I just found that I cant access page because authentication is lost, then I am being redirected to the login page. But I am not allowed to access the login page because I am suddenly authenticated again?!
Code:
[fex] DEBUG [http-8080-Processor23] 08:52:05 AbstractSecurityInterceptor.beforeInvocation(284) | Secure object: FilterInvocation: URL: /ifCardFileStatistic.jsf; ConfigAttributes: [admin]
[fex] DEBUG [http-8080-Processor23] 08:52:05 AbstractSecurityInterceptor.beforeInvocation(317) | Previously Authenticated: org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@ad5defeb: Username: anonymous; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: 271D1D4597A9245961ADB0ADE2E24C9F; Granted Authorities: ROLE_ANONYMOUS
[fex] DEBUG [http-8080-Processor23] 08:52:05 ExceptionTranslationFilter.handleException(216) | Access is denied (user is anonymous); redirecting to authentication entry point
org.acegisecurity.AccessDeniedException: Access is denied
at org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
login page redirect:
Code:
[fex] DEBUG [http-8080-Processor23] 08:52:05 ExceptionTranslationFilter.sendStartAuthentication(263) | Authentication entry point being called; SavedRequest added to Session: SavedRequest[http://localhost:8080/flowexpense/ifCardFileStatistic.jsf]
[fex] DEBUG [http-8080-Processor23] 08:52:05 AuthenticationProcessingFilterEntryPoint.commence(198) | Redirecting to: http://localhost:8080/flowexpense/login.jsf
[fex] DEBUG [http-8080-Processor25] 08:52:05 PathBasedFilterInvocationDefinitionMap.lookupAttributes(106) | Converted URL to lowercase, from: '/login.jsf'; to: '/login.jsf'
[fex] DEBUG [http-8080-Processor25] 08:52:05 PathBasedFilterInvocationDefinitionMap.lookupAttributes(118) | Candidate is: '/login.jsf'; pattern is /**; matched=true
[fex] DEBUG [http-8080-Processor25] 08:52:05 FilterChainProxy.doFilter(270) | /login.jsf at position 1 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.logout.LogoutFilter@deea66'
[fex] DEBUG [http-8080-Processor25] 08:52:05 FilterChainProxy.doFilter(270) | /login.jsf at position 2 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.webapp.AuthenticationProcessingFilter@eeefcf'
[fex] DEBUG [http-8080-Processor25] 08:52:05 FilterChainProxy.doFilter(270) | /login.jsf at position 3 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter@c235e1'
[fex] DEBUG [http-8080-Processor25] 08:52:05 SavedRequest.propertyEquals(314) | pathInfo: both null (property equals)
[fex] DEBUG [http-8080-Processor25] 08:52:05 SavedRequest.propertyEquals(314) | queryString: both null (property equals)
[fex] DEBUG [http-8080-Processor25] 08:52:05 SavedRequest.propertyEquals(336) | requestURI: arg1=/flowexpense/ifCardFileStatistic.jsf; arg2=/flowexpense/login.jsf (property not equals)
[fex] DEBUG [http-8080-Processor25] 08:52:05 SavedRequestAwareWrapper.<init>(107) | Wrapper not replaced; SavedRequest was: SavedRequest[http://localhost:8080/flowexpense/ifCardFileStatistic.jsf]
[fex] DEBUG [http-8080-Processor25] 08:52:05 FilterChainProxy.doFilter(270) | /login.jsf at position 4 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.providers.anonymous.AnonymousProcessingFilter@5f7e8f'
[fex] DEBUG [http-8080-Processor25] 08:52:05 AnonymousProcessingFilter.doFilter(118) | SecurityContextHolder not populated with anonymous token, as it already contained: 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@827a2071: Username: org.acegisecurity.userdetails.User@0: Username: gr; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: admin, agent, innflow, officer, tomcat; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: 271D1D4597A9245961ADB0ADE2E24C9F; Granted Authorities: admin, agent, innflow, officer, tomcat'
[fex] DEBUG [http-8080-Processor25] 08:52:05 FilterChainProxy.doFilter(270) | /login.jsf at position 5 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@b07663'
[fex] DEBUG [http-8080-Processor25] 08:52:05 FilterChainProxy.doFilter(270) | /login.jsf at position 6 of 6 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@12c85f1'
[fex] DEBUG [http-8080-Processor25] 08:52:05 PathBasedFilterInvocationDefinitionMap.lookupAttributes(106) | Converted URL to lowercase, from: '/login.jsf'; to: '/login.jsf'
[fex] DEBUG [http-8080-Processor25] 08:52:05 PathBasedFilterInvocationDefinitionMap.lookupAttributes(118) | Candidate is: '/login.jsf'; pattern is /login.jsf*; matched=true
[fex] DEBUG [http-8080-Processor25] 08:52:05 AbstractSecurityInterceptor.beforeInvocation(284) | Secure object: FilterInvocation: URL: /login.jsf; ConfigAttributes: [ROLE_ANONYMOUS]
[fex] DEBUG [http-8080-Processor25] 08:52:05 AbstractSecurityInterceptor.beforeInvocation(317) | Previously Authenticated: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@827a2071: Username: org.acegisecurity.userdetails.User@0: Username: gr; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: admin, agent, innflow, officer, tomcat; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: 271D1D4597A9245961ADB0ADE2E24C9F; Granted Authorities: admin, agent, innflow, officer, tomcat
[fex] DEBUG [http-8080-Processor25] 08:52:05 ExceptionTranslationFilter.handleException(225) | Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.acegisecurity.AccessDeniedException: Access is denied
SecurityContextHolder loses Authentication
