[Acegisecurity-developer] WebLogic 8 and Acegi

Wed, 14 Jul 2004 16:15:20 -0700

I am having problems getting Acegi to work in BEA Weblogic 8.1 (perhaps the same problem Patrick is having).  Any help or advice would be appreciated. 

 

My first problem is this:  Bea doesn’t seem to load the Spring ContextLoader Listener correctly.  To get around this, I'm using the Spring ContextLoaderServlet.  Since Filters get loaded before the ContextLoaderServlet, they throw an exception since the Spring context is not loaded.  I get around this with a modified version of the FilterToBeanProxy that swallows exceptions in the init() method, and attempts to re-init in the doFilter method if the filter delegate is null. 

 

I would appreciate it if anyone can tell me a way to get Bea to load the filters correctly without modified code. 

 

My next problem (after getting around the Listener issue) is that after successfully logging in and viewing a secured page, a subsequent request for a secured url redirects me to the login page. 

 

Below is a debug log using the sample contacts.war.  This is from version .51.  I built the latest from CVS the other day and get the same issue. 

Thanks in advance,

Travis

 

 

(keep in mind, the FilterToBeanProxy messages are coming from a modified version of the code):

 

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi Authentication Processing Filter] doFilter called. . .

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP BASIC Authorization Filter] doFilter called. . .

DEBUG [BasicProcessingFilter.java::doFilter() 153] -  Authorization header: null

DEBUG [AbstractIntegrationFilter.java::doFilter() 114] -  Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP Request Security Filter] doFilter called. . .

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 132] -  Converted URL to lowercase, from: 'Http Request: /contacts/index.jsp'; to: '/index.jsp'

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/index.jsp'; pattern is \A/secure/super.*\Z; matched=false

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/index.jsp'; pattern is \A/secure/.*\Z; matched=false

DEBUG [AbstractSecurityInterceptor.java::interceptor() 346] -  Public object - authentication not attempted

DEBUG [SecurityEnforcementFilter.java::doFilter() 168] -  Chain processed normally

DEBUG [AbstractIntegrationFilter.java::doFilter() 142] -  ContextHolder does not contain any authentication information

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi Authentication Processing Filter] doFilter called. . .

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP BASIC Authorization Filter] doFilter called. . .

DEBUG [BasicProcessingFilter.java::doFilter() 153] -  Authorization header: null

DEBUG [AbstractIntegrationFilter.java::doFilter() 114] -  Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP Request Security Filter] doFilter called. . .

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 132] -  Converted URL to lowercase, from: 'Http Request: /contacts/secure/index.htm'; to: '/secure/index.htm'

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/secure/index.htm'; pattern is \A/secure/super.*\Z; matched=false

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/secure/index.htm'; pattern is \A/secure/.*\Z; matched=true

DEBUG [AbstractSecurityInterceptor.java::interceptor() 273] -  Secure object: FilterInvocation: URL: /secure/index.htm; ConfigAttributes: [ROLE_SUPERVISOR, ROLE_TELLER]

DEBUG [SecurityEnforcementFilter.java::doFilter() 191] -  Authentication failed - adding target URL to Session: http://leechor:7001/contacts/secure/index.htm

DEBUG [AuthenticationProcessingFilterEntryPoint.java::commence() 176] -  Redirecting to: http://leechor:7001/contacts/acegilogin.jsp

DEBUG [AbstractIntegrationFilter.java::doFilter() 142] -  ContextHolder does not contain any authentication information

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi Authentication Processing Filter] doFilter called. . .

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP BASIC Authorization Filter] doFilter called. . .

DEBUG [BasicProcessingFilter.java::doFilter() 153] -  Authorization header: null

DEBUG [AbstractIntegrationFilter.java::doFilter() 114] -  Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP Request Security Filter] doFilter called. . .

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 132] -  Converted URL to lowercase, from: 'Http Request: /contacts/acegilogin.jsp'; to: '/acegilogin.jsp'

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/acegilogin.jsp'; pattern is \A/secure/super.*\Z; matched=false

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/acegilogin.jsp'; pattern is \A/secure/.*\Z; matched=false

DEBUG [AbstractSecurityInterceptor.java::interceptor() 346] -  Public object - authentication not attempted

DEBUG [SecurityEnforcementFilter.java::doFilter() 168] -  Chain processed normally

DEBUG [AbstractIntegrationFilter.java::doFilter() 142] -  ContextHolder does not contain any authentication information

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi Authentication Processing Filter] doFilter called. . .

DEBUG [AbstractProcessingFilter.java::doFilter() 212] -  Request is to process authentication

DEBUG [ProviderManager.java::authenticate() 123] -  Authentication attempt using net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider

 INFO [LoggerListener.java::onApplicationEvent() 69] -  Authentication success for user: marissa; details: 192.168.1.102

DEBUG [AbstractProcessingFilter.java::doFilter() 238] -  Authentication success: [EMAIL PROTECTED]: Username: marissa; Password: [PROTECTED]; Authenticated: false; Details: null; Granted Authorities: ROLE_TELLER, ROLE_SUPERVISOR

DEBUG [AbstractProcessingFilter.java::doFilter() 253] -  Redirecting to target URL from HTTP Session (or default): http://leechor:7001/contacts/secure/index.htm

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi Authentication Processing Filter] doFilter called. . .

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP BASIC Authorization Filter] doFilter called. . .

DEBUG [BasicProcessingFilter.java::doFilter() 153] -  Authorization header: null

DEBUG [AbstractIntegrationFilter.java::doFilter() 93] -  Authentication added to ContextHolder from container

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP Request Security Filter] doFilter called. . .

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 132] -  Converted URL to lowercase, from: 'Http Request: /contacts/secure/index.htm'; to: '/secure/index.htm'

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/secure/index.htm'; pattern is \A/secure/super.*\Z; matched=false

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/secure/index.htm'; pattern is \A/secure/.*\Z; matched=true

DEBUG [AbstractSecurityInterceptor.java::interceptor() 273] -  Secure object: FilterInvocation: URL: /secure/index.htm; ConfigAttributes: [ROLE_SUPERVISOR, ROLE_TELLER]

DEBUG [ProviderManager.java::authenticate() 123] -  Authentication attempt using net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider

 INFO [LoggerListener.java::onApplicationEvent() 69] -  Authentication success for user: marissa; details: null

DEBUG [AbstractSecurityInterceptor.java::interceptor() 297] -  Authenticated: [EMAIL PROTECTED]: Username: marissa; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_TELLER, ROLE_SUPERVISOR

DEBUG [AbstractSecurityInterceptor.java::interceptor() 305] -  Authorization successful

DEBUG [AbstractSecurityInterceptor.java::interceptor() 314] -  RunAsManager did not change Authentication object

DEBUG [AbstractSecurityInterceptor.java::interceptor() 273] -  Secure object: Invocation: method=[public abstract sample.contact.Contact[] sample.contact.ContactManager.getAllByOwner(java.lang.String)] args=[Ljava.lang.Object;@18651db] target is of class [sample.contact.ContactManagerFacade]; ConfigAttributes: [CONTACT_OWNED_BY_CURRENT_USER, RUN_AS_SERVER]

DEBUG [ProviderManager.java::authenticate() 123] -  Authentication attempt using net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider

 INFO [LoggerListener.java::onApplicationEvent() 69] -  Authentication success for user: marissa; details: null

DEBUG [AbstractSecurityInterceptor.java::interceptor() 297] -  Authenticated: [EMAIL PROTECTED]: Username: marissa; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_TELLER, ROLE_SUPERVISOR

DEBUG [AbstractSecurityInterceptor.java::interceptor() 305] -  Authorization successful

DEBUG [AbstractSecurityInterceptor.java::interceptor() 321] -  Switching to RunAs Authentication: [EMAIL PROTECTED]: Username: marissa; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_RUN_AS_SERVER, ROLE_TELLER, ROLE_SUPERVISOR; Original Class: net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken

DEBUG [AbstractSecurityInterceptor.java::interceptor() 273] -  Secure object: Invocation: method=[public abstract sample.contact.Contact[] sample.contact.ContactManager.getAllByOwner(java.lang.String)] args=[Ljava.lang.Object;@c7da23] target is of class [sample.contact.ContactManagerBackend]; ConfigAttributes: [ROLE_RUN_AS_SERVER]

DEBUG [ProviderManager.java::authenticate() 123] -  Authentication attempt using net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider

DEBUG [AbstractSecurityInterceptor.java::interceptor() 297] -  Authenticated: [EMAIL PROTECTED]: Username: marissa; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_RUN_AS_SERVER, ROLE_TELLER, ROLE_SUPERVISOR; Original Class: net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken

DEBUG [AbstractSecurityInterceptor.java::interceptor() 305] -  Authorization successful

DEBUG [AbstractSecurityInterceptor.java::interceptor() 314] -  RunAsManager did not change Authentication object

DEBUG [AbstractSecurityInterceptor.java::interceptor() 336] -  Reverting to original Authentication: [EMAIL PROTECTED]: Username: marissa; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_TELLER, ROLE_SUPERVISOR

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi Authentication Processing Filter] doFilter called. . .

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP BASIC Authorization Filter] doFilter called. . .

DEBUG [BasicProcessingFilter.java::doFilter() 153] -  Authorization header: null

DEBUG [AbstractIntegrationFilter.java::doFilter() 93] -  Authentication added to ContextHolder from container

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP Request Security Filter] doFilter called. . .

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 132] -  Converted URL to lowercase, from: 'Http Request: /contacts/WEB-INF/jsp/index.jsp'; to: '/web-inf/jsp/index.jsp'

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/web-inf/jsp/index.jsp'; pattern is \A/secure/super.*\Z; matched=false

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/web-inf/jsp/index.jsp'; pattern is \A/secure/.*\Z; matched=false

DEBUG [AbstractSecurityInterceptor.java::interceptor() 346] -  Public object - authentication not attempted

DEBUG [AbstractSecurityInterceptor.java::interceptor() 357] -  Authentication object detected and tagged as unauthenticated

DEBUG [SecurityEnforcementFilter.java::doFilter() 168] -  Chain processed normally

DEBUG [AbstractIntegrationFilter.java::doFilter() 126] -  Updating container with new Authentication object, and then removing Authentication from ContextHolder

DEBUG [SecurityEnforcementFilter.java::doFilter() 168] -  Chain processed normally

DEBUG [AbstractIntegrationFilter.java::doFilter() 126] -  Updating container with new Authentication object, and then removing Authentication from ContextHolder

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi Authentication Processing Filter] doFilter called. . .

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP BASIC Authorization Filter] doFilter called. . .

DEBUG [BasicProcessingFilter.java::doFilter() 153] -  Authorization header: null

DEBUG [AbstractIntegrationFilter.java::doFilter() 114] -  Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP Request Security Filter] doFilter called. . .

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 132] -  Converted URL to lowercase, from: 'Http Request: /contacts/secure/add.htm'; to: '/secure/add.htm'

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/secure/add.htm'; pattern is \A/secure/super.*\Z; matched=false

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/secure/add.htm'; pattern is \A/secure/.*\Z; matched=true

DEBUG [AbstractSecurityInterceptor.java::interceptor() 273] -  Secure object: FilterInvocation: URL: /secure/add.htm; ConfigAttributes: [ROLE_SUPERVISOR, ROLE_TELLER]

DEBUG [SecurityEnforcementFilter.java::doFilter() 191] -  Authentication failed - adding target URL to Session: http://leechor:7001/contacts/secure/add.htm

DEBUG [AuthenticationProcessingFilterEntryPoint.java::commence() 176] -  Redirecting to: http://leechor:7001/contacts/acegilogin.jsp

DEBUG [AbstractIntegrationFilter.java::doFilter() 126] -  Updating container with new Authentication object, and then removing Authentication from ContextHolder

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi Authentication Processing Filter] doFilter called. . .

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP BASIC Authorization Filter] doFilter called. . .

DEBUG [BasicProcessingFilter.java::doFilter() 153] -  Authorization header: null

DEBUG [AbstractIntegrationFilter.java::doFilter() 114] -  Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)

DEBUG [FilterToBeanProxy.java::doFilter() 56] -  [Acegi HTTP Request Security Filter] doFilter called. . .

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 132] -  Converted URL to lowercase, from: 'Http Request: /contacts/acegilogin.jsp'; to: '/acegilogin.jsp'

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/acegilogin.jsp'; pattern is \A/secure/super.*\Z; matched=false

DEBUG [RegExpBasedFilterInvocationDefinitionMap.java::lookupAttributes() 144] -  Candidate is: '/acegilogin.jsp'; pattern is \A/secure/.*\Z; matched=false

DEBUG [AbstractSecurityInterceptor.java::interceptor() 346] -  Public object - authentication not attempted

DEBUG [SecurityEnforcementFilter.java::doFilter() 168] -  Chain processed normally

DEBUG [AbstractIntegrationFilter.java::doFilter() 126] -  Updating container with new Authentication object, and then removing Authentication from ContextHolder

 

 

 

Reply via email to