Results 1 to 6 of 6

Thread: ContextHolder invalid: 'null' in WLS 8.1 SP4

  1. Jun 15th, 2005, 11:04 PM #1
    qmv_05
    qmv_05 is offline Junior Member
    Join Date
    Jun 2005
    Posts
    4

    Default ContextHolder invalid: 'null' in WLS 8.1 SP4

    Hi,

    Using Acegi 0.8.0, Spring 1.1.5, BEA WLS 8.1 SP4 in my project. My scenario look like (used basic authenticate): the first time user visit web site, dialog display to ask user/password. When user click logout, my app must reset session,... in order that when user click login again, he must present user/password.

    - My web.xml (fragment):

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/acegi.xml</param-value>
    </context-param>

    <filter>
    <filter-name>Acegi ContextHolder aware request Filter</filter-name>
    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
    <param-name>targetClass</param-name>
    <param-value>net.sf.acegisecurity.wrapper.ContextHolderAw areRequestFilter</param-value>
    </init-param>
    </filter>
    <filter>
    <filter-name>Acegi Filter Chain Proxy</filter-name>
    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
    <param-name>targetClass</param-name>
    <param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value>
    </init-param>
    </filter>

    <filter-mapping>
    <filter-name>Acegi Filter Chain Proxy</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
    <filter-name>Acegi ContextHolder aware request Filter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
    <listener-class>
    org.springframework.web.context.ContextLoaderListe ner
    </listener-class>
    </listener>

    - And here is the whole Acegi's configuration XML:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

    <beans>
    <bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy" >
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=httpSessionContextIntegrationFilter,basicAuthen ticationFilter,securityEnforcementFilter
    </value>
    </property>
    </bean>

    <bean id="authenticationDAO" class="net.sf.acegisecurity.providers.dao.memory.I nMemoryDaoImpl">
    <property name="userMap">
    <value>
    mmessori=mme,ROLE_INTEGRATEUR_FACTURES
    lchapuis=lch,ROLE_INTEGRATEUR_FACTURES
    </value>
    </property>
    </bean>

    <!-- Manage authentication process -->
    <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderMana ger">
    <property name="providers">
    <list>
    <ref bean="authenticationProvider"/>
    </list>
    </property>
    </bean>
    <bean id="authenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthe nticationProvider">
    <property name="authenticationDao"><ref bean="authenticationDAO"/></property>
    </bean>

    <!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
    <bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.Lo ggerListener"/>

    <bean id="basicAuthenticationFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProc essingFilter">
    <property name="authenticationManager"><ref bean="authenticationManager"/></property>
    <property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
    </bean>

    <!-- Needed by Acegi to put SecureContext to HTTP session -->
    <bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionCon textIntegrationFilter">
    <property name="context"><value>net.sf.acegisecurity.context .security.SecureContextImpl</value></property>
    </bean>

    <!-- Allow the use of getRemoteUser(), getUserPrincipal(), etc on request for Acegi -->
    <bean id="contextHolderAwareRequestFilter" class="net.sf.acegisecurity.wrapper.ContextHolderA wareRequestFilter"/>

    <bean id="basicProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProc essingFilterEntryPoint">
    <!-- Page to be called when unauthenticated user requests a secured page -->
    <property name="realmName"><value>default</value></property>
    </bean>


    <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSe curityInterceptor">
    <property name="authenticationManager"><ref bean="authenticationManager"/></property>
    <property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>
    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=ROLE_INTEGRATEUR_FACTURES
    </value>
    </property>
    </bean>

    <!-- An access decision voter that reads ROLE_* configuration settings -->
    <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>


    <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.Security EnforcementFilter">
    <property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property>
    <property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
    </bean>

    <bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased" >
    <property name="allowIfAllAbstainDecisions"><value>false</value></property>
    <property name="decisionVoters">
    <list> <ref bean="roleVoter"/> </list>
    </property>
    </bean>

    <bean id="channelProcessingFilter" class="net.sf.acegisecurity.securechannel.ChannelP rocessingFilter">
    <property name="channelDecisionManager"><ref bean="channelDecisionManager"/></property>
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    \A/.*login.*\Z=REQUIRES_SECURE_CHANNEL
    \A/.*j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANN EL
    \A.*\Z=REQUIRES_INSECURE_CHANNEL
    </value>
    </property>
    </bean>

    <bean id="channelDecisionManager" class="net.sf.acegisecurity.securechannel.ChannelD ecisionManagerImpl">
    <property name="channelProcessors">
    <list>
    <ref bean="secureChannelProcessor"/>
    <ref bean="insecureChannelProcessor"/>
    </list>
    </property>
    </bean>

    <bean id="secureChannelProcessor" class="net.sf.acegisecurity.securechannel.SecureCh annelProcessor"/>
    <bean id="insecureChannelProcessor" class="net.sf.acegisecurity.securechannel.Insecure ChannelProcessor"/>

    </beans>

    User click logoff, one method in controller will be called to handle that request, the code in that method like:
    - remove all session attributes
    - remove SecureContext: ContextHolder.setContext(null);
    - Invalidate session

    But an exception is thrown when ContextHolder.setContext(null) is executed.
    Exception:
    java.lang.IllegalStateException: ContextHolder invalid: 'null': are your filters ordered correctly? HttpSessionContextIntegrationFilter should have already executed by this time (look for it in the stack dump below)
    at net.sf.acegisecurity.context.security.SecureContex tUtils.getSecureCon
    text(SecureContextUtils.java:38)
    at net.sf.acegisecurity.ui.basicauth.BasicProcessingF ilter.doFilter(Basi
    cProcessingFilter.java:185)
    at net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilte
    r(FilterChainProxy.java:311)
    at net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter.doFi
    lter(HttpSessionContextIntegrationFilter.java:152)
    at net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilte
    r(FilterChainProxy.java:311)
    ....

