Authentication object disappears

**Lolas Cat** · Dec 20th, 2009, 10:46 AM

Hi again guys,

I'm still suffering from the problem with passed authentication but no authorization. I noticed that after authentication has been successfully performed the debug log says that Authentication object is not found:

Code:

DEBUG 2009-12-20 16:27:00,740 (org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource) - Candidate is: '/internalapplication/fetch_site_configurations.htm'; pattern is /internalapplication/**; matched=true
DEBUG 2009-12-20 16:27:00,740 (org.springframework.security.intercept.AbstractSecurityInterceptor) - Secure object: FilterInvocation: URL: /internalapplication/fetch_site_configurations.htm; ConfigAttributes: [ROLE_RLE-US-IT DEVELOPMENT-FORMS-STAFF]
DEBUG 2009-12-20 16:27:00,740 (org.springframework.web.context.support.XmlWebApplicationContext) - Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext@2da0700]: org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent[source=FilterInvocation: URL: /internalapplication/fetch_site_configurations.htm]
DEBUG 2009-12-20 16:27:00,740 (org.springframework.security.ui.ExceptionTranslationFilter) - Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
	at org.springframework.security.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:342)
	at org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:254)
	at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106)
	at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
	at org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:52)
	at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

I configured everything by the book, how comes it disappears?

Could my Weblogic 10 server interfere with the Spring authorization?

**Lolas Cat** · Dec 20th, 2009, 05:25 PM

I also noticed a frequent session creation and destruction during the authenticating process. Is that normal? Can anyone post a debug log of a working Spring security functionality so I can compare?

**Luke Taylor** · Dec 21st, 2009, 10:54 AM

Run one of the sample applications and you will obtain the expected out put from a working application.

**Lolas Cat** · Dec 22nd, 2009, 10:31 AM

Luke,

Can you think of any reason why HttpSessionContextIntegrationFilter wouldn't find the session? This is what happens to me after Authentication. The details are stored into Session but when the time comes to authorize HttpSessionContextIntegrationFilter complains that no HTTP Session exist.
H
However, I know for a fact that the session with the stored Context exist (I see it in the debugger).

Thread: Authentication object disappears

Thread Tools

Display

Authentication object disappears

Posting Permissions