Error :An Authentication object not found

[tejasree]

Background - We are using acegi 1.0RC1 with Siteminder 6.0
and geronimo 1.1.1, jetty container

The siteminder server is with a 3rd party where they set the policies. All the policies have been set and configured. My application gets a login page which comes from the 3rd party once siteminder encounters a protected page and once the login inofrmation is entered it gives me an error

org.acegisecurity.AuthenticationCredentialsNotFoun dException: An Authentication object was not found in the SecurityContext.

<bean id="authenticationProcessingFilter" class="com.maximus.hibc.web.security.acegi.HeaderC redentialAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/error_handlers/authenticationFailed.jsp"/>
<property name="defaultTargetUrl" value="/index.jsp"/>
<property name="alwaysUseDefaultTargetUrl" value="true"/>
<property name="filterProcessesUrl" value="/pa_auth_check"/>
<property name="credentialHeaderName" value="${security.acegi.credential.property.name}"/>
<property name="userNameHeaderName" value="${security.acegi.username.property.name}"/>
</bean>


I have seen some question relating to this error but differed in some or the other way.

So i am posting the question after checking the forums..pls do not ask me to go and look into a similar link

It is very urgent for me.

Thanks

[karldmoore]

It's usually useful to post your applicationContext.xml for the Acegi configuration. If you put this in [ code] [ /code] tags, it's sooooo much easier to read. One thing to check is the filter order, it's a typical solution to problems.
http://www.acegisecurity.org/docbook/acegi.html#filters

[tejasree]

here is my file
<code>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>

<bean id="securityPropertiesWrapper" class="com.maximus.hibc.app.security.DelegatingSec urityProperties" init-method="initDelegate">
<property name="delegateBeanName" value="${security.properties.wrapper.delegate.bean }"/>
</bean>

<bean id="mockSecurityPropertiesWrapper" class="com.maximus.hibc.web.security.MockSecurityP roperties" />

<bean id="acegiSecurityPropertiesWrapper" class="com.maximus.hibc.web.security.acegi.AcegiSe curityProperties" >
<property name="transactionIDPropertyName" value="${security.acegi.transaction.id.property.na me}"/>
<property name="userIDPropertyName" value="${security.acegi.user.id.property.name}"/>
</bean>

<!-- ======================== TRANSACTION ID FILTER ======================= -->

<bean id="transactionIDProxyConditional" class="com.maximus.hibc.web.filter.ConditionalDele gatingFilter">
<property name="delegate" ref="transactionIDProxy"/>
<property name="executeDelegate" value="${security.delegate.enabled}"/>
</bean>

<bean id="transactionIDProxy" class="com.maximus.hibc.web.filter.TransactionIDSe ttingFilter">
<property name="transactionIDPropertyName" value="${security.acegi.transaction.id.property.na me}"/>
</bean>

<!-- ======================== ACEGI FILTER CHAIN ======================= -->

<bean id="filterChainProxyConditional" class="com.maximus.hibc.web.filter.ConditionalDele gatingFilter">
<property name="delegate" ref="filterChainProxy"/>
<property name="executeDelegate" value="${security.delegate.enabled}"/>
</bean>

<!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list below -->
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticat ionProcessingFilter,securityEnforcementFilter
</value>
</property>
</bean>

<!-- ======================== AUTHENTICATION ======================= -->

<bean id="authenticationProcessingFilter" class="com.maximus.hibc.web.security.acegi.HeaderC redentialAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/error_handlers/authenticationFailed.jsp"/>
<property name="defaultTargetUrl" value="/index.jsp"/>
<property name="alwaysUseDefaultTargetUrl" value="true"/>
<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
<property name="credentialHeaderName" value="${security.acegi.credential.property.name}"/>
<property name="userNameHeaderName" value="${security.acegi.username.property.name}"/>
</bean>

<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager ">
<property name="providers">
<list>
<ref local="authenticationProvider"/>
</list>
</property>
</bean>

<bean id="authenticationProvider" class="com.maximus.hibc.web.security.acegi.HeaderC redentialAuthenticationProvider">
<property name="grantedAuthorityResolver" ref="grantedAuthorityResolver"/>
</bean>

<!-- use this if we want have a dynamically-generated role name -->
<bean id="concatenatingGrantedAuthorityResolver" class="com.maximus.hibc.web.security.acegi.Concate natingCredentialMapGrantedAuthorityResolver">
<property name="authoritiesPropertyName" value="HTTP_SMGOV_USERTYPE" />
<property name="assuranceLevelPropertyName" value="HTTP_SMGOV_ASSURANCELEVEL" />
</bean>

<bean id="grantedAuthorityResolver" class="com.maximus.hibc.web.security.acegi.AuthPro pertyExistenceCredentialMapGrantedAuthorityResolve r">
<property name="requiredAuthenticationPropertyName" value="${security.acegi.authority.resolver.require d.auth.property.name}"/>
<property name="requiredAuthenticationPropertyValue" value="${security.acegi.authority.resolver.require d.auth.property.value}"/>
<property name="grantedAuthorityName" value="${security.acegi.authority.resolver.role.na me}"/>
</bean>

<!-- Automatically receives AuthenticationEvent messages -->
<bean id="loggerListener" class="org.acegisecurity.event.authentication.Logg erListener" />

<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContex tIntegrationFilter"></bean>


<!-- ===================== HTTP REQUEST SECURITY ==================== -->

<bean id="securityEnforcementFilter" class="org.acegisecurity.intercept.web.SecurityEnf orcementFilter">
<property name="filterSecurityInterceptor">
<ref local="filterInvocationInterceptor" />
</property>
<property name="authenticationEntryPoint">
<ref local="authenticationProcessingFilterEntryPoint" />
</property>
</bean>

<bean id="authenticationProcessingFilterEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/j_acegi_security_check</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>

<bean id="httpRequestAccessDecisionManager"
class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>

<!-- An access decision voter that reads ROLE_* configuration settings -->
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />

<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecur ityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secured/*=${security.acegi.protected.resource.role}
</value>
</property>
</bean>

</beans>


</code>

[karldmoore]

As I said previously. If you put this in [ code] [ /code] tags, it's sooooo much easier to read. It would also be a good idea to change the log level to see what's going on.