The requested resource /springmvc/jsp/acegi/j_acegi_security_check is not available

[muthiahmerchant]

Hi all,

I have an application which uses spring mvc and hibernate. I am trying to integrate acegi to it. I am learning using the sample tutorial that come with acegi downloads.

this is my web.xml file

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListe ner
</listener-class>
<load-on-startup>1</load-on-startup>
</listener>

<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>

<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContex t</param-name>
<param-value>messages</param-value>
</context-param>

<jsp-config>
<taglib>
<taglib-uri>/spring</taglib-uri>
<taglib-location>/WEB-INF/tld/spring.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>sitemesh-page</taglib-uri>
<taglib-location>/WEB-INF/tld/sitemesh-page.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>sitemesh-decorator</taglib-uri>
<taglib-location>/WEB-INF/tld/sitemesh-decorator.tld</taglib-location>
</taglib>
</jsp-config>

<error-page>
<error-code>500</error-code>
<location>/error.jsp</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/403.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/404.jsp</location>
</error-page>

<!-- Start of SiteMesh stuff -->
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.module.sitemesh.filter.Page Filter</filter-class>
</filter>

<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>*.htm</url-pattern>
</filter-mapping>
<!-- End of SiteMesh stuff -->

<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>


This is my applicationContext.xml, this is exactly the same one that came with the tutorial, except a new <beans> at the beginning and I removed the user cache

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="messageSource" class="org.springframework.context.support.Resourc eBundleMessageSource">
<property name="basename" value="messages"/>
</bean>

<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilte r,authenticationProcessingFilter,securityContextHo lderAwareRequestFilter,rememberMeProcessingFilter, anonymousProcessingFilter,exceptionTranslationFilt er,filterInvocationInterceptor
</value>
</property>
</bean>

<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContex tIntegrationFilter"/>

<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/jsp/acegi/index.jsp"/> <!-- URL redirected to after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<bean class="org.acegisecurity.ui.logout.SecurityContext LogoutHandler"/>
</list>
</constructor-arg>
</bean>

<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/jsp/acegi/acegilogin.jsp?login_error=1"/>
<property name="defaultTargetUrl" value="/"/>
<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>

<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHo lderAwareRequestFilter"/>

<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeP rocessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>

<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.Anony mousProcessingFilter">
<property name="key" value="changeThis"/>
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>

<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFi lter">
<property name="authenticationEntryPoint">
<bean class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilterEntryPoint">
<property name="loginFormUrl" value="/jsp/acegi/acegilogin.jsp"/>
<property name="forceHttps" value="false"/>
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImp l">
<property name="errorPage" value="/jsp/acegi/accessDenied.jsp"/>
</bean>
</property>
</bean>

<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecur ityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter"/>
<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/extreme/**=ROLE_SUPERVISOR
/secure/**=IS_AUTHENTICATED_REMEMBERED
/**=IS_AUTHENTICATED_ANONYMOUSLY
</value>
</property>
</bean>

<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedR ememberMeServices">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="key" value="changeThis"/>
</bean>

<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager ">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<bean class="org.acegisecurity.providers.anonymous.Anony mousAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
<bean class="org.acegisecurity.providers.rememberme.Reme mberMeAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
</list>
</property>
</bean>

<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenti cationProvider">
<property name="userDetailsService" ref="userDetailsService"/>

</bean>

<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemo ryDaoImpl">
<property name="userProperties">
<bean class="org.springframework.beans.factory.config.Pr opertiesFactoryBean">
<property name="location" value="/WEB-INF/users.properties"/>
</bean>
</property>
</bean>

<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
<bean id="loggerListener" class="org.acegisecurity.event.authentication.Logg erListener"/>

</beans>



Thanks

[karldmoore]

Is it possible to see the JSP page that is doing the logon post? The filterProcessesUrl in authenticationProcessingFilter needs to match the JSP post.

Code:

<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/jsp/acegi/acegilogin.jsp?login_error=1"/>
<property name="defaultTargetUrl" value="/"/>
<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>

[muthiahmerchant]

This is my acegilogin.jsp. Again this is an exact copy of the acegilogin.jsp that comes with the sample tutorial

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ page import="org.acegisecurity.ui.AbstractProcessingFil ter" %>
<%@ page import="org.acegisecurity.ui.webapp.Authentication ProcessingFilter" %>
<%@ page import="org.acegisecurity.AuthenticationException" %>

<html>
<head>
<title>Login</title>
</head>

<body>
<h1>Login</h1>

<P>Valid users:
<P>
<P>username <b>marissa</b>, password <b>koala</b> (supervisor)
<P>username <b>dianne</b>, password <b>emu</b> (normal user)
<p>username <b>scott</b>, password <b>wombat</b> (normal user)
<p>username <b>peter</b>, password <b>opal</b> (user disabled)
<p>

<%-- this form-login-page form is also used as the
form-error-page to ask for a login again.
--%>
<c:if test="${not empty param.login_error}">
<font color="red">
Your login attempt was not successful, try again.<BR><BR>
Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEG I_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
</font>
</c:if>

<form action="<c:url value='j_acegi_security_check'/>" method="POST">
<table>
<tr><td>User:</td><td><input type='text' name='j_username' <c:if test="${not empty param.login_error}">value='<%= session.getAttribute(AuthenticationProcessingFilte r.ACEGI_SECURITY_LAST_USERNAME_KEY) %>'</c:if>></td></tr>
<tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
<tr><td><input type="checkbox" name="_acegi_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>

<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>

</form>

</body>
</html>


Thanks for your response

[Luke Taylor]

Did you actually manage to get the tutorial to work? As always, I would recommend that you do this and then advance by making small changes to get to the configuration you require.


In this case, it looks like you have moved jsps about so I'm afraid your configuration isn't "exactly the same one that came with the tutorial" at all :-).
So it looks like a basic path problem. The login jsp was originally in the root directory, so the relative path in it no longer matches the one in the filter (which you haven't changed).

[muthiahmerchant]

I was able to run the tutorial app without any modifications without any problems. In the tutorial I changed the path of the app and it works. Then I integrated it with the app and it dosn't work. So i am not sure what went wrong. I thought it was probably because of diff version of the jar so I replace the jars that I had to the jars in the tutorial and the tutorial still works.

Anyways. Based on your reply, if its a path problem, what should be the path to j_acegi_check_security

[karldmoore]

As Luke as, the login page was in the root originally. You have to prefix the URL with the path it is now in.