Redirection Limit error

[jdoklovic]

Hi.

I'm trying to get basic web authentication in place, but everytime I hit the app, (any page, secure or not) I get a browser error stating:
"Redirection limit for this URL exceeded".

I'm not sure what's causing the loop.
Here's my web.xml

Code:

<filter>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
            <param-name>targetClass</param-name>
            <param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value>
        </init-param>
   </filter>

    <filter-mapping>
      <filter-name>Acegi Filter Chain Proxy</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
    
    <!--
	  - Loads the root application context of this web app at startup.
    -->
    <listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	
	<listener>
        <listener-class>net.sf.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class>
    </listener>
    
	<!-- 
		- map the tapestry application to the context
	-->
	<servlet>
		<servlet-name>testapp</servlet-name>
		<servlet-class>org.apache.tapestry.ApplicationServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>testapp</servlet-name>
		<url-pattern>/app</url-pattern>
	</servlet-mapping>

Then in my context i have this:

Code:

<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
      <property name="filterInvocationDefinitionSource">
         <value>
		    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
		    PATTERN_TYPE_APACHE_ANT
            /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter
         </value>
      </property>
    </bean>
	
	
	<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
    
   <bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
      <property name="cacheManager">
         <ref local="cacheManager"/>
      </property>
      <property name="cacheName">
         <value>userCache</value>
      </property>
   </bean>
   
   <bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
      <property name="cache"><ref local="userCacheBackend"/></property>
   </bean>
   
	<bean id="passwordEncoder" class="net.sf.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
	
	<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
    	<property name="authenticationDao"><ref bean="userAuthDao"/></property>
    	<property name="userCache"><ref local="userCache"/></property>
		<property name="passwordEncoder"><ref bean="passwordEncoder"/></property>
  	</bean>
  	
  	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref bean="daoAuthenticationProvider"/>
			</list>
		</property>	  
	</bean>
	
	<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
      <property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
      <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
   </bean>
   
	<bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
      <property name="context"><value>net.sf.acegisecurity.context.security.SecureContextImpl</value></property>
   </bean>
   
   <bean id="anonymousProcessingFilter" class="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
      <property name="key"><value>foobar</value></property>
      <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
   </bean>

   <bean id="anonymousAuthenticationProvider" class="net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
      <property name="key"><value>foobar</value></property>
   </bean>
   
   <bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
      <property name="authenticationFailureUrl"><value>/app?service=page/Login</value></property>
      <property name="defaultTargetUrl"><value>/</value></property>
      <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
      <property name="rememberMeServices"><ref local="rememberMeServices"/></property>
   </bean>
   
   <bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
      <property name="loginFormUrl"><value>/app?service=page/Login</value></property>
      <property name="forceHttps"><value>false</value></property>
   </bean>
   
   <bean id="rememberMeProcessingFilter" class="net.sf.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
      <property name="rememberMeServices"><ref local="rememberMeServices"/></property>
   </bean>

   <bean id="rememberMeServices" class="net.sf.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
      <property name="authenticationDao"><ref bean="userAuthDao"/></property>
      <property name="key"><value>springRocks</value></property>
   </bean>
   
   <bean id="rememberMeAuthenticationProvider" class="net.sf.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
      <property name="key"><value>springRocks</value></property>
   </bean>
   
   <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
   
   <bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
      <property name="allowIfAllAbstainDecisions"><value>false</value></property>
      <property name="decisionVoters">
         <list>
            <ref bean="roleVoter"/>
         </list>
      </property>
   </bean>
   
   <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
      <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
      <property name="objectDefinitionSource">
         <value>
			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
			    PATTERN_TYPE_APACHE_ANT
			    /app/**=ROLE_ANONYMOUS,ROLE_USER
			    /**=ROLE_ANONYMOUS,ROLE_USER
         </value>
      </property>
   </bean>

Most of this is right from the sample app.
Anyone see anything i did wrong?

[jdoklovic]

Figured it out.
I just made a stupid mistake....
forgot to list the Anonymous provider in the list for the auth manager

[flodelux]

I am having exactly the same problem, i have added the annonymous provider to the provider list for the authentication manager and this has not made any difference.

My filters and filter beans are all in place.

Any ideas anyone???

Many thanks

[jhazen]

Make sure your login page doesn't require secure access. That's the easiest way I've found to infinite loop.

If you are overriding 403 error pages be careful where you send users. Kicking them back to a page that will forward them back to a page they don't have access to will cause a similar loop.

[flodelux]

I am still none the wiser to what is happening with this.

I have a authenticationProcessingFilter bean in the authetication.xml config file. I put /** before my authenticationFailureUrl and defaultTargetUrl. Also in the authenticationEntryPoint in property loginFormUrl I also put /** before the value. They seem to make thingsw work instead of giving the "redirection limit error"

The only problem is in the url you get http://<host>/dev/**/login.cmd because i added /** to the property values.

To see what I have done please look at the config files.

any ideas to what is wrong would me much appreciated.

cheers

These are my full config files

WEB.XML

<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">

<listener>
<listener-class>org.springframework.web.context.ContextLoade rListener</listener-class>
</listener>

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/alito-data.xml,
/WEB-INF/alito-service.xml,
/WEB-INF/alito-servlet.xml,
/WEB-INF/alito-authentication.xml
</param-value>
</context-param>

<filter>
<filter-name>Acegi-Integration</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.context.HttpSessionCont extIntegrationFilter</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>Acegi-Integration</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
<filter-name>Acegi-Channel</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.securechannel.ChannelPr ocessingFilter</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>Acegi-Channel</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
<filter-name>Acegi-Authentication</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.ui.webapp.Authenticatio nProcessingFilter</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>Acegi-Authentication</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
<filter-name>Acegi-Security</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetBean</param-name>
<param-value>securityEnforcementFilter</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>Acegi-Security</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<!-- The single spring dispatcher servlet - takes a 'ModelAndView' object
from the 'handleRequestInternal()' method of the web request handling
class (in this case 'Controller'). Then forwards the appropriate bean to
the appropriate view. -->
<servlet>
<servlet-name>alito</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>alito</servlet-name>
<url-pattern>*.cmd</url-pattern>
</servlet-mapping>

<session-config>
<session-timeout>30</session-timeout>
</session-config>

<!-- <welcome-file-list>
<welcome-file>index.jspx</welcome-file>
</welcome-file-list> -->

<resource-ref>
<res-ref-name>jdbc/alitodb</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</web-app>

authetication.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>

<!--Authentication beans -->

<!--database provider which uses hibernate. Acegi DAOProvider class does not support hibernate -->

<bean id="databaseAuthenticationBean"
class="com.alito.authentication.DatabaseAuthentica tionProvider">
<property name="authenticationAccess">
<ref bean="authenticationDataAccessBean"/>
</property>
<property name="userAdaptor">
<ref bean="userAdaptor"/>
</property>
<property name="userCache">
<ref bean="userCache"/>
</property>
</bean>

<!--Acegi cache implementation extended so we can use it as a bean -->
<bean id="userCache"
class="com.alito.util.AlitoEhBasedUserCache"/>

<!--This bean allows us to create a UserDetails object -->
<bean id="userAdaptor" class="com.alito.authentication.UserAdaptor"/>

<!--The manager bean which checks the principal and credentials of the user
success at this point allows us to move on to the role voter -->
<bean id="authenticationManager"
class="net.sf.acegisecurity.providers.ProviderMana ger">
<property name="providers">
<list>
<ref bean="databaseAuthenticationBean"/>
</list>
</property>
</bean>

<!-- Very important bean which casts votes on whether the user with it's role
is able to access the destination URL -->
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>

<!-- This bean manages the RoleVoter class by receiving all the votes and
making the overall decision on whether to give access the the URL -->
<bean id="accessDecisionManager"
class="net.sf.acegisecurity.vote.AffirmativeBased" >
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
</list>
</property>
<property name="allowIfAllAbstainDecisions">
<value>true</value>
</property>
</bean>

<bean id="securityEnforcementFilter"
class="net.sf.acegisecurity.intercept.web.Security EnforcementFilter">
<property name="filterSecurityInterceptor">
<ref bean="securityInterceptor"/>
</property>
<property name="authenticationEntryPoint">
<ref bean="authenticationEntryPoint"/>
</property>
</bean>

<bean id="securityInterceptor"
class="net.sf.acegisecurity.intercept.web.FilterSe curityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager"/>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login.cmd**=ROLE_ADMIN
</value>
</property>
</bean>

<bean id="authenticationEntryPoint"
class="net.sf.acegisecurity.ui.webapp.Authenticati onProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/**/login.cmd</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>

<bean id="authenticationProcessingFilter"
class="net.sf.acegisecurity.ui.webapp.Authenticati onProcessingFilter">
<property name="filterProcessesUrl">
<value>/j_acegi_security_check</value>
</property>
<property name="authenticationFailureUrl">
<value>/**/error.cmd</value>
</property>
<property name="defaultTargetUrl">
<value>/**/login.cmd</value>
</property>
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
</bean>

<bean id="httpSessionIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionCon textIntegrationFilter">
<property name="context">
<value>net.sf.acegisecurity.context.security.Secur eContextImpl</value>
</property>
</bean>

<!-- HTTPS settings -->

<bean id="channelProcessingFilter"
class="net.sf.acegisecurity.securechannel.ChannelP rocessingFilter">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/login.cmd.*\Z=REQUIRES_INSECURE_CHANNEL
</value>
</property>
<property name="channelDecisionManager">
<ref bean="channelDecisionManager"/>
</property>
</bean>

<bean id="channelDecisionManager"
class="net.sf.acegisecurity.securechannel.ChannelD ecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref bean="secureChannelProcessor"/>
<ref bean="insecureChannelProcessor"/>
</list>
</property>
</bean>

<bean id="secureChannelProcessor"
class="net.sf.acegisecurity.securechannel.SecureCh annelProcessor"/>

<bean id="insecureChannelProcessor"
class="net.sf.acegisecurity.securechannel.Insecure ChannelProcessor"/>
</beans>

spring-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<!-- Web layer beans -->

<beans>

<!-- Home Page controller -->
<bean id="homeController" class="com.alito.controller.HomePageController"/>

<!-- Error Page controller -->
<bean id="errorController" class="com.alito.controller.ErrorPageController"/>

<!-- Defines request handler mapping -->
<bean id="urlMapping" class="org.springframework.web.servlet.handler.Sim pleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/**/login.cmd">homeController</prop>
<prop key="/**/error.cmd">errorController</prop>
</props>
</property>
</bean>


<!-- -->
<!--bean id="handlerExceptionResolver" class="com.alito.web.ExceptionResolver"/-->

<!-- -->
<bean id="viewResolver" class="org.springframework.web.servlet.view.Intern alResourceViewResolver">
<property name="viewClass">
<value>org.springframework.web.servlet.view.JstlVi ew</value>
</property>
<property name="prefix">
<value>/WEB-INF/config/</value>
</property>
<property name="suffix">
<value>.jspx</value>
</property>
<property name="contentType">
<value>text/html</value>
</property>
</bean>

<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.C ommonsMultipartResolver">
<property name="maxUploadSize">
<value>100000000</value>
</property>
</bean>

<!---->
<bean id="themeResolver" class="org.springframework.web.servlet.theme.Sessi onThemeResolver">
<property name="defaultThemeName">
<value>nice</value>
</property>

[flodelux]

Thanks jhazen

What you said in your post has just sunk in.

I set my login page as a secure resource.

I am currently banging my head on the table for being such an arse.