Results 1 to 3 of 3

Thread: UNABLE to make securityContextHolderAwareRequestFilter work correctly

  1. Sep 7th, 2006, 02:00 PM #1
    bouayame
    bouayame is offline Junior Member
    Join Date
    Sep 2006
    Posts
    12

    Default UNABLE to make securityContextHolderAwareRequestFilter work correctly

    I am using acegi 1.0.1, i configured the filterchainproxy as follow

    <bean class="org.acegisecurity.util.FilterChainProxy" id="filterChainProxy">
    <property name="filterInvocationDefinitionSource">
    <value>CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISO N
    PATTERN_TYPE_APACHE_ANT
    /**=httpSessionContextIntegrationFilter,authenticat ionProcessingFilter,securityContextHolderAwareRequ estFilter,anonymousProcessingFilter,exceptionTrans lationFilter,filterInvocationInterceptor</value>
    </property>
    </bean>

    the authentication seems ok and the debbug shows :
    17:42:35,109 DEBUG AuthenticationProcessingFilter:373 -
    Authentication success: org.acegisecurity.providers.UsernamePasswordAuthen ticationToken@5f4a1980:
    Username: org.acegisecurity.userdetails.User@4f813000: Username: bouayame; Password: [PROTECTED];
    Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true;
    Granted Authorities: CREATE_STAFF, EDIT_ACCOUNT, ROLE_OK, ROLE_USER, VIEW_PAYMENTS, VIEW_STAFF;
    Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffd aa08:

    RemoteIpAddress: 127.0.0.1; SessionId: 1051CEB0DDC4E40F76636B7665FEC813; Granted Authorities: CREATE_STAFF, EDIT_ACCOUNT, ROLE_OK, ROLE_USER, VIEW_PAYMENTS, VIEW_STAFF



    ................. but just after when securityContextHolderAwareRequestFilter is called , i got the following error:

    17:42:35,484 DEBUG FilterChainProxy:269 - /pages/protected/test.jsf at position 2 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAw areRequestFilter@16e4ddd'
    17:42:35,484 DEBUG SavedRequestAwareWrapper:107 - Wrapper not replaced; SavedRequest was: null

    then just after that the anonymousProcessingFilter get called and .... It overwrite the securitycontext of the authentication, i finally ends with a username:anonymousUser and nothing works

    17:42:35,484 DEBUG FilterChainProxy:269 - /pages/protected/test.jsf at position 3 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.providers.anonymous.AnonymousPr ocessingFilter@ba007e'
    17:42:35,484 DEBUG AnonymousProcessingFilter:118 - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.acegisecurity.providers.anonymous.AnonymousAu thenticationToken@9055e4a6: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e : RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
    17:42:35,484 DEBUG FilterChainProxy:269 - /pages/protected/test.jsf at position 4 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@1 768b0a'
    17:42:35,484 DEBUG FilterChainProxy:269 - /pages/protected/test.jsf at position 5 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInt erceptor@1a2467a'
    17:42:35,484 DEBUG FilterChainProxy:269 - /pages/protected/test.jsf at position 6 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.webapp.AuthenticationProcess ingFilter@c13406'
    17:42:35,484 DEBUG FilterChainProxy:260 - /pages/protected/test.jsf reached end of additional filter chain; proceeding with original chain
    3

    Am i missing something ?? I tried a downgrade to 1.0.0RC2 and it is the same beahavior

    Please Help....
  2. Sep 7th, 2006, 02:05 PM #2
    bouayame
    bouayame is offline Junior Member
    Join Date
    Sep 2006
    Posts
    12

    Default Add in ...

    When i try to access to a secured path like:

    <bean class="org.acegisecurity.intercept.web.FilterSecur ityInterceptor" id="filterInvocationInterceptor">
    <property name="authenticationManager">
    <ref bean="authenticationManager"/>
    </property>
    <property name="accessDecisionManager">
    <ref bean="httpRequestAccessDecisionManager"/>
    </property>
    <property name="objectDefinitionSource">
    <value>CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISO N
    \A/pages/protected/admin.*\Z=ROLE_ADMIN
    \A/pages/protected/user.*\Z=ROLE_USER
    \A/pages/protected/.*\Z=ROLE_OK
    </value>
    </property>
    </bean>

    I got the following error:
    org.acegisecurity.AuthenticationCredentialsNotFoun dException: An Authentication object was not found in the SecurityContext
    at org.acegisecurity.intercept.AbstractSecurityInterc eptor.credentialsNotFound(AbstractSecurityIntercep tor.java:414)
    at org.acegisecurity.intercept.AbstractSecurityInterc eptor.beforeInvocation(AbstractSecurityInterceptor .java:308)
    at org.acegisecurity.intercept.web.FilterSecurityInte rceptor.invoke(FilterSecurityInterceptor.java:113)
    at org.acegisecurity.intercept.web.FilterSecurityInte rceptor.doFilter(FilterSecurityInterceptor.java:79 )
    at org.acegisecurity.util.FilterToBeanProxy.doFilter( FilterToBeanProxy.java:120)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:202)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
    at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:213)
    at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:178)
    at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126)
    at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:105)
    at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:107)
    at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:148)
    at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:869)
    at org.apache.coyote.http11.Http11BaseProtocol$Http11 ConnectionHandler.processConnection(Http11BaseProt ocol.java:667)
    at org.apache.tomcat.util.net.PoolTcpEndpoint.process Socket(PoolTcpEndpoint.java:527)
    at org.apache.tomcat.util.net.LeaderFollowerWorkerThr ead.runIt(LeaderFollowerWorkerThread.java:80)
    at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:684)
    at java.lang.Thread.run(Thread.java:595)
  3. Sep 9th, 2006, 06:27 AM #3
    bouayame
    bouayame is offline Junior Member
    Join Date
    Sep 2006
    Posts
    12

    Default Problem solved...

    Actually i solved the issue, the problem was not on the order of the fiters inside the filterChainProxy... My real problem was comming from the fact that i was declaring the FilterSecurityInterceptor also in the web.xml.
    I do believe it was making twice the call to that filter leading to erasing the SecurityContext.

    Anyway, thank you for your Help
    By the way.. I am using acegi with JSF MyFaces.... If Someone have hard time making them integrated ... do not hesitate...

    Sincerly yours ....
    Edit/Delete Message
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules