Why I keep getting "AuthenticationCredentialsNotFoundException"

[zhirenshao]

I've played with Acegi for a day but still can't get my first application running, keep getting AuthenticationCredentialsNotFoundException

Here's the output from my console

Code:

2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:73 - Detected PATTERN_TYPE_APACHE_ANT directive; using Apache Ant style path expressions
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:97 - Line 1: 
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:97 - Line 2: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:106 - Line 2: Instructing mapper to convert URLs to lowercase before comparison
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:97 - Line 3: PATTERN_TYPE_APACHE_ANT
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:97 - Line 4: /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
2006-May-22 15:21:59 DEBUG PathBasedFilterInvocationDefinitionMap:77 - Added Ant path: /**; attributes: [httpSessionContextIntegrationFilter, authenticationProcessingFilter, anonymousProcessingFilter, exceptionTranslationFilter, filterSecurityInterceptor]
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:97 - Line 5: 
2006-May-22 15:21:59  INFO UserMap:87 - Adding user [org.acegisecurity.userdetails.User@f43bd000: Username: ren; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER]
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:73 - Detected PATTERN_TYPE_APACHE_ANT directive; using Apache Ant style path expressions
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:97 - Line 1: 
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:97 - Line 2: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:106 - Line 2: Instructing mapper to convert URLs to lowercase before comparison
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:97 - Line 3: PATTERN_TYPE_APACHE_ANT
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:97 - Line 4: /login.jsp*=ROLE_ANONYMOUS,ROLE_USER
2006-May-22 15:21:59 DEBUG PathBasedFilterInvocationDefinitionMap:77 - Added Ant path: /login.jsp*; attributes: [ROLE_ANONYMOUS, ROLE_USER]
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:97 - Line 5: /**=ROLE_USER
2006-May-22 15:21:59 DEBUG PathBasedFilterInvocationDefinitionMap:77 - Added Ant path: /**; attributes: [ROLE_USER]
2006-May-22 15:21:59 DEBUG FilterInvocationDefinitionSourceEditor:97 - Line 6: 
2006-May-22 15:21:59  INFO AbstractSecurityInterceptor:271 - Validated configuration attributes
2006-May-22 15:21:59 DEBUG HttpSessionEventPublisher:75 - Received ServletContextEvent: javax.servlet.ServletContextEvent[source=org.apache.catalina.core.ApplicationContextFacade@10ab09f]
2006-May-22 15:21:59 DEBUG HttpSessionEventPublisher:118 - Using context: org.springframework.web.context.support.XmlWebApplicationContext: display name [Root WebApplicationContext]; startup date [Mon May 22 15:21:59 EST 2006]; root of context hierarchy; config locations [/WEB-INF/config/spring/acegi-security.xml]

2006-May-22 15:29:39 DEBUG PathBasedFilterInvocationDefinitionMap:113 - Converted URL to lowercase, from: '/login.jsp'; to: '/login.jsp'
2006-May-22 15:29:39 DEBUG PathBasedFilterInvocationDefinitionMap:126 - Candidate is: '/login.jsp'; pattern is /login.jsp*; matched=true
2006-May-22 15:29:39 DEBUG AbstractSecurityInterceptor:301 - Secure object: FilterInvocation: URL: /login.jsp?; ConfigAttributes: [ROLE_ANONYMOUS, ROLE_USER]
2006-May-22 15:29:39 ERROR [jsp]:260 - Servlet.service() for servlet jsp threw exception
org.acegisecurity.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
	at org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:414)
	at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:308)
	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:113)
	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:79)
	at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
	at

I keep getting the same exception.

Here's my web.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
	<display-name>Auscript Version 3</display-name>
	
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/config/spring/acegi-security.xml
		</param-value>
	</context-param>
	
	
	
	<filter>
		<filter-name>Acegi HTTP Request Security Filter</filter-name>
		<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
		<init-param>
			<param-name>targetClass</param-name>
			<param-value>org.acegisecurity.intercept.web.FilterSecurityInterceptor</param-value>
		</init-param>
	</filter>

	<filter-mapping>
		<filter-name>Acegi HTTP Request Security Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	
	<listener>
        <listener-class>org.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class>
    </listener>

My acegi-security.xml looks like

Code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>
	<bean id="filterChainProxy"
        class="org.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
            </value>
        </property>
    </bean>
    
    <bean id="httpSessionContextIntegrationFilter"
        class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />

    <bean id="authenticationProcessingFilter"
        class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager">
            <ref local="authenticationManager"/>
        </property>

        <property name="defaultTargetUrl">
            <value>/</value>
        </property>
		
        <property name="filterProcessesUrl">
            <value>/j_acegi_security_check</value>
        </property>

        <property name="authenticationFailureUrl">
            <value>/login.jsp?login_error=1</value>
        </property>
    </bean>

    <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
      <property name="key"><value>foobar</value></property>
		<property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
   </bean>
    
    <bean id="exceptionTranslationFilter"
        class="org.acegisecurity.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint">
            <ref local="authenticationEntryPoint" />
        </property>
    </bean>
    
    
    
    


	<bean id="authenticationEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
		<property name="loginFormUrl"><value>/login.jsp</value></property>
		<property name="forceHttps"><value>false</value></property>
	</bean>
      
	<bean id="filterSecurityInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
		<property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>
		<property name="objectDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/login.jsp*=ROLE_ANONYMOUS,ROLE_USER
				/**=ROLE_USER
			</value>
		</property>
	</bean>
	
	
	<!-- ======================== AUTHENTICATION ======================= -->
	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref local="daoAuthenticationProvider"/>
			</list>
		</property>
	</bean>
	
	<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
		<property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property>
	</bean>
	
	<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
		<property name="userMap">
			<value>
				ren=ren,ROLE_USER
			</value>
		</property>
	</bean>
   
   
   
   
   <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
      <property name="allowIfAllAbstainDecisions"><value>false</value></property>
      <property name="decisionVoters">
         <list>
            <ref bean="roleVoter"/>
         </list>
      </property>
   </bean>
   
   <!-- An access decision voter that reads ROLE_* configuration settings -->
   <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>
   
   
</beans>

[Andreas Senft]

I would say the "targetClass" property of your filter definition should refer to "org.acegisecurity.util.FilterChainProxy" instead of FilterSecurityInterceptor.

Regards,
Andreas

[zhirenshao]

Thanks, that was a stupid error, just couldn't see it my self, thanks for helping