Results 1 to 4 of 4

Thread: First login, null Authentication object in SecurityContextHolder.getContext()

  1. Sep 25th, 2007, 04:12 PM #1
    rodrigo.baquero
    rodrigo.baquero is offline Junior Member
    Join Date
    Sep 2007
    Posts
    3

    Default First login, null Authentication object in SecurityContextHolder.getContext()

    I'm facing a strange problem with acegi.

    I configure acegi with hibernate and jsf. The first time a user logs in and I try to retreive the Authentication with this code:

    Authentication auth = null;

    SecurityContext ctx = SecurityContextHolder.getContext();

    auth = ctx.getAuthentication();

    I get auth == null. It does not happen with the following users, only with the first that logs in.

    Does someone have any idea?

    <!-- Your application may use the PasswordEncryptor in several places, -->
    <!-- like for example at new user sign-up. -->
    <bean id="jasyptPasswordEncryptor" class="org.jasypt.util.password.StrongPasswordEncr yptor" />

    <!-- This Spring Security-friendly PasswordEncoder implementation will -->
    <!-- wrap the PasswordEncryptor instance so that it can be used from -->
    <!-- the security framework. -->
    <bean id="passwordEncoder" class="org.jasypt.springsecurity.PasswordEncoder">
    <property name="passwordEncryptor" ref="jasyptPasswordEncryptor"/>
    </bean>


    <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=httpSessionContextIntegrationFilter,logoutFilte r,formAuthenticationProcessingFilter,securityConte xtHolderAwareRequestFilter,exceptionTranslationFil ter,filterSecurityInterceptor

    </value>
    </property>
    </bean>

    <bean id="formAuthenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationFailureUrl" value="/simpleLogin.jsp?login=false"/>
    <property name="defaultTargetUrl" value="/faces/Page1.jsp"/>
    <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
    </bean>

    <bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHo lderAwareRequestFilter"/>

    <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContex tIntegrationFilter"/>

    <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
    <constructor-arg value="/simpleLogin.jsp"/>
    <constructor-arg>
    <list>
    <bean class="org.acegisecurity.ui.logout.SecurityContext LogoutHandler"/>
    </list>
    </constructor-arg>
    <property name="filterProcessesUrl" value="/logout.jsp"/>
    </bean>

    <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFi lter">
    <property name="authenticationEntryPoint" ref="formLoginAuthenticationEntryPoint"/>
    <property name="accessDeniedHandler">
    <bean class="org.acegisecurity.ui.AccessDeniedHandlerImp l">
    <property name="errorPage" value="/faces/index.jsp"/>
    </bean>
    </property>
    </bean>


    <bean id="filterSecurityInterceptor" class="org.acegisecurity.intercept.web.FilterSecur ityInterceptor">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="accessDecisionManager" ref="accessDecisionManager"/>
    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /faces/admin/*=RIGHT_ADMIN
    </value>
    </property>
    </bean>

    <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenti cationProvider">
    <property name="userDetailsService" ref="staffService"/>
    <property name="passwordEncoder" ref="passwordEncoder"/>
    </bean>

    <bean id="daoAuthenticationProviderClient" class="org.acegisecurity.providers.dao.DaoAuthenti cationProvider">
    <property name="userDetailsService" ref="clientService"/>
    <property name="passwordEncoder" ref="passwordEncoder"/>
    </bean>

    <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager ">
    <property name="providers">
    <list>
    <ref local="daoAuthenticationProvider" />
    <ref local="daoAuthenticationProviderClient" />
    </list>
    </property>
    </bean>

    <bean id="accessDecisionManager" class="org.acegisecurity.vote.UnanimousBased">
    <property name="decisionVoters">
    <list>
    <ref bean="roleVoter" />
    </list>
    </property>
    </bean>

    <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
    <property name="rolePrefix" value="RIGHT_"/>
    </bean>

    <bean id="formLoginAuthenticationEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilterEntryPoint">
    <property name="loginFormUrl" value="/simpleLogin.jsp"/>
    <property name="forceHttps" value="false"/>
    </bean>

    <!-- logout url: /j_acegi_logout -->



    <bean id="loggerListener" class="org.acegisecurity.event.authentication.Logg erListener"/>

    Thanks,

    Rodrigo Baquero
  2. Sep 26th, 2007, 07:10 AM #2
    rodrigo.baquero
    rodrigo.baquero is offline Junior Member
    Join Date
    Sep 2007
    Posts
    3

    Default

    I found the error,

    The targetClass in the definition of the filter in web.xml was not set to

    org.acegisecurity.util.FilterChainProxy
  3. Sep 29th, 2007, 10:18 AM #3
    ajois4u
    ajois4u is offline Junior Member
    Join Date
    Aug 2007
    Posts
    3

    Default Authentication Fails when PasswordEncoder used with salt

    Hi,
    i was working on a project where we need to apply authentication with encoded password with the salt, without the salt it's working properly, but when i m applying salt it's fails... says Bad credentials, so i was just wondering can anybody please help me .. this is the code which i m using for encoding with salt, with the relevant .xml snippet
    IMPORTANT: we are using Linux ubuntu7.04
    code:
    String PASSWORD = "abc123";
    Object salt = (new String("THIS_IS_A_SALT")).toString();
    String SALETEDPASS = PASSWORD + "{" + salt.toString() + "}";
    .
    .
    Md5PasswordEncoder md5PasswordEncoder = new Md5PasswordEncoder();
    String encdPswd = md5PasswordEncoder.encodePassword(PASSWORD, SALETEDPASS);

    and agegi-security.xml .. code :
    <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenti cationProvider">
    <property name="userDetailsService" ref="jdbcDaoImpl"/>
    <property name="passwordEncoder">
    <bean class="org.acegisecurity.providers.encoding.Md5Pas swordEncoder"/>
    </property>
    <property name="saltSource" ref ="systemWideSalt"/>
    </bean
    </bean>

    <bean id ="systemWideSalt"
    class="org.acegisecurity.providers.dao.salt.System WideSaltSource">
    <property name="systemWideSalt">
    <value>"1234"</value>
    </property>
    </bean>
    so, plz anybody could tell me where m i doing wrong..
    any help would be highly appreciated..
    regards,
    ajois4u
    Last edited by ajois4u; Oct 3rd, 2007 at 04:32 AM.
  4. Sep 30th, 2007, 07:36 PM #4
    rodrigo.baquero
    rodrigo.baquero is offline Junior Member
    Join Date
    Sep 2007
    Posts
    3

    Default

    I would use Jasypt (www.jasypt.org) they have everything you need to encrypt the information and the documentation to integrate with acegi.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules