Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Why granted authorities = null, null after server restart

  1. Jun 3rd, 2006, 08:40 AM #1
    cristis1
    cristis1 is offline Member
    Join Date
    Jan 2006
    Location
    Bucharest, Romania
    Posts
    44

    Default Why granted authorities = null, null after server restart

    Hello,

    I am having a problem using the ACEGI security system. When I start the server and access a protected resource, I am correctly redirected to the login page, and then to the required resource (provided I enter the correct username/password). (the first bloc of log).

    If I restart the server, and try to acces a secured resource, I get a 403 error.
    After looking through the code, I understand that somehow acegi finds the user logged in (so it does not redirect to the login page), but its authorities are set to null, null, so it can't serve the requested resource. I imagine that the user is retreive somehow from the server's persistent storage, but with no authority. (the second bloc of log).

    Could you please help me with this issue?

    Thank you in advance,
    Cristian.

    Code:
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(113) | Converted URL to lowercase, from: '/index2.jspm'; to: '/index2.jspm'
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /**; matched=true
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 1 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextIntegrationFilter@1a271f5'
[gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(195) | HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 2 of 6 in additional filter chain; firing Filter: 'ro.crispico.util.acegi.CustomAuthenticationProcessingFilter@19adc2c'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 3 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter@1ed00d1'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 4 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.rememberme.RememberMeProcessingFilter@94fe42'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 5 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@1c0cb76'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 6 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@6dd8e1'
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /userList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /driverList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editDriver.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /updateDrivers.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /vehicleList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editVehicle.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /addressList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editAddress.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /flightList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editFlight.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /containerList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editContainer.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editFlightContainers.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editParking.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editProfile.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editUser.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /unitSelect.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /**/*.jspm*; matched=true
[gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(301) | Secure object: FilterInvocation: URL: /index2.jspm; ConfigAttributes: [admin, user, tech]
[gioppi] DEBUG ExceptionTranslationFilter.doFilter(150) | Authentication exception occurred; redirecting to authentication entry point
org.acegisecurity.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
	at org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:414)
	at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:308)
	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:113)
	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:79)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:143)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:165)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:50)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:246)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:220)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at ro.crispico.gioppi.web.filter.MessageFilter.doFilter(MessageFilter.java:40)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868)
	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663)
	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
	at java.lang.Thread.run(Thread.java:595)
[gioppi] DEBUG ExceptionTranslationFilter.sendStartAuthentication(255) | Authentication entry point being called; target URL added to Session: http://localhost:8080/gioppi/index2.jspm
[gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: ACEGI_SECURITY_TARGET_URL
[gioppi] DEBUG AuthenticationProcessingFilterEntryPoint.commence(131) | Redirecting to: http://localhost:8080/gioppi/login.jspx
[gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(285) | SecurityContextHolder set to new context, as request processing completed
[gioppi] INFO ExpressionEvaluationUtils.<clinit>(66) | Using JSP 2.0 ExpressionEvaluator
  2. Jun 3rd, 2006, 08:41 AM #2
    cristis1
    cristis1 is offline Member
    Join Date
    Jan 2006
    Location
    Bucharest, Romania
    Posts
    44

    Default

    Code:
    DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(113) | Converted URL to lowercase, from: '/missionlist.jspm'; to: '/missionlist.jspm'
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionlist.jspm'; pattern is /**; matched=true
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 1 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextIntegrationFilter@fe30af'
[gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(177) | Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@0: Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@0: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 451F89C5E64E4D0D0F1E845B9DAC4E91; Granted Authorities: null, null'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 2 of 6 in additional filter chain; firing Filter: 'ro.crispico.util.acegi.CustomAuthenticationProcessingFilter@188f506'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 3 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter@8e85b5'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 4 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.rememberme.RememberMeProcessingFilter@1395dab'
[gioppi] DEBUG RememberMeProcessingFilter.doFilter(168) | SecurityContextHolder not populated with remember-me token, as it already contained: 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@0: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 451F89C5E64E4D0D0F1E845B9DAC4E91; Granted Authorities: null, null'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 5 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@134c0a6'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 6 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@53f0a8'
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /userList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /driverList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editDriver.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /updateDrivers.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /vehicleList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editVehicle.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /addressList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editAddress.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /flightList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editFlight.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /containerList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editContainer.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editFlightContainers.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editParking.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editProfile.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /editUser.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /unitSelect.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionList.jspm'; pattern is /**/*.jspm*; matched=true
[gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(301) | Secure object: FilterInvocation: URL: /missionList.jspm; ConfigAttributes: [admin, user, tech]
[gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(340) | Previously Authenticated: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@0: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 451F89C5E64E4D0D0F1E845B9DAC4E91; Granted Authorities: null, null
[gioppi] DEBUG ExceptionTranslationFilter.doFilter(168) | Access is denied (user is not anonymous); sending back forbidden response
org.acegisecurity.AccessDeniedException: Access is denied
	at org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
	at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:347)
	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:113)
	at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:79)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:143)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:174)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:50)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:246)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:220)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at ro.crispico.gioppi.web.filter.MessageFilter.doFilter(MessageFilter.java:40)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868)
	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663)
	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
	at java.lang.Thread.run(Thread.java:595)
[gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: ACEGI_SECURITY_403_EXCEPTION
[gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(285) | SecurityContextHolder set to new context, as request processing completed
  3. Jun 4th, 2006, 08:55 AM #3
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    Quote Originally Posted by cristis1

    I imagine that the user is retreive somehow from the server's persistent storage, but with no authority. (the second bloc of log).
    Could you post your configuration please, as it's very hard to work out what's going on without any information on what kind of authentication is actually being used. The debug log from the authentication provider would also be useful.
  4. Jun 4th, 2006, 10:42 AM #4
    cristis1
    cristis1 is offline Member
    Join Date
    Jan 2006
    Location
    Bucharest, Romania
    Posts
    44

    Default

    Thank you for the reply.

    The configuration of the acegi system is preety much based on the AppFuse application:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
    "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>

    <!-- ======================== FILTER CHAIN ======================= -->
    <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,remoteUserFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
            </value>
            <!-- Put channelProcessingFilter before remoteUserFilter to turn on SSL switching -->
            <!-- It's off by default b/c Canoo WebTest doesn't support SSL out-of-the-box -->
        </property>
    </bean>

    <!-- ======================== AUTHENTICATION ======================= -->

    <!-- Note the order that entries are placed against the objectDefinitionSource is critical.
         The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
         Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
    <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="accessDecisionManager" ref="accessDecisionManager"/>
         <property name="objectDefinitionSource">
            <value>
                PATTERN_TYPE_APACHE_ANT
                /userList.jspm*=admin
                /driverList.jspm*=user,tech,admin
                /editDriver.jspm*=admin
                /updateDrivers.jspm*=admin,tech
                /vehicleList.jspm*=user,tech,admin
                /editVehicle.jspm*=admin
                /addressList.jspm*=user,tech,admin
                /editAddress.jspm*=admin
                /flightList.jspm*=user,tech,admin
                /editFlight.jspm*=tech
                /containerList.jspm*=user,tech,admin
                /editContainer.jspm*=tech
                /editFlightContainers.jspm*=tech
                /editParking.jspm*=admin
                /editProfile.jspm*=user,tech,admin
                /editUser.jspm*=user,tech,admin
                /unitSelect.jspm*=user,tech,admin
                /**/*.jspm*=admin,user,tech
                /**/*.jsp*=admin,user,tech                
            </value>
        </property>
    </bean>

    <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref local="daoAuthenticationProvider"/>
<!--            <ref local="rememberMeAuthenticationProvider"/>
-->
            </list>
        </property>
    </bean>
   
    <!-- Log failed authentication attempts to commons-logging -->
    <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
    
    <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
         <property name="userDetailsService" ref="userDao"/>
         <property name="userCache" ref="userCache"/>
         <property name="passwordEncoder" ref="passwordEncoder"/>
    </bean>

    <!-- This bean definition must be available to ApplicationContext.getBean() so StartupListener
         can look for it and detect if password encryption is turned on or not -->
    <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.ShaPasswordEncoder"/>

    <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
        <property name="rolePrefix" value=""/>
    </bean>

    <bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
        <property name="allowIfAllAbstainDecisions" value="false"/>
        <property name="decisionVoters">
            <list>
                <ref local="roleVoter"/>
            </list>
        </property>
    </bean>
    
