Acegi + Spring MVC question

**volga** · Apr 5th, 2007, 11:52 AM

Hi,

I am trying to use Aegi with Spring MVC and I am facing two problems:

When the user is not logged in Acegi is suppose to store the target URL in the session and to redirect the user to this URL after a successful login.

1) Acegi stores the name of the view instead of the URL. If the URL is "contact.htm" and teh corresponding view resolves to /WEB-INF/jsp/contact.jsp, the redirection is to /WEB-INF/jsp/contact.jsp, bypassing the controller. (Of course, this fails !)

2) The second problem is that the redirection does not really occur. Instead, a page is displayed with a link saying "The URL has moved here" and "here" is a link to /WEB-INF/jsp/contact.jsp.

Is there any way to make Acegi remember the original URL and do an actual redirection to it ?

**karldmoore** · Apr 5th, 2007, 12:06 PM

If you look at the Acegi examples they simply point to JSP pages. When started using the Acegi example-tutorial with Struts, I changed all of these to direct to the actions instead e.g. showUsers.jsp to /showUsers.do. Then by moving the pages below WEB-INF everything had to go through the controllers.

**dr_pompeii** · Apr 5th, 2007, 12:08 PM

1) Acegi stores the name of the view instead of the URL. If the URL is "contact.htm" and teh corresponding view resolves to /WEB-INF/jsp/contact.jsp, the redirection is to /WEB-INF/jsp/contact.jsp, bypassing the controller. (Of course, this fails !)

why you said that it fails???

i work how you said, and works normal

so, post here your code

regards

**volga** · Apr 5th, 2007, 12:48 PM

it fails for two reasons : first, /WEB-INF/jsp/contacts.jsp is not accessible. Only a controller can give access to this view. The controller is configured like this :

Code:

  <bean name="/contacts.htm" class="com.volgadev.springapp.addbook.web.ContactsController">
    <property name="contactService" ref="contactService"/>
  </bean>

and the ContactsController is configured to use /WEB-INF/jsp/contacts.jsp as its view

The second reason is that if redirection would be done to /contacts.jsp (I tried to put all JSPs in the context root), the controller would be bypassed and the page would contain no data.

What I need is /contacts.htm be intercepted (it is), the login page be displayed, and in case of successfull login, the user be redirected to the original url, ie /contacts.htm.

Here is my Acegi configuration, mostly copied from the example :

Code:

<beans>

  <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
      <value>
        CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
      </value>
    </property>
  </bean>

  <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>

  <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
    <constructor-arg value="/home.htm"/>
    <!-- URL redirected to after logout -->
    <constructor-arg>
      <list>
        <ref bean="rememberMeServices"/>
        <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
      </list>
    </constructor-arg>
    <property name="filterProcessesUrl" value="/j_acegi_logout"/>
  </bean>

  <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationFailureUrl" value="/acegilogin.htm?login_error=1"/>
    <property name="defaultTargetUrl" value="/home.htm"/>
    <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
    <property name="rememberMeServices" ref="rememberMeServices"/>
  </bean>

  <bean id="securityContextHolderAwareRequestFilter"
        class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>

  <bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="rememberMeServices" ref="rememberMeServices"/>
  </bean>

  <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
    <property name="key" value="changeThis"/>
    <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
  </bean>

  <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
    <property name="authenticationEntryPoint">
      <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl" value="/acegilogin.htm"/>
        <property name="forceHttps" value="false"/>
      </bean>
    </property>
    <property name="accessDeniedHandler">
      <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
        <property name="errorPage" value="/accessDenied.htm"/>
      </bean>
    </property>
  </bean>

  <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="accessDecisionManager">
      <bean class="org.acegisecurity.vote.AffirmativeBased">
        <property name="allowIfAllAbstainDecisions" value="false"/>
        <property name="decisionVoters">
          <list>
            <bean class="org.acegisecurity.vote.RoleVoter"/>
            <bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
          </list>
        </property>
      </bean>
    </property>
    <property name="objectDefinitionSource">
      <value>
        CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /stylesheets/**=IS_AUTHENTICATED_ANONYMOUSLY
        /=IS_AUTHENTICATED_ANONYMOUSLY
        /home.htm=IS_AUTHENTICATED_ANONYMOUSLY
        /acegilogin.htm=IS_AUTHENTICATED_ANONYMOUSLY
        /**=IS_AUTHENTICATED_REMEMBERED
      </value>
    </property>
  </bean>

  <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
    <property name="userDetailsService" ref="userDetailsService"/>
    <property name="key" value="changeThis"/>
  </bean>

  <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
    <property name="providers">
      <list>
        <ref local="daoAuthenticationProvider"/>
        <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
          <property name="key" value="changeThis"/>
        </bean>
        <bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
          <property name="key" value="changeThis"/>
        </bean>
      </list>
    </property>
  </bean>

