextPath() + defaultTargetUrl;
        }

        if (logger.isDebugEnabled()) {
            logger.debug(
                "Redirecting to target URL from HTTP Session (or default): "
                + targetUrl);
        }
....

Best guess is that something is not working for me here

Code:

        SecureContext sc = SecureContextUtils.getSecureContext();
        sc.setAuthentication(authResult);

But why oh why is the log method "Updated ContextHolder" not showing up in the log ? It gets to the Redirecting log entry, so it's not thowing out before that..

While not the root of my problem, the missing log entry is driving me bonkers. I am fairly new to Java, so it must be something secret but obvious to the hardened.

Any insight would be appreciated.

Thanks

[RichardC]

I have managed to cure the symptoms but still don't know the exact cause.
I have replaced/added all the dependancy jars in my project with ones from the sample app and it is now working. After I catch up on time I will go back and find out which one was the root cause.

I still don't understand why the log was skipping that section

[Ben Alex]

SecureContextUtils is a new class in 0.8.0. It expects HttpSessionContextIntegrationFilter to have been executed before any other Acegi Security filter, as it sets up the ContextHolder to contain a SecureContext implementation.