    So did i miss something in configure/code?

    Thank you very much.
    QMV
  2. Jun 24th, 2005, 10:48 PM #2
    Ben Alex
    Ben Alex is offline Senior Member Spring Team
    Join Date
    Aug 2004
    Location
    Sydney, Australia
    Posts
    2,768

    Default

    There was a bug in 0.8.0 to do with logout handling. Please try 0.8.2 and re-post if you have further issues.
  3. Jun 26th, 2005, 09:28 PM #3
    qmv_05
    qmv_05 is offline Junior Member
    Join Date
    Jun 2005
    Posts
    4

    Default

    Hi,
    I tried with Acegi 0.8.2 and Spring 1.2.1, but the problem still happen.
    I repost the exception stack trace:
    java.lang.IllegalStateException: ContextHolder invalid: 'null': are your filters
    ordered correctly? HttpSessionContextIntegrationFilter should have already executed by this time (look for it in the stack dump below)
    at net.sf.acegisecurity.context.security.SecureContex tUtils.getSecureContext(SecureContextUtils.java:38 )
    at net.sf.acegisecurity.ui.basicauth.BasicProcessingF ilter.doFilter(BasicProcessingFilter.java:179)
    at net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:303)
    at net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter.doFilter(HttpSessionContextIntegrat ionFilter.java:152)
    at net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:303)
    at net.sf.acegisecurity.util.FilterChainProxy.doFilte r(FilterChainProxy.java:173)
    at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er(FilterToBeanProxy.java:125)
    at weblogic.servlet.internal.FilterChainImpl.doFilter (FilterChainImpl.java:27)
    at net.sf.acegisecurity.wrapper.ContextHolderAwareReq uestFilter.doFilter(ContextHolderAwareRequestFilte r.java:50)
    at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er(FilterToBeanProxy.java:125)
    at weblogic.servlet.internal.FilterChainImpl.doFilter (FilterChainImpl.java:27)
    at weblogic.servlet.internal.RequestDispatcherImpl.fo rward(RequestDispatcherImpl.java:326)
    at weblogic.servlet.internal.ForwardAction.run(Forwar dAction.java:23)
    at weblogic.security.acl.internal.AuthenticatedSubjec t.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(Se curityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.han dleException(WebAppServletContext.java:4009)
    at weblogic.servlet.internal.WebAppServletContext.han dleThrowableFromInvocation(WebAppServletContext.ja va:3834)
    at weblogic.servlet.internal.WebAppServletContext.inv okeServlet(WebAppServletContext.java:3780)
    at weblogic.servlet.internal.ServletRequestImpl.execu te(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThrea d.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.ja va:178)

    Thanks
    Minh
  4. Jun 26th, 2005, 10:46 PM #4
    Ben Alex
    Ben Alex is offline Senior Member Spring Team
    Join Date
    Aug 2004
    Location
    Sydney, Australia
    Posts
    2,768

    Default Re: ContextHolder invalid: 'null' in WLS 8.1 SP4

    Quote Originally Posted by qmv_05
    User click logoff, one method in controller will be called to handle that request, the code in that method like:
    - remove all session attributes
    - remove SecureContext: ContextHolder.setContext(null);
    - Invalidate session
    All you need to do in order to achieve a logout is:

    Code:
    ContextHolder.setContext&#40;new SecureContextImpl&#40;&#41;&#41;;
    From 0.9.0/CVS:

    Code:
    SecurityContextHolder.setContext&#40;new SecurityContextImpl&#40;&#41;&#41;;
    Or, just do a:

    Code:
    httpSession.invalidate&#40;&#41;;
  5. Jun 26th, 2005, 11:28 PM #5
    qmv_05
    qmv_05 is offline Junior Member
    Join Date
    Jun 2005
    Posts
    4

    Default

    Hi,

    Code:
    ContextHolder.setContext&#40;new SecureContextImpl&#40;&#41;&#41;;
    or
    Code:
    httpRequest.getSession&#40;false&#41;.invalidate&#40;&#41;;
    ---> it's works now. .

    One more question:
    With BASIC Authentication, after logoff and user click login again (without close the current IE) --> the dialog for enter user name/password is not display, so I think we can not force the IE to forget the username/password. Is it correct? If so, do you have any idea to overcome that problem (logoff, login without close IE and the user must present username/password again)?

    Thank you in advance
  6. Jun 27th, 2005, 05:40 AM #6
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    Hi,

    Short of closing the browser, I don't think there's anything you can do about this. Not in a browser-independent fashion anyway.

    Luke.
« Previous Thread | Next Thread »

Similar Threads

  1. Null pointer exception in JdkDynamicAopProxy
    By alesj in forum AOP
    Replies: 2
    Last Post: Oct 17th, 2005, 08:41 PM
  2. Problem: SecureContextImpl reused in subsequent session
    By jgraves in forum Security
    Replies: 2
    Last Post: Oct 13th, 2005, 02:47 PM
  3. is there mssql server database scripts for jpetstore?
    By nxliu in forum Data
    Replies: 4
    Last Post: Sep 27th, 2005, 11:31 PM
  4. Why are new sessions created with OpenSessionInViewFilter?
    By iksrazal in forum Data
    Replies: 3
    Last Post: May 16th, 2005, 07:04 AM
  5. Strange Data Access Error
    By webifyit in forum Data
    Replies: 2
    Last Post: Dec 28th, 2004, 11:06 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules