Access denied Exception

[mail2bansi]

I develop a web application similar to sample Tutorial war and it works fine But when i access the admin page it results in Access Denied Exception.
I am using PreAuthentication which goes thru fine and User class is able to add Role
Here is the code snippet from applicationContext-acegi-security.xml

Code:

<http auto-config="false"
     lowercase-comparisons="false" 
    access-decision-manager-ref="accessDecisionManager"  
    access-denied-page="/error.jsp"
    entry-point-ref="authenticationEntryPoint" 
    session-fixation-protection="none" > 
    <intercept-url pattern="/admin/**" access="ROLE_NAMS_ADMIN"/>             
    </http>

Using Eclipse debugger i verified the role is added to User class which implements UserDetails. But the never went to getAuthority() method of WSSOGrantedAuthority class i.e.

Code:

public class User extends NamsUser implements UserDetails,Serializable {
    	public static final class WssoGrantedAuthority implements GrantedAuthority {
                          public String getAuthority() {
		    logger.debug("In  getAuthority method role="+role );
			return role;
		}

}
}

Also it never went to getAuthorities() method of User class. Not sure why debugger doesnt go thru these methods.

Here is exception stack trace which treats it as Anonymous User even after successfull authentication.

Code:

[DEBUG,DefaultFilterInvocationDefinitionSource,AJPRequestHandler-RMICallHandler-7] Candidate is: '/admin/index.jsp'; pattern is /admin/**; matched=true
[DEBUG,DefaultFilterInvocationDefinitionSource,AJPRequestHandler-RMICallHandler-7] Candidate is: '/admin/index.jsp'; pattern is /admin/**; matched=true
[DEBUG,AbstractSecurityInterceptor,AJPRequestHandler-RMICallHandler-7] Secure object: FilterInvocation: URL: /admin/index.jsp; ConfigAttributes: [ROLE_NAMS_ADMIN]
[DEBUG,AbstractSecurityInterceptor,AJPRequestHandler-RMICallHandler-7] Secure object: FilterInvocation: URL: /admin/index.jsp; ConfigAttributes: [ROLE_NAMS_ADMIN]
[DEBUG,AbstractSecurityInterceptor,AJPRequestHandler-RMICallHandler-7] Previously Authenticated: org.springframework.security.providers.anonymous.AnonymousAuthenticationToken@6faa8e27: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: com.boeing.nmt.nams.security.User@ffffffff [hashCode='0' ]; Granted Authorities: ROLE_ANONYMOUS
[DEBUG,AbstractSecurityInterceptor,AJPRequestHandler-RMICallHandler-7] Previously Authenticated: org.springframework.security.providers.anonymous.AnonymousAuthenticationToken@6faa8e27: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: com.boeing.nmt.nams.security.User@ffffffff [hashCode='0' ]; Granted Authorities: ROLE_ANONYMOUS
[DEBUG,ExceptionTranslationFilter,AJPRequestHandler-RMICallHandler-7] Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.AccessDeniedException: Access is denied
        at org.springframework.security.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
        at $Proxy5.decide(Unknown Source)
        at org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:262)
        at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106)
        at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
        at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
        at org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
        at org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
        at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
        at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:174)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:183)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:138)
        at com.evermind.server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:15)
        at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
        at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:620)
        at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:369)
        at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:865)
        at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:447)
        at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:302)
        at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:190)

[Luke Taylor]

Why do you think preauthentication is working - there doesn't appear to be a preauthentication filter in the stack.

If you are posting log excerpts please add a larger section of the debug log file (as an attachment) not just the part with the exception (this exception is in fact a debug message and doesn't explain anything other than that the user is not authenticated - see the FAQ). With the contextual information for the whole request sequence, it is relatively easy to establish what's happening. With just snippets of information, it becomes guesswork.