    <!-- ===================== HTTP REQUEST SECURITY ==================== -->
    <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
    
    <bean id="authenticationProcessingFilter" class="ro.crispico.util.acegi.CustomAuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl" value="/login.jspx?error=true"/>
        <property name="defaultTargetUrl" value="/"/>
        <property name="filterProcessesUrl" value="/j_security_check"/>
        <property name="rememberMeServices" ref="rememberMeServices"/>
    </bean>
    
    <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint" ref="authenticationProcessingFilterEntryPoint"/>
    </bean>
    
    <bean id="remoteUserFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>

    <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl" value="/login.jspx"/>
        <property name="forceHttps" value="false"/>
    </bean>
    
    <bean id="userManagerSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="accessDecisionManager" ref="accessDecisionManager"/>
        <property name="objectDefinitionSource">
             <value>
                 ro.crispico.gioppi.service.UserService.getUsers=admin
                 ro.crispico.gioppi.service.UserService.removeUser=admin
             </value>
        </property>
    </bean>
    
    <!-- ===================== REMEMBER ME ==================== -->
    <bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="rememberMeServices" ref="rememberMeServices"/>
    </bean>
 
    <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> 
        <property name="userDetailsService" ref="userDao"/>
        <property name="key" value="appfuseRocks"/> 
        <property name="parameter" value="rememberMe"/>
    </bean> 
  
    <bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> 
        <property name="key" value="appfuseRocks"/>
    </bean>
    
    <!-- ===================== SSL SWITCHING ==================== -->
    <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter">
        <property name="channelDecisionManager" ref="channelDecisionManager"/>
        <property name="filterInvocationDefinitionSource">
            <value>
                PATTERN_TYPE_APACHE_ANT
                /login*=REQUIRES_SECURE_CHANNEL
                /j_security_check*=REQUIRES_SECURE_CHANNEL
                /**=REQUIRES_INSECURE_CHANNEL
            </value>
        </property>
    </bean>

    <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
        <property name="channelProcessors">
            <list>
                <bean class="org.acegisecurity.securechannel.SecureChannelProcessor"/>
                <bean class="org.acegisecurity.securechannel.InsecureChannelProcessor"/>
            </list>
        </property>
    </bean>
</beans>
    CustomAuthenticationProcessingFilter adds some specific processing after the authentication. I don't think it is the problem, as I had the same issue before customizing this filter.

    The log generated after a succesfull authentication follows.
    Thank you,
    Cristian.
    Last edited by cristis1; Jun 4th, 2006 at 10:47 AM.
  5. Jun 4th, 2006, 10:48 AM #5
    cristis1
    cristis1 is offline Member
    Join Date
    Jan 2006
    Location
    Bucharest, Romania
    Posts
    44

    Default

    Code:
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(113) | Converted URL to lowercase, from: '/j_security_check'; to: '/j_security_check'
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/j_security_check'; pattern is /**; matched=true
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /j_security_check at position 1 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextIntegrationFilter@1eb7d25'
[gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(195) | HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /j_security_check at position 2 of 6 in additional filter chain; firing Filter: 'ro.crispico.util.acegi.CustomAuthenticationProcessingFilter@39d811'
[gioppi] DEBUG AbstractProcessingFilter.doFilter(220) | Request is to process authentication
[gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: ACEGI_SECURITY_LAST_USERNAME
[gioppi] DEBUG ProviderManager.doAuthentication(202) | Authentication attempt using org.acegisecurity.providers.dao.DaoAuthenticationProvider
[gioppi] DEBUG EhCacheBasedUserCache.getUserFromCache(71) | Cache hit: false; username: tech
Hibernate: select user0_.id as id43_, user0_.version as version43_, user0_.username as username43_, user0_.password as password43_, user0_.firstName as firstName43_, user0_.lastName as lastName43_, user0_.account_enabled as account7_43_, user0_.account_expired as account8_43_, user0_.account_locked as account9_43_, user0_.credentials_expired as credent10_43_, user0_.unitId as unitId43_ from gioppi.app_user user0_ where user0_.username=?
Hibernate: select roles0_.user_id as user1_0_, roles0_.role_id as role2_0_ from gioppi.user_roles roles0_ where roles0_.user_id=?
Hibernate: select role0_.id as id41_0_, role0_.name as name41_0_, role0_.description as descript3_41_0_ from gioppi.role role0_ where role0_.id=?
Hibernate: select role0_.id as id41_0_, role0_.name as name41_0_, role0_.description as descript3_41_0_ from gioppi.role role0_ where role0_.id=?
[gioppi] DEBUG EhCacheBasedUserCache.putUserInCache(90) | Cache put: tech
XXX: apelare getAuthorities(), [user, tech]
[gioppi] WARN LoggerListener.onApplicationEvent(60) | Authentication event AuthenticationSuccessEvent: tech; details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989
[gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: unit
Hibernate: select unit0_.id as id42_0_, unit0_.name as name42_0_, unit0_.color as color42_0_, unit0_.defaultDepot as defaultD4_42_0_ from gioppi.Unit unit0_ where unit0_.id=?
[gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: unitname
Hibernate: select this_.id as id42_0_, this_.name as name42_0_, this_.color as color42_0_, this_.defaultDepot as defaultD4_42_0_ from gioppi.Unit this_
[gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: globalSettings
[gioppi] DEBUG AbstractProcessingFilter.successfulAuthentication(392) | Authentication success: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@ffcd5a60: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989; Granted Authorities: user, tech
[gioppi] DEBUG AbstractProcessingFilter.successfulAuthentication(398) | Updated SecurityContextHolder to contain the following Authentication: 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@ffcd5a60: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989; Granted Authorities: user, tech'
[gioppi] DEBUG AbstractProcessingFilter.successfulAuthentication(416) | Redirecting to target URL from HTTP Session (or default): http://localhost:8080/gioppi/index2.jspm
[gioppi] DEBUG TokenBasedRememberMeServices.loginSuccess(294) | Did not send remember-me cookie (principal did not set parameter 'rememberMe')
[gioppi] WARN LoggerListener.onApplicationEvent(60) | Authentication event InteractiveAuthenticationSuccessEvent: tech; details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989
[gioppi] DEBUG UserCounterListener.attributeAdded(112) | event.name: ACEGI_SECURITY_CONTEXT
  6. Jun 4th, 2006, 10:49 AM #6
    cristis1
    cristis1 is offline Member
    Join Date
    Jan 2006
    Location
    Bucharest, Romania
    Posts
    44

    Default

    Code:
    [gioppi] DEBUG UserCounterListener.incrementUserCounter(58) | User Count: 1
[gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(276) | SecurityContext stored to HttpSession: 'org.acegisecurity.context.SecurityContextImpl@ffcd5a60: Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@ffcd5a60: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989; Granted Authorities: user, tech'
[gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(285) | SecurityContextHolder set to new context, as request processing completed
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(113) | Converted URL to lowercase, from: '/index2.jspm'; to: '/index2.jspm'
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /**; matched=true
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 1 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextIntegrationFilter@1eb7d25'
[gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(177) | Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@ffcd5a60: Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@ffcd5a60: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989; Granted Authorities: user, tech'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 2 of 6 in additional filter chain; firing Filter: 'ro.crispico.util.acegi.CustomAuthenticationProcessingFilter@39d811'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 3 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter@1984f7d'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 4 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.rememberme.RememberMeProcessingFilter@1ec3c6d'
[gioppi] DEBUG RememberMeProcessingFilter.doFilter(168) | SecurityContextHolder not populated with remember-me token, as it already contained: 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@ffcd5a60: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989; Granted Authorities: user, tech'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 5 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@731f3f'
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /index2.jspm at position 6 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@86988'
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /userList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /driverList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editDriver.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /updateDrivers.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /vehicleList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editVehicle.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /addressList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editAddress.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /flightList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editFlight.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /containerList.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editContainer.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editFlightContainers.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editParking.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editProfile.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /editUser.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /unitSelect.jspm*; matched=false
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/index2.jspm'; pattern is /**/*.jspm*; matched=true
[gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(301) | Secure object: FilterInvocation: URL: /index2.jspm; ConfigAttributes: [admin, user, tech]
[gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(340) | Previously Authenticated: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@ffcd5a60: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 09320AAA2183FF113683F85C03BC7989; Granted Authorities: user, tech
[gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(358) | Authorization successful
[gioppi] DEBUG AbstractSecurityInterceptor.beforeInvocation(371) | RunAsManager did not change Authentication object
[gioppi] DEBUG FilterChainProxy.doFilter(288) | /index2.jspm reached end of additional filter chain; proceeding with original chain
[gioppi] DEBUG ExceptionTranslationFilter.doFilter(146) | Chain processed normally
[gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(285) | SecurityContextHolder set to new context, as request processing completed
  7. Jun 5th, 2006, 07:15 AM #7
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    Quote Originally Posted by cristis1
    Thank you for the reply.

    CustomAuthenticationProcessingFilter adds some specific processing after the authentication. I don't think it is the problem, as I had the same issue before customizing this filter.
    Could you explain what kind of processing you do after the user is authenticated?

    The user information appears to be correctly loaded from the database.
  8. Jun 5th, 2006, 11:03 AM #8
    cristis1
    cristis1 is offline Member
    Join Date
    Jan 2006
    Location
    Bucharest, Romania
    Posts
    44

    Default

    I replaced CustomAuthenticationProcessingFilter with the original AuthenticationProcessingFilter but it is the same thing.

    There's another thing I don't understand though. In the second login attempt (after the server restart), acegi says that the users is authenticated, but it has no granted authorities:

    Code:
    [gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(177) | Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@0: Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@0: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 451F89C5E64E4D0D0F1E845B9DAC4E91; Granted Authorities: null, null'
    In the code of the User class, I added a log message when getAuthorities() is called:
    Code:
    XXX: apelare getAuthorities(), [user, tech]
    .

    As one can see from the logs, this method is called after a succesfull authentication, but it is not called when trying to acces a ressource after a server restart. So I could guess that acegi doesn't actually instantiate a User instance in this case? And if it does not, what does it get from the Tomcat's persistent storage?

    And another strange thing: here is a piece of log after a succesfully served ressource:
    Code:
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(113) | Converted URL to lowercase, from: '/missionlist.jspm'; to: '/missionlist.jspm'
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/missionlist.jspm'; pattern is /**; matched=true
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /missionList.jspm at position 1 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextIntegrationFilter@1479ef9'
[gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(177) | Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@fed01e40: Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@fed01e40: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: 7687A9AD69685A8DFB07E804C076D1BC; Granted Authorities: user, tech'
    after comparing to this:
    Code:
    [gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(113) | Converted URL to lowercase, from: '/containerlist.jspm'; to: '/containerlist.jspm'
[gioppi] DEBUG PathBasedFilterInvocationDefinitionMap.lookupAttributes(126) | Candidate is: '/containerlist.jspm'; pattern is /**; matched=true
[gioppi] DEBUG FilterChainProxy.doFilter(297) | /containerList.jspm at position 1 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextIntegrationFilter@d38976'
[gioppi] DEBUG HttpSessionContextIntegrationFilter.doFilter(177) | Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@0: Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@0: Username: tech [ Tech tech ]; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: 7687A9AD69685A8DFB07E804C076D1BC; Granted Authorities: null, null'
    I noticed a strange thing: org.acegisecurity.context.SecurityContextImpl@fed0 1e40: Authentication: org.acegisecurity.providers.UsernamePasswordAuthen ticationToken@fed01e40

    and

    org.acegisecurity.context.SecurityContextImpl@0: Authentication: org.acegisecurity.providers.UsernamePasswordAuthen ticationToken@0

    I guess the 2 objects SecurityContextImpl and UsernamePasswordAuthenticationToken use the standard java toString impl, so what is the meaning of 0 in this case?



    Thank you,
    Cristian.
    Last edited by cristis1; Jun 5th, 2006 at 11:25 AM.
  9. Jun 6th, 2006, 04:38 AM #9
    cristis1
    cristis1 is offline Member
    Join Date
    Jan 2006
    Location
    Bucharest, Romania
    Posts
    44

    Default

    I think the correct question to ask is why my user object is not correctly deserialized or/and serialized. Besides the roles list that is null, I noticed that another object associated to the user is also loaded as null.
  10. Jun 6th, 2006, 07:20 AM #10
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    Sorry, I hadn't actually noticed you were talking about a server restart.

    It does look like some kind of serialization issue. Both the classes you mention have their own toString methods, but I don't know what's going on.

    Do you definately need to have sessions restored after a restart. Presumably the persisted session data will also contain sensitive information like user passwords etc.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules