Authentication credentials were not found in the SecurityContext

**skydivebr** · May 1st, 2006, 04:50 PM

I am fairly new to the Acegi Security framework and am having a little difficulty to configure it in my enviroment.

I'm currently using JDK 1.5, Tomcat 5.5, Spring 1.2.7 and Acegi 0.9.

After Tomcat starts up, I try to login in application using Basic Authentication, but not works.

My web.xml:

Code:

<?xml version="1.0" encoding="UTF-8"?>

<web-app  xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
   <distributable/>

  <!--  ACEGI FILTERS -->
<filter>
    <filter-name>Acegi Authentication Processing Filter</filter-name>
    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
        <param-name>targetClass</param-name>
        <param-value>net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter</param-value>
    </init-param>
</filter>

<filter>
    <filter-name>Acegi-Integration</filter-name>
    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
        <param-name>targetClass</param-name>
        <param-value>net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter</param-value>
    </init-param>
</filter>

<filter>
    <filter-name>Acegi HTTP Request Security Filter</filter-name>
    <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
        <param-name>targetClass</param-name>
        <param-value>net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter</param-value>
    </init-param>
</filter>


  <!--  ACEGI FILTER MAPPINGS -->
<filter-mapping>
    <filter-name>Acegi Authentication Processing Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>Acegi-Integration</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>Acegi HTTP Request Security Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

    <context-param>
	<param-name>contextConfigLocation</param-name>
	<param-value>/WEB-INF/PMTimeSheet-servlet.xml</param-value>
  </context-param>

  <listener>
	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>

 <!--  DISPATCHER CONFIGURATION -->
<servlet>
    <servlet-name>action</servlet-name>
    <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
    <init-param>
        <param-name>config</param-name>
        <param-value>/WEB-INF/struts-config.xml</param-value>
    </init-param>
    <init-param>
        <param-name>convertNull</param-name>
        <param-value>true</param-value>
    </init-param>
    <load-on-startup>2</load-on-startup>
</servlet>

  <!-- MAPPING CONFIGURATIONS -->
<servlet-mapping>
    <servlet-name>action</servlet-name>
    <url-pattern>*.do</url-pattern>
</servlet-mapping>

   <!--
   To specify mime mappings, create a file named mime-mappings.xml, put it in your project's mergedir.
   Organize mime-mappings.xml following this DTD slice:

   <!ELEMENT mime-mapping (extension, mime-type)>
   -->

   <welcome-file-list>
	<welcome-file>index.jsp</welcome-file>
</welcome-file-list>

   <!--
   To specify error pages, create a file named error-pages.xml, put it in your project's mergedir.
   Organize error-pages.xml following this DTD slice:

   <!ELEMENT error-page ((error-code | exception-type), location)>
   -->

  <!--
  To add taglibs by xml, create a file called taglibs.xml and place it
  in your merge dir.
  -->

   <!--
   To set up security settings for your web app, create a file named web-security.xml, put it in your project's mergedir.
   Organize web-security.xml following this DTD slice:

   <!ELEMENT security-constraint (display-name?, web-resource-collection+, auth-constraint?, user-data-constraint?)>
   <!ELEMENT web-resource-collection (web-resource-name, description?, url-pattern*, http-method*)>
   <!ELEMENT web-resource-name (#PCDATA)>
   <!ELEMENT url-pattern (#PCDATA)>
   <!ELEMENT http-method (#PCDATA)>
   <!ELEMENT user-data-constraint (description?, transport-guarantee)>
   <!ELEMENT transport-guarantee (#PCDATA)>

   <!ELEMENT login-config (auth-method?, realm-name?, form-login-config?)>
   <!ELEMENT auth-method (#PCDATA)>
   <!ELEMENT realm-name (#PCDATA)>
   <!ELEMENT form-login-config (form-login-page, form-error-page)>
   <!ELEMENT form-login-page (#PCDATA)>
   <!ELEMENT form-error-page (#PCDATA)>
   -->

</web-app>

Any feedback on this issue is appreciated.

Thanks,
Luciano Nunes

ps.: Sorry by my bad English.

**skydivebr** · May 1st, 2006, 04:50 PM

My Spring configuration file:

Code:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE beans PUBLIC
    "-//SPRING//DTD BEAN//EN"
    "http://www.springframework.org/dtd/spring-beans.dtd">

<beans
  default-autowire="no"
  default-lazy-init="false"
  default-dependency-check="none"
>

  <bean
      id="tipoTelefoneDAO"
      class="br.com.projetomaior.dao.TipoTelefoneDAOHibernateImpl"
  >

    <property name="sessionFactory">
      <ref bean="sessionFactory"/>
    </property>
  </bean>

  <bean
      id="clienteDAO"
      class="br.com.projetomaior.dao.ClienteDAOHibernateImpl"
  >

    <property name="sessionFactory">
      <ref bean="sessionFactory"/>
    </property>
  </bean>

  <bean
      id="socioService"
      class="br.com.projetomaior.service.SocioServiceImpl"
  >

    <property name="socioDAO">
      <ref bean="socioDAO"/>
    </property>
  </bean>

  <bean
      id="recursoDAO"
      class="br.com.projetomaior.dao.RecursoDAOHibernateImpl"
  >

    <property name="sessionFactory">
      <ref bean="sessionFactory"/>
    </property>
  </bean>

  <bean
      id="socioDAO"
      class="br.com.projetomaior.dao.SocioDAOHibernateImpl"
  >

    <property name="sessionFactory">
      <ref bean="sessionFactory"/>
    </property>
  </bean>

  <bean
      id="tipoContratoRecursoDAO"
      class="br.com.projetomaior.dao.TipoContratoRecursoDAOHibernateImpl"
  >

    <property name="sessionFactory">
      <ref bean="sessionFactory"/>
    </property>
  </bean>

  <bean
      id="tipoContratoRecursoService"
      class="br.com.projetomaior.service.TipoContratoRecursoServiceImpl"
  >

    <property name="tipoContratoRecursoDAO">
      <ref bean="tipoContratoRecursoDAO"/>
    </property>
  </bean>

  <bean
      id="clienteService"
      class="br.com.projetomaior.service.ClienteServiceImpl"
  >

    <property name="clienteDAO">
      <ref bean="clienteDAO"/>
    </property>
  </bean>

  <bean
      id="projetoDAO"
      class="br.com.projetomaior.dao.ProjetoDAOHibernateImpl"
  >

    <property name="sessionFactory">
      <ref bean="sessionFactory"/>
    </property>
  </bean>

  <bean
      id="empresaDAO"
      class="br.com.projetomaior.dao.EmpresaDAOHibernateImpl"
  >

    <property name="sessionFactory">
      <ref bean="sessionFactory"/>
    </property>
  </bean>

  <bean
      id="tipoTelefoneService"
      class="br.com.projetomaior.service.TipoTelefoneServiceImpl"
  >

    <property name="tipoTelefoneDAO">
      <ref bean="tipoTelefoneDAO"/>
    </property>
  </bean>

  <bean
      id="projetoService"
      class="br.com.projetomaior.service.ProjetoServiceImpl"
  >

    <property name="projetoDAO">
      <ref bean="projetoDAO"/>
    </property>
  </bean>

  <bean
      id="recursoService"
      class="br.com.projetomaior.service.RecursoServiceImpl"
  >

    <property name="recursoDAO">
      <ref bean="recursoDAO"/>
    </property>
  </bean>

  <bean
      id="empresaService"
      class="br.com.projetomaior.service.EmpresaServiceImpl"
  >

    <property name="empresaDAO">
      <ref bean="empresaDAO"/>
    </property>
  </bean>

<!--  DATA CONFIGURATION -->
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="url">
        <value>jdbc:postgresql://127.0.0.1:5432/PMTimeSheet</value>
    </property>
    <property name="driverClassName">
        <value>org.postgresql.Driver</value>
    </property>
    <property name="username">
        <value>pm</value>
    </property>
    <property name="password">
        <value>pm</value>
    </property>
</bean>

<bean id="sessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
    <property name="dataSource">
        <ref bean="dataSource" />
    </property>
    <property name="mappingDirectoryLocations">
        <list>
            <value>classpath:/br/com/projetomaior/model/mapping</value>
        </list>
    </property>
    <property name="hibernateProperties">
        <props>
            <prop key="hibernate.dialect">org.hibernate.dialect.PostgreSQLDialect</prop>
            <prop key="hibernate.show_sql">true</prop>
        </props>
    </property>
</bean>

<bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager">
    <property name="sessionFactory">
        <ref bean="sessionFactory" />
    </property>
</bean>

<!-- SECURITY FILTERS -->
<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
    <property name="filterSecurityInterceptor">
        <ref bean="filterInvocationInterceptor" />
    </property>
    <property name="authenticationEntryPoint">
        <ref bean="authenticationEntryPoint" />
    </property>
</bean>

<!--  AUTHENTICATION -->
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
    <property name="providers">
        <list>
            <ref bean="daoAuthenticationProvider" />
        </list>
    </property>
</bean>

<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
    <property name="authenticationDao">
        <ref bean="authenticationDao" />
    </property>
</bean>

<bean id="authenticationDao" class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
    <property name="dataSource">
        <ref bean="dataSource" />
    </property>
</bean>

<!-- ACCESS CONTROL -->
<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
    <property name="allowIfAllAbstainDecisions">
        <value>false</value>
    </property>
    <property name="decisionVoters">
        <list>
            <ref bean="roleVoter" />
        </list>
    </property>
</bean>

<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter" />

<!-- SECURITY INTERCEPTOR -->
<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
    <property name="authenticationManager">
        <ref bean="authenticationManager" />
    </property>
    <property name="accessDecisionManager">
        <ref bean="accessDecisionManager" />
    </property>

    <property name="objectDefinitionSource">
        <value>
            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 
            PATTERN_TYPE_APACHE_ANT 
            /**=ROLE_ADMIN
        </value>
    </property>
</bean>

<!-- BASIC AUTHENTICATION -->
<bean id="authenticationEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
    <property name="realmName">
        <value>Spring Training</value>
    </property>
</bean>

<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
    <property name="authenticationManager">
        <ref bean="authenticationManager" />
    </property>
    <property name="authenticationEntryPoint">
        <ref bean="authenticationEntryPoint" />
    </property>
</bean>

<bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter" />

</beans>

**skydivebr** · May 1st, 2006, 04:51 PM

Then, if I to cancel login, the following message of error appears in log:

Code:

[DEBUG] 18:45:02 BasicProcessingFilter - Authorization header: Basic bG51bmVzOmxudW5lcw==
[DEBUG] 18:45:02 ProviderManager - Authentication attempt using net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider
[DEBUG] 18:45:02 BasicProcessingFilter - Authentication success: net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@8140ed: Username: net.sf.acegisecurity.providers.dao.User@1cd8bf7: Username: lnunes; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@1a0353d: RemoteIpAddress: 127.0.0.1; SessionId: 86FB2F2537FA096B97D6DAAEDB927C1B; Granted Authorities: ROLE_ADMIN
[DEBUG] 18:45:02 HttpSessionContextIntegrationFilter - HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder
[DEBUG] 18:45:02 PathBasedFilterInvocationDefinitionMap - Converted URL to lowercase, from: '/index.jsp?'; to: '/index.jsp?'
[DEBUG] 18:45:02 PathBasedFilterInvocationDefinitionMap - Candidate is: '/index.jsp?'; pattern is /**; matched=true
[DEBUG] 18:45:02 AbstractSecurityInterceptor - Secure object: FilterInvocation: URL: /index.jsp?; ConfigAttributes: [ROLE_ADMIN]
[DEBUG] 18:45:02 SecurityEnforcementFilter - Authentication exception occurred; redirecting to authentication entry point
net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: Authentication credentials were not found in the SecurityContext
	at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:478)
	at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:377)
	at net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:105)
	at net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter(SecurityEnforcementFilter.java:197)
	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:220)
	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:214)
	at net.sf.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
	at java.lang.Thread.run(Thread.java:595)
[DEBUG] 18:45:02 SecurityEnforcementFilter - Authentication entry point being called; target URL added to Session: http://localhost:8080/PMTimeSheet/index.jsp?
[DEBUG] 18:45:02 HttpSessionContextIntegrationFilter - SecurityContextHolder set to new context, as request processing completed

**tvaughan77** · May 2nd, 2006, 08:17 AM

In your error log, this line here doesn't look good:

Code:

[DEBUG] 18:45:02 HttpSessionContextIntegrationFilter - HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder

I'm no Acegi expert, but it appears as though your HttpSessionContextIntegrationFilter isn't seeing any Authentication object within the SecurityContext. The SecurityContext should be updated with the valid Authentication object you create, so maybe this is an issue with the order and/or threaded behavior of the filters you've defined.

One thing I noticed is that you defined a bunch of filters in your web.xml. I don't think that's the preferred/recommended way of applying Acegi to a web application.

Instead, define a single filter in your web.xml like this:

Code:

   <filter>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
            <param-name>targetClass</param-name>
            <param-value>org.acegisecurity.util.FilterChainProxy</param-value>
        </init-param>
   </filter>

And then add all the filters to the FilterChainProxy defined in your application-context.xml. And make sure the httpSessionContextIntegrationFilter is the first one!

For example:

Code:

	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
      <property name="filterInvocationDefinitionSource">
         <value>
		    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
		    PATTERN_TYPE_APACHE_ANT
            /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
         </value>
      </property>
    </bean>

Thread: Authentication credentials were not found in the SecurityContext

Thread Tools

Display

Authentication credentials were not found in the SecurityContext

This doesn't look good...

Posting Permissions