[Newbie inside]Trouble to get Authentification obj in jsp

[meshenka]

Hello there,
I'm building a webapp (tomcat/spring) and start including security with acegi.

My pb is that authentification looks to work (i.e. if i was not authentifiate i get redirected to the login form) great, but this code

Code:

<% 
		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
		if (auth != null) { %>
			Authentication object is of type: <%= auth.getClass().getName() %><BR><BR>
			Authentication object as a String: <%= auth.toString() %><BR><BR>
			
			Authentication object holds the following granted authorities:<BR><BR>
<%			GrantedAuthority[] granted = auth.getAuthorities();
			for (int i = 0; i < granted.length; i++) { %>
				<%= granted[i].toString() %> (getAuthority(): <%= granted[i].getAuthority() %>)<BR>
<%			}

			if (auth instanceof AuthByAdapter) { %>
				<BR><B>SUCCESS! Your container adapter appears to be properly configured!</B><BR><BR>
<%			} else { %>
				<BR><B>SUCCESS! Your web filters appear to be properly configured!</B><BR>
<%			}
			
		} else { %>
			Authentication object is null.<BR>
			This is an error and your Acegi Security application will not operate properly until corrected.<BR><BR>
<%		}%>

inside my jsp View show me that the Authentifaction object is null

why?

here is my security config

Code:

	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
      <property name="filterInvocationDefinitionSource">
         <value>
		    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
		    PATTERN_TYPE_APACHE_ANT            /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
           </value>
      </property>
    </bean>
    
	<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
		<property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property>
		<property name="userCache"><ref local="userCache"/></property>
	</bean>

	<!-- daoImpl -->
	<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
		<property name="userMap">
			<value>
				sg=xxx,ROLE_USER,ROLE_ROOT
				jc=xxx,ROLE_USER
			</value>
		</property>
	</bean>

	<!-- cache -->
   <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
    
   <bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
      <property name="cacheManager">
         <ref local="cacheManager"/>
      </property>
      <property name="cacheName">
         <value>userCache</value>
      </property>
   </bean>
   
   <bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
      <property name="cache"><ref local="userCacheBackend"/></property>
   </bean>

	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
	    <property name="providers">
	        <list>
	            <ref bean="daoAuthenticationProvider"/>
	            <ref bean="anonymousAuthenticationProvider"/>
	            <ref local="rememberMeAuthenticationProvider"/>	            
	        </list>
	    </property>
	</bean>
	
	<bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
		<property name="key"><value>guest</value></property>
	</bean>
	
   <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
      <property name="key"><value>guest</value></property>
      <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
   </bean>

   <bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> 
   		
   <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
   </bean>
	
	<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
      <property name="authenticationManager"><ref local="authenticationManager"/></property>
      <property name="rememberMeServices"><ref local="rememberMeServices"/></property>
   </bean>

   <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
      <property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property>
      <property name="key"><value>springRocks</value></property>
   </bean>
   
   <bean id="httpRequestIntegrationFilter" class="org.acegisecurity.adapters.HttpRequestIntegrationFilter">
   </bean>

   <bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
      <property name="key"><value>springRocks</value></property>
   </bean>


   <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
      <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
   </bean>

   <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
      <property name="authenticationFailureUrl"><value>/login.html?login_error=1</value></property>
      <property name="defaultTargetUrl"><value>/element/list.html</value></property>
      <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
	  <property name="rememberMeServices"><ref local="rememberMeServices"/></property>
   </bean>

   <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
      <property name="loginFormUrl"><value>/login.html</value></property>
      <property name="forceHttps"><value>false</value></property>
   </bean>

   <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
      <property name="allowIfAllAbstainDecisions"><value>false</value></property>
      <property name="decisionVoters">
         <list>
            <ref bean="roleVoter"/>
         </list>
      </property>
   </bean>

   <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
      <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
      <property name="objectDefinitionSource">
         <value>
			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
			    PATTERN_TYPE_APACHE_ANT
			    /login.html*=ROLE_ANONYMOUS,ROLE_USER
			    /costing/*=ROLE_COSTING,ROLE_USER,ROLE_ROOT
			    /element/*=ROLE_ELEMENT,ROLE_USER,ROLE_ROOT
			    /rollup/*=ROLE_ROLLUP,ROLE_USER,ROLE_ROOT
				/**=ROLE_USER,ROLE_ROOT
         </value>
      </property>
   </bean>
   
   <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>
   	
</beans>

looking at the logs i saw this:

Code:

DEBUG http-8080-1 org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap - Candidate is: '/pages/js/confirmation.jsp'; pattern is /**; matched=true
DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - Secure object: FilterInvocation: URL: /pages/js/confirmation.jsp; ConfigAttributes: [ROLE_USER, ROLE_ROOT]
DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - Previously Authenticated: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@fa22c2a1: Username: org.acegisecurity.userdetails.User@0: Username: sg; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER, ROLE_ROOT; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 3DB9E41C591AE156E2C30902A3BA26D3; Granted Authorities: ROLE_USER, ROLE_ROOT
DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - Authorization successful
DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - RunAsManager did not change Authentication object
DEBUG http-8080-1 org.acegisecurity.util.FilterChainProxy - /pages/js/confirmation.jsp reached end of additional filter chain; proceeding with original chain
DEBUG http-8080-1 org.acegisecurity.ui.ExceptionTranslationFilter - Chain processed normally
DEBUG http-8080-1 org.acegisecurity.context.HttpSessionContextIntegrationFilter - SecurityContextHolder set to new context, as request processing completed

The very last line puzzle me.

Any help would be much appreciate.
nota: sitemesh decorate all views

[meshenka]

i changed some config here
{{{
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilter">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="authenticationFailureUrl"><value>/login.html?login_error=1</value></property>
<property name="defaultTargetUrl"><value>/element/list.html</value></property>
<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
</bean>

<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilterEntryPoint">
<property name="loginFormUrl"><value>/login.html</value></property>
<property name="forceHttps"><value>false</value></property>
</bean>
}}}

to
{{{
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilter">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
<property name="defaultTargetUrl"><value>/element/list.html</value></property>
<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
</bean>

<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilterEntryPoint">
<property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
<property name="forceHttps"><value>false</value></property>
</bean>
}}}
so the login form is no more a spring view, it is astd jsp file.

No more success.

[Marten Deinum]

Why are you using scriptlets to access the security context. Just use the acegi taglibrary to access and check rights etc.

[meshenka]

actually i was using the taglib

Code:

<%@ taglib uri="http://acegisecurity.org/authz" prefix="authz" %>
<authz:authentication operation="username"/>

with no success so i added the scriptlet for debug purpose.

[meshenka]

more investigations shows me this:

i add this scriptlet to see session content:

Code:

	<div class="session">
	    <h1> Get all session-scoped attributes </h1>
	    <%
	    if (session != null) {
			java.util.Enumeration attr = session.getAttributeNames();
	        for (; attr.hasMoreElements(); ) {
	            // Get the name of the attribute
	            String name = (String)attr.nextElement(); %>
	            
	            <%= name %> <%
	    
	            // Get the value of the attribute
	            Object value = session.getAttribute(name);
	            %>
	            
	            <%= value.toString() %> <br/> <%
	        }
	    }
	    %><hr/>
  		<%= SecurityContextHolder.getContext() %>
	</div>

Here is the output:

Code:

ACEGI_SECURITY_LAST_USERNAME sg
ACEGI_SAVED_REQUEST_KEY SavedRequest[http://localhost:8080/xcost/element/list.html]
ACEGI_SECURITY_CONTEXT org.acegisecurity.context.SecurityContextImpl@5dc82df: Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@5dc82df: Username: org.acegisecurity.userdetails.User@0: Username: sg; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER, ROLE_ROOT; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: A8490E6D58D81B0BF9BDC8D7EA471837; Granted Authorities: ROLE_USER, ROLE_ROOT

org.acegisecurity.context.SecurityContextImpl@ffffffff: Null authentication

So it looks like the httpSessionContextIntegrationFilter works fine but :
this <%= SecurityContextHolder.getContext() %> is broken...

how can it be?

ps: the authz tag <authz:authentication operation="username"/> still does not work which sounds fair enough as the taglib code calls SecurityContextHolder.getContext()

[meshenka]

still puzzled :/

Help me please... all my thanks and a Hello Kitty pins to the one that will help me

[Marten Deinum]

I looked at your configuration and it looks like as you are using 2 filters to check/wrap the security in.

The httpSessionContextIntegrationFilter and securityContextHolderAwareRequestFilter. Why is that? I would remove the latter and try again. For the moment I do not see anything strange in your config.

[meshenka]

thanks for your comment

new filter config:

Code:

	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
		    	PATTERN_TYPE_APACHE_ANT
            	/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
			</value>
		</property>
	</bean>

Nothing better

[meshenka]

is this log normal?

Code:

DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - Previously Authenticated: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@5defcd7: Username: org.acegisecurity.userdetails.User@0: Username: sg; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER, ROLE_ROOT; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 1C7E1E15E1A0ECD26C53563185F8974D; Granted Authorities: ROLE_USER, ROLE_ROOT
DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - Authorization successful
DEBUG http-8080-1 org.acegisecurity.intercept.AbstractSecurityInterceptor - RunAsManager did not change Authentication object
DEBUG http-8080-1 org.acegisecurity.util.FilterChainProxy - /pages/js/confirmation.jsp reached end of additional filter chain; proceeding with original chain
DEBUG http-8080-1 org.acegisecurity.ui.ExceptionTranslationFilter - Chain processed normally
DEBUG http-8080-1 org.acegisecurity.context.HttpSessionContextIntegrationFilter - SecurityContextHolder set to new context, as request processing completed
DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]] org.acegisecurity.ui.session.HttpSessionEventPublisher - Publishing event: org.acegisecurity.ui.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@10daff6]

[meshenka]

still bugged ;(

here is an updated version of my acegi config

Code:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE beans PUBLIC
    "-//SPRING//DTD BEAN//EN"
    "http://www.springframework.org/dtd/spring-beans.dtd">

<beans
  default-autowire="no"
  default-lazy-init="true"
  default-dependency-check="none"
>

	<!-- ======================== FILTER CHAIN ======================= -->

	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
		    	PATTERN_TYPE_APACHE_ANT
            	/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
			</value>
		</property>
	</bean>
    
    <!-- ======================== AUTHENTICATION  ======================= -->   
	<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
		<property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property>
		<property name="userCache"><ref local="userCache"/></property>
	</bean>

	<!-- InMemoryDaoImpl -->
	<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
		<property name="userMap">
			<value>
				sg=sg,ROLE_USER,ROLE_ROOT
				st=st,ROLE_USER
				pu=st,ROLE_USER
				jc=jc,ROLE_USER
			</value>
		</property>
	</bean>

	<!-- cache -->
	<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
    
	<bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
		<property name="cacheManager">
			<ref local="cacheManager"/>
		</property>
		<property name="cacheName">
			<value>userCache</value>
		</property>
	</bean>
   
	<bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
		<property name="cache"><ref local="userCacheBackend"/></property>
	</bean>

	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
	    <property name="providers">
	        <list>
	            <ref bean="daoAuthenticationProvider"/>
	            <ref bean="anonymousAuthenticationProvider"/>
	            <ref local="rememberMeAuthenticationProvider"/>	            
	        </list>
	    </property>
	</bean>
	
	<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
		<property name="key"><value>guest</value></property>
		<property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
	</bean>
	
	<bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
		<property name="key"><value>guest</value></property>
	</bean>

	<bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
		<property name="authenticationManager"><ref local="authenticationManager"/></property>
		<property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
	</bean>

	<bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
		<property name="realmName"><value>xCost Realm</value></property>
	</bean>
	
	<!-- Automatically receives AuthenticationEvent messages -->
	<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
   		
	<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
	
	<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
		<property name="authenticationManager"><ref local="authenticationManager"/></property>
		<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
	</bean>

	<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
		<property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property>
		<property name="key"><value>springRocks</value></property>
   </bean>
   
	<bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
   		<property name="key"><value>springRocks</value></property>
	</bean>
	<!-- ===================== HTTP REQUEST SECURITY ==================== -->
	<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
 		<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
	</bean>

	<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
		<property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
		<property name="defaultTargetUrl"><value>/element/list.html</value></property>
		<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
		<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
	</bean>

	<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
		<property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
		<property name="forceHttps"><value>false</value></property>
	</bean>

	<bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
		<property name="decisionVoters">
			<list>
            	<ref bean="roleVoter"/>
         	</list>
		</property>
	</bean>

	<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
		<property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
		<property name="objectDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
			    PATTERN_TYPE_APACHE_ANT
			    /acegilogin.jsp*=ROLE_ANONYMOUS,ROLE_USER,ROLE_ROOT
			    /pages/css/*=ROLE_ANONYMOUS,ROLE_USER,ROLE_ROOT
			    /pages/js/*=ROLE_ANONYMOUS,ROLE_USER,ROLE_ROOT
			    /pages/i/*=ROLE_ANONYMOUS,ROLE_USER,ROLE_ROOT
			    /index.jsp*=ROLE_ANONYMOUS,ROLE_USER,ROLE_ROOT    
				/**=ROLE_USER,ROLE_ROOT
			</value>
		</property>
	</bean>
   
  	<!-- An access decision voter that reads ROLE_* configuration settings -->
	<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>
   	
</beans>

the system authentication works fine but authz tag such as <authz:authentication operation="username"/> still not work... (

scriptlet such as

Code:

<%= SecurityContextHolder.getContext() %>

output

org.acegisecurity.context.SecurityContextImpl@ffff ffff: Null authentication

after been loged in


<invocking ACEGI Guru>Please HELP ME</invocking ACEGI Guru>