HELP: RememberMe does not work

[lixin_chu]

Hi,
Must be something wrong in my configuration but just can not find out where.
Problem: I do not see rememberMe being fired. No cookie is generated.

Here is my configuration:

1. login.jsp
<form method="POST" action="j_acegi_security_check" focus="username">
......
<input type="checkbox" name="_acegi_security_remember_me"/>
</form>

2. applicationContext-security.xml
<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy" >
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/j_acegi_security_check*=httpSessionContextIntegrat ionFilter,authenticationProcessingFilter,rememberM eProcessingFilter
/app/*.do*=httpSessionContextIntegrationFilter,remoteUs erFilter,rememberMeProcessingFilter,securityEnforc ementFilter
/admin/*.do*=httpSessionContextIntegrationFilter,remoteUs erFilter,rememberMeProcessingFilter,securityEnforc ementFilter
</value>
</property>
</bean>
......
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderMana ger">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<ref local="anonymousAuthenticationProvider"/>
<ref local="rememberMeAuthenticationProvider"/>
</list>
</property>
</bean>
......

<bean id="rememberMeProcessingFilter" class="net.sf.acegisecurity.ui.rememberme.Remember MeProcessingFilter">
<property name="rememberMeServices">
<ref local="rememberMeServices"/>
</property>
</bean>

<bean id="rememberMeServices" class="net.sf.acegisecurity.ui.rememberme.TokenBas edRememberMeServices">
<property name="authenticationDao">
<ref local="jdbcAuthenticationDao"/></property>
<property name="key"><value>canalRocks</value></property>
<property name="tokenValiditySeconds">
<value>1209600</value>
</property>
</bean>

<bean id="rememberMeAuthenticationProvider" class="net.sf.acegisecurity.providers.rememberme.R ememberMeAuthenticationProvider">
<property name="key"><value>canalRocks</value></property>
</bean>


I am using Acegi 0.8.1.

The flow is something like this:
* accessing http://localhost:8080/application
* using welcome file /login.jsp
* submit with 'remember me' selected
* once authentication is success, go to home page.

Here are the log messages. I do not find the place where the rememberMe service is being fired during the authentication process - do I have to put rememberMe as the first filter right after httpSessionContextIntegrationFilter :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.web.PathBasedFilter InvocationDefinitionMap - Converted URL to lowercase, from: '/j_acegi_security_check'; to: '/j_acegi_security_check'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.web.PathBasedFilter InvocationDefinitionMap - Candidate is: '/j_acegi_security_check'; pattern is /j_acegi_security_check*; matched=true
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.util.FilterChainProxy - /j_acegi_security_check at position 1 of 3 in additional filter chain; firing Filter: 'net.sf.acegisecurity.context.HttpSessionContextIn tegrationFilter@1db4c43'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter - HttpSession returned null object for ACEGI_SECURITY_CONTEXT
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter - As ContextHolder null, setup ContextHolder with a fresh new instance: 'net.canal.security.CanalSecureContextImpl@1b3cc96 : Null authentication'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.util.FilterChainProxy - /j_acegi_security_check at position 2 of 3 in additional filter chain; firing Filter: 'net.canal.security.CanalAuthenticationProcessingF ilter@1ddc3ea'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.ui.AbstractProcessingFilter - Request is to process authentication
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.providers.ProviderManager - Authentication attempt using net.sf.acegisecurity.providers.dao.DaoAuthenticati onProvider
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.providers.dao.cache.EhCacheBa sedUserCache - Cache hit: false; username: alex
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.providers.dao.cache.EhCacheBa sedUserCache - Cache put: alex
18.05.05 20:18:23 [http8080-Processor25] INFO net.sf.acegisecurity.providers.dao.event.LoggerLis tener - Authentication success for user: alex; details: net.sf.acegisecurity.ui.WebAuthenticationDetails@1 33fe5d: RemoteIpAddress: 127.0.0.1; SessionId: 42B43C085B2AE55A647C7CB9091250BD
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.ui.AbstractProcessingFilter - Authentication success: net.sf.acegisecurity.providers.UsernamePasswordAut henticationToken@809791: Username: net.sf.acegisecurity.providers.dao.User@5edcf5: Username: alex; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: 3, 3; Password: [PROTECTED]; Authenticated: false; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@1 33fe5d: RemoteIpAddress: 127.0.0.1; SessionId: 42B43C085B2AE55A647C7CB9091250BD; Granted Authorities: 3, 3
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.ui.AbstractProcessingFilter - Updated ContextHolder to contain the following Authentication: 'net.sf.acegisecurity.providers.UsernamePasswordAu thenticationToken@809791: Username: net.sf.acegisecurity.providers.dao.User@5edcf5: Username: alex; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: 3, 3; Password: [PROTECTED]; Authenticated: false; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@1 33fe5d: RemoteIpAddress: 127.0.0.1; SessionId: 42B43C085B2AE55A647C7CB9091250BD; Granted Authorities: 3, 3'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.ui.AbstractProcessingFilter - Redirecting to target URL from HTTP Session (or default): /Canal/admin/MyHomePageManager.do?MyHomePageManager.prepare
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter - Context stored to HttpSession: 'net.canal.security.CanalSecureContextImpl@1b3cc96 : Authentication: net.sf.acegisecurity.providers.UsernamePasswordAut henticationToken@809791: Username: net.sf.acegisecurity.providers.dao.User@5edcf5: Username: alex; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: 3, 3; Password: [PROTECTED]; Authenticated: false; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@1 33fe5d: RemoteIpAddress: 127.0.0.1; SessionId: 42B43C085B2AE55A647C7CB9091250BD; Granted Authorities: 3, 3'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter - ContextHolder set to null as request processing completed
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.web.PathBasedFilter InvocationDefinitionMap - Converted URL to lowercase, from: '/admin/myhomepagemanager.do?myhomepagemanager.prepare'; to: '/admin/myhomepagemanager.do?myhomepagemanager.prepare'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.web.PathBasedFilter InvocationDefinitionMap - Candidate is: '/admin/myhomepagemanager.do?myhomepagemanager.prepare'; pattern is /j_acegi_security_check*; matched=false
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.web.PathBasedFilter InvocationDefinitionMap - Candidate is: '/admin/myhomepagemanager.do?myhomepagemanager.prepare'; pattern is /app/*.do*; matched=false
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.web.PathBasedFilter InvocationDefinitionMap - Candidate is: '/admin/myhomepagemanager.do?myhomepagemanager.prepare'; pattern is /admin/*.do*; matched=true
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.util.FilterChainProxy - /admin/MyHomePageManager.do?MyHomePageManager.prepare at position 1 of 4 in additional filter chain; firing Filter: 'net.sf.acegisecurity.context.HttpSessionContextIn tegrationFilter@1db4c43'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter - Obtained from ACEGI_SECURITY_CONTEXT a valid Context and set to ContextHolder: 'net.canal.security.CanalSecureContextImpl@1b3cc96 : Authentication: net.sf.acegisecurity.providers.UsernamePasswordAut henticationToken@809791: Username: net.sf.acegisecurity.providers.dao.User@5edcf5: Username: alex; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: 3, 3; Password: [PROTECTED]; Authenticated: false; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@1 33fe5d: RemoteIpAddress: 127.0.0.1; SessionId: 42B43C085B2AE55A647C7CB9091250BD; Granted Authorities: 3, 3'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.util.FilterChainProxy - /admin/MyHomePageManager.do?MyHomePageManager.prepare at position 2 of 4 in additional filter chain; firing Filter: 'net.sf.acegisecurity.wrapper.ContextHolderAwareRe questFilter@275b35'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.util.FilterChainProxy - /admin/MyHomePageManager.do?MyHomePageManager.prepare at position 3 of 4 in additional filter chain; firing Filter: 'net.sf.acegisecurity.ui.rememberme.RememberMeProc essingFilter@7612a'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.ui.rememberme.RememberMeProce ssingFilter - ContextHolder not replaced with remember-me token, as ContextHolder already contained: 'net.sf.acegisecurity.providers.UsernamePasswordAu thenticationToken@809791: Username: net.sf.acegisecurity.providers.dao.User@5edcf5: Username: alex; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: 3, 3; Password: [PROTECTED]; Authenticated: false; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@1 33fe5d: RemoteIpAddress: 127.0.0.1; SessionId: 42B43C085B2AE55A647C7CB9091250BD; Granted Authorities: 3, 3'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.util.FilterChainProxy - /admin/MyHomePageManager.do?MyHomePageManager.prepare at position 4 of 4 in additional filter chain; firing Filter: 'net.sf.acegisecurity.intercept.web.SecurityEnforc ementFilter@7c3b99'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.web.PathBasedFilter InvocationDefinitionMap - Converted URL to lowercase, from: '/admin/myhomepagemanager.do?myhomepagemanager.prepare'; to: '/admin/myhomepagemanager.do?myhomepagemanager.prepare'
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.web.PathBasedFilter InvocationDefinitionMap - Candidate is: '/admin/myhomepagemanager.do?myhomepagemanager.prepare'; pattern is /app/*.do*; matched=false
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.web.PathBasedFilter InvocationDefinitionMap - Candidate is: '/admin/myhomepagemanager.do?myhomepagemanager.prepare'; pattern is /admin/*.do*; matched=true
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.AbstractSecurityInt erceptor - Secure object: FilterInvocation: URL: /admin/MyHomePageManager.do?MyHomePageManager.prepare; ConfigAttributes: [1, 2, 3]
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.providers.ProviderManager - Authentication attempt using net.sf.acegisecurity.providers.dao.DaoAuthenticati onProvider
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.providers.dao.cache.EhCacheBa sedUserCache - Cache hit: true; username: alex
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.AbstractSecurityInt erceptor - Authenticated: net.sf.acegisecurity.providers.UsernamePasswordAut henticationToken@1cfb8d3: Username: net.sf.acegisecurity.providers.dao.User@5edcf5: Username: alex; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: 3, 3; Password: [PROTECTED]; Authenticated: true; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@1 33fe5d: RemoteIpAddress: 127.0.0.1; SessionId: 42B43C085B2AE55A647C7CB9091250BD; Granted Authorities: 3, 3
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.AbstractSecurityInt erceptor - Authorization successful
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.intercept.AbstractSecurityInt erceptor - RunAsManager did not change Authentication object
18.05.05 20:18:23 [http8080-Processor25] DEBUG net.sf.acegisecurity.util.FilterChainProxy - /admin/MyHomePageManager.do?MyHomePageManager.prepare reached end of additional filter chain; proceeding with original chain
filters

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

many thanks !

[Ben Alex]

I cannot see your CanalAuthenticationProcessingFilter configuration or what it does. I presume it's based on AuthenticationProcessingFilter, whose superclass (AbstractProcessingFilter) has a property, rememberMeServices, that must be set to your TokenBasedRememberMeServices bean. Would you please double-check that. If problems remain, try switching to the stock-standard AuthenticationProcessingFilter or post your CanalAuthenticationProcessingFilter here so that I can take a look at what it's doing.

[lixin_chu]

Hi Ben,
thank you very much for your help. Yes, you are right, the problem is I did not specify the rememberServices for the authenticationProcessingFilter. - I also just realized that you have specifically mentioned this in the online doc in fact ! sorry.

I have one more question regarding remember me service. In my own authentionProcessingFilter, I have added some extra information into session upon sucessful login, I need to add the same info also after rememberMe authentication, how should I do this ?

Should I extend TokenBasedRememberMeServices and develop my own loginSuccess() or if there are other easier and better ways to do this ?

thanks again for your help, Acegi is great !

li xin