My guess you need to supply the applet with a proxy ticket so that it can authenticate the user. Your web application should obtain one and then pass it to the applet.
Cheers, Scott On Fri, Apr 24, 2009 at 2:58 PM, rrakesh <research.rak...@gmail.com> wrote: > > I have web application which uses CAS for SSO between another web > application. So that part is working fine. > > In one of my web application I got a applet in a secure page, before user > comes to this page user might already have been logged in using CAS. And > when user comes to this secured page which contains applet, the applet does > not loaded it throws and exception. > > Following are some of my filter settings I have: > > <bean id="springSecurityFilterChain" > class="org.springframework.security.util.FilterChainProxy"> > <sec:filter-chain-map path-type="ant"> > <sec:filter-chain pattern="/softwarechecker/**" > filters="none" /> > <sec:filter-chain pattern="/user/css/**" > filters="none" /> > <sec:filter-chain pattern="/user/images/**" > filters="none" /> > <sec:filter-chain pattern="/user/js/**" > filters="none" /> > <sec:filter-chain pattern="/**" > > filters="httpSessionContextIntegrationFilter,userLogoutFilter, > > learnerAuthenticationProcessingFilter, > exceptionTranslationFilter, > filterInvocationInterceptor" > /> > </sec:filter-chain-map> > </bean> > > <bean id="filterInvocationInterceptor" > > class="org.springframework.security.intercept.web.FilterSecurityInterceptor"> > <property name="authenticationManager"> > <ref local="_learnerAuthenticationManager" /> > </property> > <property name="accessDecisionManager"> > <ref local="httpRequestAccessDecisionManager" /> > </property> > <property name="objectDefinitionSource"> > <sec:filter-invocation-definition-source> > <sec:intercept-url pattern="/user/**" > access="ROLE_USER" /> > </sec:filter-invocation-definition-source> > </property> > </bean> > > And when I turned on the debugging on the web app for the CAS security > filter stuff this is what I captured > > > 14:41:28,240 DEBUG [FilterChainProxy] Converted URL to lowercase, from: > '/user/client/applet/SynchronizationApplet.class'; to: > '/user/client/applet/SynchronizationApplet.class' > 14:41:28,240 DEBUG [FilterChainProxy] Candidate is: > '/user/client/applet/SynchronizationApplet.class'; pattern is /**; > matched=true > 14:41:28,240 DEBUG [FilterChainProxy] > /user/client/applet/SynchronizationApplet.class at position 1 of 7 in > additional filter chain; firing Filter: > 'org.springframework.security.context.HttpSessionContextIntegrationFilter[ > order=200; ]' > 14:41:28,240 DEBUG [HttpSessionContextIntegrationFilter] HttpSession > returned null object for SPRING_SECURITY_CONTEXT > 14:41:28,240 DEBUG [HttpSessionContextIntegrationFilter] New > SecurityContext > instance will be associated with SecurityContextHolder > 14:41:28,240 DEBUG [FilterChainProxy] > /user/client/applet/SynchronizationApplet.class at position 2 of 7 in > additional filter chain; firing Filter: > 'org.springframework.security.ui.logout.LogoutFilter[ order=300; ]' > 14:41:28,240 DEBUG [FilterChainProxy] > /user/client/applet/SynchronizationApplet.class at position 3 of 7 in > additional filter chain; firing Filter: > > 'com.test.common.security.impl.authentication.TestAuthenticationProcessingFilter[ > order=700; ]' > 14:41:28,240 DEBUG [FilterChainProxy] > /user/client/applet/SynchronizationApplet.class at position 4 of 7 in > additional filter chain; firing Filter: > 'org.springframework.security.ui.cas.CasProcessingFilter[ order=600; ]' > 14:41:28,240 DEBUG [FilterChainProxy] > /user/client/applet/SynchronizationApplet.class at position 5 of 7 in > additional filter chain; firing Filter: > > 'com.test.common.security.impl.authentication.TestAuthenticationProcessingFilter[ > order=700; ]' > 14:41:28,240 DEBUG [FilterChainProxy] > /user/client/applet/SynchronizationApplet.class at position 6 of 7 in > additional filter chain; firing Filter: > 'org.springframework.security.ui.ExceptionTranslationFilter[ order=1400; ]' > 14:41:28,240 DEBUG [FilterChainProxy] > /user/client/applet/SynchronizationApplet.class at position 7 of 7 in > additional filter chain; firing Filter: > > 'org.springframework.security.intercept.web.filtersecurityintercep...@2a91b1 > ' > 14:41:28,240 DEBUG [DefaultFilterInvocationDefinitionSource] Converted URL > to lowercase, from: '/user/client/applet/SynchronizationApplet.class'; to: > '/user/client/applet/SynchronizationApplet.class' > 14:41:28,240 DEBUG [DefaultFilterInvocationDefinitionSource] Candidate is: > '/user/client/applet/SynchronizationApplet.class'; pattern is /user/**; > matched=true > 14:41:28,240 DEBUG [AbstractSecurityInterceptor] Secure object: > FilterInvocation: URL: /user/client/applet/SynchronizationApplet.class; > ConfigAttributes: [ROLE_USER] > 14:41:28,240 DEBUG [ExceptionTranslationFilter] Authentication exception > occurred; redirecting to authentication entry point > org.springframework.security.AuthenticationCredentialsNotFoundException: An > Authentication object was not found in the SecurityContext > at > > org.springframework.security.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:342) > at > > org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:254) > at > > org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) > at > > org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) > > Thanks for reading the questions, any help or pointers please. > RR > -- > View this message in context: > http://www.nabble.com/CASifying-the-Applet-in-Web-Application-tp23222878p23222878.html > Sent from the CAS Users mailing list archive at Nabble.com. > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > scott.battag...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
