BeanNotOfRequiredTypeException

[Omid]

HI all,
I have little problem with acegi and tomahawk I think.

first the Exception:

Code:

2007-04-26 13:18:37,328 DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - Converted URL to lowercase, from: '/tiny_mce/tiny_mce.js'; to: '/tiny_mce/tiny_mce.js'
2007-04-26 13:18:37,328 DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - Candidate is: '/tiny_mce/tiny_mce.js'; pattern is /**; matched=true

2007-04-26 13:18:37,328 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'portletSessionContextIntegrationInterceptor'
2007-04-26 13:18:37,328 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/MileStoneBeta].[default]] - Servlet.service() for servlet default threw exception
org.springframework.beans.factory.BeanNotOfRequiredTypeException: Bean named 'portletSessionContextIntegrationInterceptor' must be of type [javax.servlet.Filter], but was actually of type [org.acegisecurity.context.PortletSessionContextIntegrationInterceptor]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:313)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:165)
	at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:646)
	at org.acegisecurity.util.FilterChainProxy.obtainAllDefinedFilters(FilterChainProxy.java:220)
	at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:135)
	at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
	at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
	at java.lang.Thread.run(Thread.java:619)

so as can see in the first lines candidate is tiny_mce.js and the retuned bean is portletSessionContextIntegrationInterceptor. So I think I have some misconfiguration in my applicationContext.

Code:

<bean id="acegiFilterChainProxy"
		class="org.acegisecurity.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/**=portletSessionContextIntegrationInterceptor,securityRequestFilter,exceptionTranslationFilter,filterSecurityInterceptor
			</value>
		</property>
	</bean>
<bean id="portletSessionContextIntegrationInterceptor"
		class="org.acegisecurity.context.PortletSessionContextIntegrationInterceptor">
		<property name="context">
			<value>org.acegisecurity.context.SecurityContextImpl</value>
		</property>
	</bean>

	<bean id="securityRequestFilter"
		class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />

	<bean id="exceptionTranslationFilter"
		class="org.acegisecurity.ui.ExceptionTranslationFilter">
		<property name="authenticationEntryPoint">
			<bean
				class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
				<property name="loginFormUrl">
					<value>/login.jsp</value>
				</property>
				<property name="forceHttps">
					<value>false</value>
				</property>
			</bean>
		</property>
		<property name="accessDeniedHandler">
			<bean
				class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
				<property name="errorPage">
					<value>/accessDenied.jsp</value>
				</property>
			</bean>
		</property>
	</bean>

	<bean id="filterSecurityInterceptor"
		class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
		<property name="authenticationManager">
			<ref bean="authenticationManager" />
		</property>
		<property name="accessDecisionManager">
			<!--
				The AffirmativeBased voter allows access if at least one voter votes
				to grant access. Use the UnanimousBased voter if you only want to
				grant access if no voter votes to deny access. -->
			<bean class="org.acegisecurity.vote.AffirmativeBased">
				<property name="decisionVoters">
					<list>
						<bean class="org.acegisecurity.vote.RoleVoter" />
						<!--
							The authenticated voter grant access if e.g.
							IS_AUTHENTICATED_FULLY is an attribute -->
						<bean class="org.acegisecurity.vote.AuthenticatedVoter" />
					</list>
				</property>
			</bean>
		</property>
		<property name="objectDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/jsp/view/**=ROLE_MANAGER,ROLE_EDITOR,ROLE_AUTHOR,ROLE_READER
				/jsp/edit/**=ROLE_MANAGER
				/jsp/**=IS_AUTHENTICATED_FULLY
			</value>
			<!-- 
				 /jsp/login.jsp*=ROLE_MANAGER,ROLE_EDITOR,ROLE_AUTHOR,ROLE_READER,ROLE_ANONYMOUS  -->
		</property>
	</bean>
	
	<bean id="authenticationManager"
  		class="org.acegisecurity.providers.ProviderManager">
  		<property name="providers">
   			<list>
    			<ref local="portletAuthenticationProvider" />  <!-- Kann unterumständen weg -->
    			<!-- <ref local="daoAuthenticationProvider" />  -->
   			</list>
  		</property>
 	</bean>
 	
 	<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
  		<property name="userDetailsService">
<ref bean="userAuthenticationService"/>
  		</property>
  		<!-- Wird nur benutzt, wenn userDetailsService auf userAuthenticationService
  			 gesetzt ist -->
  		<property name="userCache">
  			<ref bean="portletUserCache" />
  		</property>
 	</bean>
 	
 	<bean id="portletAuthenticationProvider"
		class="org.acegisecurity.providers.portlet.PortletAuthenticationProvider">
		<property name="portletAuthoritiesPopulator">
			<ref local="portletAuthoritiesPopulator" />
		</property> 
		<property name="userCache">
			<ref local="portletUserCache" />
		</property> 
	</bean>
	
	<bean id="portletAuthoritiesPopulator"
		class="org.acegisecurity.providers.portlet.populator.DaoPortletAuthoritiesPopulator">
		<property name="authenticationDao">
			<ref local="userAuthenticationService" />
		</property>
	</bean>
	
	<bean id="userAuthenticationService"
		class="main.org.jboss.portlet.milestone.spring.security.service.UserAuthenticationService">
		<property name="userManager" ref="userDao" />
		<property name="dataSource" ref="dataSource"></property>
	</bean>
	
	<bean id="portletUserCacheBackend"
		class="org.springframework.cache.ehcache.EhCacheFactoryBean">
		<property name="cacheManager">
			<ref local="cacheManager" />
		</property>
		<property name="cacheName">
			<value>portletUserCache</value>
		</property>
	</bean>
	
	<bean id="portletUserCache"
		class="org.acegisecurity.providers.portlet.cache.EhCacheBasedUserCache">
		<property name="cache">
			<ref local="portletUserCacheBackend" />
		</property>
	</bean>
	
	<bean id="cacheManager"
		class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
	
	<bean id="authenticationController" 
		class="main.org.jboss.portlet.milestone.spring.security.controller.AuthenticationController" 
		scope="session">
  		<property name="authenticationManager">
  			<ref bean="authenticationManager"/>
  		</property>
 	</bean>
 
</beans>

I am very thankfull for any kind of suggestion,

thanks in advance,
Omid

[Andreas Senft]

With the filter chain proxy you specify servlet filters, not interceptors. As the class you specified is no filter you receive that exception.

What I am wondering: Where does org.acegisecurity.context.PortletSessionContextInt egrationInterceptor come from? It is not documented in the javadoc and I have not seen it before. Is there a chance you also have a PortletSessionContextIntegrationFilter class around?

Regards,
Andreas

[Omid]

Since I am developing a portlet, I had to have something that works with Portlets and not servlets, so I found a Tutorial (sorry I don't know where anymore) containing these file... so get it an edited it for my needs...

Code:

public class PortletSessionContextIntegrationInterceptor
		implements InitializingBean, HandlerInterceptor {
 
    protected static final Log logger = LogFactory.getLog(PortletSessionContextIntegrationInterceptor.class);
    public static final String ACEGI_SECURITY_CONTEXT_KEY = HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY;
	private static final String SESSION_EXISTED = PortletSessionContextIntegrationInterceptor.class.getName() + ".SESSION_EXISTED";

   private Class context;
	private Object contextObject; 

    /**
     * Indicates if this interceptor can create a <code>PortletSession</code> if needed
     * (sessions are always created sparingly, but setting this value to false
     * will prohibit sessions from ever being created). Defaults to true.
     */
    private boolean allowSessionCreation = true;

    public void setAllowSessionCreation(boolean allowSessionCreation) {
        this.allowSessionCreation = allowSessionCreation;
    }

    public boolean isAllowSessionCreation() {
        return allowSessionCreation;
    }

    public void setContext(Class secureContext) {
        this.context = secureContext;
    }

    public Class getContext() {
        return context;
    }

    public void afterPropertiesSet() throws Exception {
        if ((this.context == null)
            || (!SecurityContext.class.isAssignableFrom(this.context))) {
            throw new IllegalArgumentException(
                "context must be defined and implement Context (typically use net.sf.acegisecurity.context.security.SecureContextImpl)");
        }

        this.contextObject = generateNewContext();
    }

    
	/* (non-Javadoc)
	 * @see org.springframework.web.portlet.HandlerInterceptor#preHandle(javax.portlet.PortletRequest, javax.portlet.PortletResponse, java.lang.Object)
	 */
	public boolean preHandle(PortletRequest request, PortletResponse response,
			Object handler) throws Exception {

        if (SecurityContextHolder.getContext() != null) {
            if (logger.isWarnEnabled()) {
                logger.warn(
                    "ContextHolder should have been null but contained: '"
                    + SecurityContextHolder.getContext() + "'; setting to null now");
            }

            SecurityContextHolder.setContext(null);
        }

        PortletSession portletSession = null;
        boolean portletSessionExistedAtStartOfRequest = false;

        try {
            portletSession = request.getPortletSession(false);
        } catch (IllegalStateException ignored) {}

        if (portletSession != null) {
            portletSessionExistedAtStartOfRequest = true;

            Object contextObject = portletSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE);

            if (contextObject != null) {
                if (contextObject instanceof SecurityContext) {
                    if (logger.isDebugEnabled()) {
                        logger.debug(
                            "Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: '"
                            + contextObject + "'");
                    }

                    SecurityContextHolder.setContext((SecurityContext) contextObject);
                } else {
                    if (logger.isWarnEnabled()) {
                        logger.warn(
                            "ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
                            + contextObject
                            + "'; are you improperly modifying the PortletSession directly (you should always use SecurityContextHolder) or using the PortletSession attribute reserved for this class?");
                    }
                }
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug(
                        "PortletSession returned null object for ACEGI_SECURITY_CONTEXT");
                }
            }
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("No PortletSession currently exists");
            }
        }

        if (SecurityContextHolder.getContext() == null) {
            SecurityContextHolder.setContext(generateNewContext());

            if (logger.isDebugEnabled()) {
                logger.debug(
                    "As SecurityContextHolder null, setup SecurityContextHolder with a fresh new instance: '"
                    + SecurityContextHolder.getContext() + "'");
            }
        }

        request.setAttribute(SESSION_EXISTED, new Boolean(portletSessionExistedAtStartOfRequest));

        return true;
	}

	/* (non-Javadoc)
	 * @see org.springframework.web.portlet.HandlerInterceptor#postHandle(javax.portlet.RenderRequest, javax.portlet.RenderResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView)
	 */
	public void postHandle(RenderRequest request, RenderResponse response,
			Object handler, ModelAndView modelAndView) throws Exception {
	}

	
	/* (non-Javadoc)
	 * @see org.springframework.web.portlet.HandlerInterceptor#afterCompletion(javax.portlet.PortletRequest, javax.portlet.PortletResponse, java.lang.Object, java.lang.Exception)
	 */
	public void afterCompletion(PortletRequest request, PortletResponse response,
			Object handler, Exception ex) throws Exception {
		
        PortletSession portletSession = null;
        boolean portletSessionExistedAtStartOfRequest = ((Boolean)request.getAttribute(SESSION_EXISTED)).booleanValue();

        // Store context back to PortletSession
        try {
            portletSession = request.getPortletSession(false);
        } catch (IllegalStateException ignored) {}

        if ((portletSession == null) && portletSessionExistedAtStartOfRequest) {
            if (logger.isDebugEnabled()) {
                logger.debug(
                    "PortletSession is now null, but was not null at start of request; session was invalidated, so do not create a new session");
            }
        }

        // Generate a PortletSession only if we need to
        if ((portletSession == null) && !portletSessionExistedAtStartOfRequest) {
            if (!allowSessionCreation) {
                if (logger.isDebugEnabled()) {
                    logger.debug(
                        "Whilst SecurityContextHolder contents have changed, the PortletSessionContextIntegrationInterceptor is prohibited from creating a PortletSession by the allowSessionCreation property being false");
                }
            } else if (!contextObject.equals(SecurityContextHolder.getContext())) {
                if (logger.isDebugEnabled()) {
                    logger.debug(
                        "PortletSession being created as SecurityContextHolder contents are non-default");
                }

                try {
                    portletSession = request.getPortletSession(true);
                } catch (IllegalStateException ignored) {}
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug(
                        "PortletSession still null, but SecurityContextHolder has not changed from default: ' "
                        + SecurityContextHolder.getContext()
                        + "'; not creating PortletSession or storing SecurityContextHolder contents");
                }
            }
        }

        // If PortletSession exists, store current SecurityContextHolder contents
        if (portletSession != null) {
            portletSession.setAttribute(ACEGI_SECURITY_CONTEXT_KEY,
                SecurityContextHolder.getContext(), PortletSession.APPLICATION_SCOPE);

            if (logger.isDebugEnabled()) {
                logger.debug("SecurityContext stored to PortletSession: '"
                    + SecurityContextHolder.getContext() + "'");
            }
        }

        // Remove SecurityContextHolder contents
        SecurityContextHolder.setContext(null);

        if (logger.isDebugEnabled()) {
            logger.debug(
                "SecurityContextHolder set to null as request processing completed");
        }

	}

	
    public SecurityContext generateNewContext() throws PortletException {
        try {
            return (SecurityContext) this.context.newInstance();
        } catch (InstantiationException ie) {
            throw new PortletException(ie);
        } catch (IllegalAccessException iae) {
            throw new PortletException(iae);
        }
    }

	public void afterActionCompletion(ActionRequest arg0, ActionResponse arg1, Object arg2, Exception arg3) throws Exception {
		// TODO Auto-generated method stub
		
	}

	public void afterRenderCompletion(RenderRequest arg0, RenderResponse arg1, Object arg2, Exception arg3) throws Exception {
		// TODO Auto-generated method stub
		
	}

	public void postHandleRender(RenderRequest arg0, RenderResponse arg1, Object arg2, org.springframework.web.portlet.ModelAndView arg3) throws Exception {
		// TODO Auto-generated method stub
		
	}

	public boolean preHandleAction(ActionRequest arg0, ActionResponse arg1, Object arg2) throws Exception {
		// TODO Auto-generated method stub
		return false;
	}

	public boolean preHandleRender(RenderRequest arg0, RenderResponse arg1, Object arg2) throws Exception {
		// TODO Auto-generated method stub
		return false;
	}

}

When I now want to write a Filter - can you give me some advices...

regards
Omid

[Andreas Senft]

Conceptually a servlet filter is similar to an interceptor. So you should be able to transform your code accordingly. Just implement the javax.servlet.Filter appropriately. Have a look at the filter implementations provided by Acegi to see how it could be done.

BTW: When integrating own classes I would suggest not to package them together with the Acegi classes as this is confusing. Choose package names according to your company instead.

Hope that helps,
Andreas

[Omid]

Thanks a lot for your response Andreas,
I willl try it.