Using MethodSecurityInterceptor inside HttpSessionListener
Hi all,
We have MethodSecurityInterceptor working fine elsewhere, but have problems in our HttpSessionListener. When the session expires and before HttpSessionListener is invoked by the container, we are seeing this event in the acegi debug logs:
Then our HttpSessionListener is invoked. The next line in the acegi logs is:Code:2005-09-29 08:46:48,477 [net.sf.acegisecurity.ui.session.HttpSessionEventPublisher] - Publishing event: net.sf.acegisecurity.ui.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@1dea382]
We have a bean activityService, that we want to use inside our HttpSessionListener to do cleanup work. It has the findReservedActivitiesToUser shown in the logs. We also use this bean elsewhere, and there it works as expected. In our HttpSessionListener, however, after the event above, we execute our methods in activityService and get:Code:2005-09-29 08:46:48,498 [net.sf.acegisecurity.intercept.AbstractSecurityInterceptor] - Secure object: invocation: method 'findReservedActivitiesToUser', arguments [10, null]; target is of class [com.siemens.swa.service.ActivityServiceImpl]; ConfigAttributes: [ROLE_NETWORK]
Our config is:Code:Authentication credentials were not found in the SecurityContext
Please help,Code:<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <beans> <!-- ======================== FILTER CHAIN ======================= --> <!-- if you wish to use channel security, add "channelProcessingFilter," in front of "httpSessionContextIntegrationFilter" in the list below --> <!-- Only filter URL's with *login* Struts actions: httpSessionContextIntegrationFilter allows authentication/authorization info stored in HttpSession authenticationProcessingFilter forces authentication against db --> <bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON \A/.*login.*do.*\Z=httpSessionContextIntegrationFilter,authenticationProcessingFilter,contextHolderAwareRequestFilter </value> </property> </bean> <!-- ======================== AUTHENTICATION ======================= --> <!-- Authenticate via SWA DAO --> <bean id="passwordAuthenticationDao" class="com.siemens.swa.dao.AcegiDAOImpl"> <property name="sessionFactory"><ref bean="mySessionFactory"/></property> </bean> <!-- Simple Username/Password authentication --> <bean id="authenticationProvider" class="net.sf.acegisecurity.providers.dao.PasswordDaoAuthenticationProvider"> <property name="passwordAuthenticationDao"> <ref local="passwordAuthenticationDao"/> </property> </bean> <!-- Control access/authorization via Acegi class, stored in HTTP Session --> <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="authenticationProvider"/> </list> </property> <property name="sessionController"><ref bean="concurrentSessionController"/></property> </bean> <!-- Prevent same login name being used by multiple users --> <bean id="concurrentSessionController" class="net.sf.acegisecurity.providers.ConcurrentSessionControllerImpl"> <property name="maxSessions"><value>1</value></property> </bean> <!-- ======================[ AUTHORIZATION ]======================= --> <!-- An access decision voter that reads ROLE_* configuration settings --> <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/> <bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased"> <property name="decisionVoters"> <list> <ref bean="roleVoter" /> </list> </property> </bean> <!-- Control authorization via Roles to appointmentSchedulerService --> <bean id="appointmentSchedulerServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.AppointmentSchedulerService.*=ROLE_ACTIVITY </value> </property> </bean> <!-- Control authorization via Roles to microAreaService --> <bean id="microAreaServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.MicroAreaService.find*=ROLE_EVERYONE com.siemens.swa.service.MicroAreaService.*=ROLE_ADMIN </value> </property> </bean> <!-- Control authorization via Roles to profileService --> <bean id="profileServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.ProfileService.*=ROLE_ADMIN </value> </property> </bean> <!-- Control authorization via Roles to technDayWorkHoursService --> <bean id="technDayWorkHoursServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.TechnDayWorkHoursService.*=ROLE_ADMIN </value> </property> </bean> <!-- Control authorization via Roles to userService --> <bean id="userServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.UserService.update*=ROLE_ADMIN com.siemens.swa.service.UserService.create*=ROLE_ADMIN com.siemens.swa.service.UserService.remove*=ROLE_ADMIN </value> </property> </bean> <!-- Control authorization via Roles to questionnarieService --> <bean id="questionnarieServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> <!-- com.siemens.swa.service.QuestionnarieService.*=ROLE_EVERYONE --> </value> </property> </bean> <!-- Control authorization via Roles to holidayService --> <bean id="holidayServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.HolidayService.*=ROLE_ADMIN </value> </property> </bean> <!-- Control authorization via Roles to stationService --> <bean id="stationServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.StationService.find*=ROLE_ACTIVITY,ROLE_NETWORK com.siemens.swa.service.StationService.create*=ROLE_ADMIN com.siemens.swa.service.StationService.update*=ROLE_ADMIN com.siemens.swa.service.StationService.removeStation=ROLE_ADMIN </value> </property> </bean> <!-- Control authorization via Roles to equipmentService --> <bean id="equipmentServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.EquipmentService.create*=ROLE_ADMIN com.siemens.swa.service.EquipmentService.update*=ROLE_ADMIN com.siemens.swa.service.EquipmentService.remove*=ROLE_ADMIN </value> </property> </bean> <!-- Control authorization via Roles to activityService --> <bean id="activityServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.ActivityService.*=ROLE_ACTIVITY com.siemens.swa.service.ActivityService.find*=ROLE_NETWORK <!-- com.siemens.swa.service.ActivityService.findReservedActivitiesToUser*=ROLE_EVERYONE --> com.siemens.swa.service.ActivityService.createManualActivity=ROLE_NETWORK <!-- Ação Registrar atividades para um elemento de rede --> </value> </property> </bean> <!-- Control authorization via Roles to preventiveActivityService --> <bean id="preventiveActivityServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.PreventiveActivityService.*=ROLE_ACTIVITY </value> </property> </bean> <!-- Control authorization via Roles to techniqueAreaService --> <bean id="techniqueAreaServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.TechniqueAreaService.*=ROLE_EVERYONE </value> </property> </bean> <!-- Control authorization via Roles to displacementService --> <bean id="displacementServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.DisplacementService.*=ROLE_ACTIVITY </value> </property> </bean> <!-- Control authorization via Roles to netElementService --> <bean id="netElementServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.NetElementService.*=ROLE_NETWORK </value> </property> </bean> <!-- Control authorization via Roles to reportService --> <bean id="reportServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.ReportService.*=ROLE_REPORT </value> </property> </bean> <!-- Control authorization via Roles to localService --> <bean id="localServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> com.siemens.swa.service.ReportService.*=ROLE_EVERYONE </value> </property> </bean> <!-- ===================== HTTP REQUEST SECURITY ==================== --> <!-- Allow SWA application to access Roles and other info via HttpServletRequest See MenuTag for an example --> <bean id="contextHolderAwareRequestFilter" class="net.sf.acegisecurity.wrapper.ContextHolderAwareRequestFilter"/> <!-- Bean definition forcing login on REGEX filters --> <bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter"> </bean> <!-- Define login key/value pair capture, pre/post filter tasks, error page, etc --> <bean id="authenticationProcessingFilter" class="com.siemens.swa.session.SWAAuthenticationProcessingFilter"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/loginPage.do?login_error=1</value></property> <property name="defaultTargetUrl"><value>/</value></property> <property name="filterProcessesUrl"><value>/login.do</value></property> </bean> </beans>
iksrazal