  <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="userDetailsService"/>
    <property name="userCache">
      <bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
        <property name="cache">
          <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
            <property name="cacheManager">
              <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
            </property>
            <property name="cacheName" value="userCache"/>
          </bean>
        </property>
      </bean>
    </property>
  </bean>

  <!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
  <bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
    <property name="userProperties">
      <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
        <property name="location" value="/WEB-INF/users.properties"/>
      </bean>
    </property>
  </bean>

  <!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
  <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>

</beans>

And my web.xml configuration is :

Code:

  <filter>
    <filter-name>Acegi Filter Chain Proxy</filter-name>
    <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
      <param-name>targetClass</param-name>
      <param-value>org.acegisecurity.util.FilterChainProxy</param-value>
    </init-param>
  </filter>

  <filter-mapping>
    <filter-name>Acegi Filter Chain Proxy</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
</web-app>

**dr_pompeii** · Apr 5th, 2007, 01:02 PM

hi, you forgot this

Code:

  <bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
        <property name="mappings">
            <props>
    	         <prop key="/contacts.htm">contactsController</prop>     
            </props>
    	</property>
    </bean>

so in

Code:

 <bean id="contactsController" class="com.volgadev.springapp.addbook.web.ContactsController">
    <property name="contactService" ref="contactService"/>
  </bean>

and i dont see in acegi code the reference to /contacts.htm

suggestion: see the example code in acegi distribution, i learnt from there

regards

**volga** · Apr 5th, 2007, 04:13 PM

Using :

Code:

 <bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
        <property name="mappings">
            <props>
    	         <prop key="/contacts.htm">contactsController</prop>     
            </props>
    	</property>
    </bean>

<bean id="contactsController" class="com.volgadev.springapp.addbook.web.ContactsController">
    <property name="contactService" ref="contactService"/>
  </bean>

does not work. The contactService bean is not injected and a null pointer exception is thrown when an attempt is made to use it. Should this work only in Spring 1 ? (I am using Spring 2.0)

**dr_pompeii** · Apr 5th, 2007, 04:41 PM

volga

ok, the configuration that you shown is for spring mvc

where is the part for acegi???

that means what controller or url, should control or manage acegi???

i work with spring 2.0.x

regards

i insist, see the examples code

**volga** · Apr 5th, 2007, 04:54 PM

The configuration for Acegi is just above, in my post dated 07:48 PM. I copied it from the acegi-security-sample-tutorial.

I also tried to study the acegi-security-sample-contacts-filter example. I noticed it uses the form you describe, and I tried to do the same :

Code:

  <bean id="contactsController" class="com.volgadev.springapp.addbook.web.ContactsController">
    <property name="contactService"><ref bean="contactService"/></property>
  </bean>

  <bean id="acegiLoginController" class="com.volgadev.springapp.addbook.web.ContactsController"/>

  <bean id="homeController" class="com.volgadev.springapp.addbook.web.HomeController"/>

  <bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
    <property name="mappings">
      <props>
        <prop key="/home.htm">homeController</prop>
        <prop key="/contacts.htm">contactsController</prop>
        <prop key="/acegilogin.htm">acegiLoginController</prop>
      </props>
    </property>
  </bean>

In that case, the contactService bean (declared in my applicationContext.xml) is not injected, and I get the following error when acegilogin.htm is called :

Code:

[23:40:39.156] org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException
[23:40:39.156] Caused by: java.lang.NullPointerException
[23:40:39.156]  at com.volgadev.springapp.addbook.web.ContactsController.configureModelAndView(ContactsController.java:22)
[23:40:39.156]  at com.volgadev.springapp.addbook.web.MenuController.handleRequestInternal(MenuController.java:98)
[23:40:39.156]  at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
[23:40:39.156]  at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:45)
[23:40:39.156]  at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:820)
[23:40:39.156]  at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:755)
[23:40:39.156]  at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:396)
[23:40:39.156]  at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:350)
[23:40:39.156]  at javax.servlet.http.HttpServlet.service(HttpServlet.java:115)
[23:40:39.156]  at javax.servlet.http.HttpServlet.service(HttpServlet.java:92)

Note that the application works perfectly fine if I don't use Acegi !

**dr_pompeii** · Apr 5th, 2007, 05:06 PM

[23:40:39.156] at com.volgadev.springapp.addbook.web.ContactsControl ler.configureModelAndView(ContactsController.java: 22)

it seems nothing related with acegi

Note that the application works perfectly fine if I don't use Acegi !

weird

The configuration for Acegi is just above, in my post dated 07:48 PM.

in your local time, in my local time not appear your time

copy the acegi part, where you make reference the controllers declared in your d="urlMapping"

regards

**volga** · Apr 5th, 2007, 05:18 PM

Sorry for the time !

here is my acegi configuration :

Code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<!--
  - A simple "base bones" Acegi Security configuration.
  -
  - The sample includes the "popular" features that people tend to use.
  - Specifically, form authentication, remember-me, and anonymous processing.
  - Other features aren't setup, as these can be added later by inserting
  - the relevant XML fragments as specified in the Reference Guide.
  -
  - To assist new users, the filters specified in the FilterChainProxy are
  - declared in the application context in the same order. Collaborators
  - required by those filters are placed at the end of the file.
  -
  -->

<beans>

  <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
      <value>
        CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
      </value>
    </property>
  </bean>

  <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>

  <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
    <constructor-arg value="/home.htm"/>
    <!-- URL redirected to after logout -->
    <constructor-arg>
      <list>
        <ref bean="rememberMeServices"/>
        <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
      </list>
    </constructor-arg>
    <property name="filterProcessesUrl" value="/j_acegi_logout"/>
  </bean>

  <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationFailureUrl" value="/acegilogin.htm?login_error=1"/>
    <property name="defaultTargetUrl" value="/home.htm"/>
    <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
    <property name="rememberMeServices" ref="rememberMeServices"/>
  </bean>

  <bean id="securityContextHolderAwareRequestFilter"
        class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>

  <bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="rememberMeServices" ref="rememberMeServices"/>
  </bean>

  <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
    <property name="key" value="changeThis"/>
    <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
  </bean>

  <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
    <property name="authenticationEntryPoint">
      <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl" value="/acegilogin.htm"/>
        <property name="forceHttps" value="false"/>
      </bean>
    </property>
    <property name="accessDeniedHandler">
      <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
        <property name="errorPage" value="/accessDenied.htm"/>
      </bean>
    </property>
  </bean>

  <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="accessDecisionManager">
      <bean class="org.acegisecurity.vote.AffirmativeBased">
        <property name="allowIfAllAbstainDecisions" value="false"/>
        <property name="decisionVoters">
          <list>
            <bean class="org.acegisecurity.vote.RoleVoter"/>
            <bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
          </list>
        </property>
      </bean>
    </property>
    <property name="objectDefinitionSource">
      <value>
        CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /stylesheets/**=IS_AUTHENTICATED_ANONYMOUSLY
        /=IS_AUTHENTICATED_ANONYMOUSLY
        /home.htm=IS_AUTHENTICATED_ANONYMOUSLY
        /acegilogin.htm=IS_AUTHENTICATED_ANONYMOUSLY
        /**=IS_AUTHENTICATED_REMEMBERED
      </value>
    </property>
  </bean>

  <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
    <property name="userDetailsService" ref="userDetailsService"/>
    <property name="key" value="changeThis"/>
  </bean>

  <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
    <property name="providers">
      <list>
        <ref local="daoAuthenticationProvider"/>
        <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
          <property name="key" value="changeThis"/>
        </bean>
        <bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
          <property name="key" value="changeThis"/>
        </bean>
      </list>
    </property>
  </bean>

  <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="userDetailsService"/>
    <property name="userCache">
      <bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
        <property name="cache">
          <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
            <property name="cacheManager">
              <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
            </property>
            <property name="cacheName" value="userCache"/>
          </bean>
        </property>
      </bean>
    </property>
  </bean>

  <!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
  <bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
    <property name="userProperties">
      <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
        <property name="location" value="/WEB-INF/users.properties"/>
      </bean>
    </property>
  </bean>

  <!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
  <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>

</beans>

It makes no reference to d="urlMapping" since I do not use this syntax, because it does not work for me, producing a null pointer Exception because the controllers properties are note injected when I use this :

Code:

  <bean id="contactsController" class="com.volgadev.springapp.addbook.web.ContactsController">
    <property name="contactService"><ref bean="contactService"/></property>
  </bean>

  <bean id="acegiLoginController" class="com.volgadev.springapp.addbook.web.ContactsController"/>

  <bean id="homeController" class="com.volgadev.springapp.addbook.web.HomeController"/>

  <bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
    <property name="mappings">
      <props>
        <prop key="/home.htm">homeController</prop>
        <prop key="/contacts.htm">contactsController</prop>
        <prop key="/acegilogin.htm">acegiLoginController</prop>
      </props>
    </property>
  </bean>

I use the following syntax :

Code:

  <bean name="/home.htm" class="com.volgadev.springapp.addbook.web.HomeController"/>

  <bean name="/acegilogin.htm" class="com.volgadev.springapp.addbook.web.AcegiLoginController"/>

  <bean name="/contacts.htm" class="com.volgadev.springapp.addbook.web.ContactsController">
    <property name="contactService" ref="contactService"/>
  </bean>

which works fine without Acegi

I looked to the acegi-security-sample-contacts-filter example, which uses d="urlMapping" in the contacts-servlet.xml. But there is no reference to any controllers in the acegi configuration file

Thread: Acegi + Spring MVC question

Thread Tools

Display

Acegi + Spring MVC question

Posting Permissions