any sample of gwt 2.3+spring security 3+captcha. On Sat, Jul 9, 2011 at 2:57 AM, Sven <sven.reinhard...@googlemail.com>wrote:
> Hi people, > > I am using GWT 2.3 and Spring Security 3. To explain my application > structure a little bit. My WebContent folder contains: > > WebContent/ > ---------WEB-INF/ > ---------login.html > ---------logout.html > ---------secure/ > -------------------index.html > > Starting my application and trying to access > http://127.0.0.1.:8888/secure/index.html > redirects me to http://127.0.0.1.:8888/login.html... That's the way it > should be. After entering my credentials I get taken to my secured > index.html. There I have a navigation bar containing a FormPanel which > fires a POST j_spring_security_logout. > > My configuration says that in this case I should get taken to > http://127.0.0.1.:8888/logout.html. > The security log shows that the security chain is processing a > redirect to this page. But the strange behaviour I stay on the secured > index page in FF or IE. > > Obviously something blocks the redirect or do I have a general > missunderstanding? > > Here some parts of my security file: > > <security:http auto-config="true"> > <security:intercept-url pattern="/secure/index.html" > requires-channel="http" > access="IS_AUTHENTICATED_FULLY" /> > <security:form-login > login-processing-url="/j_spring_security_check" > login-page="/login.html" > default-target-url="/secure/index.html" > authentication-failure-url="/logout.html" /> > <security:access-denied-handler > error-page="/login.html" /> > <security:logout logout-success-url="/logout.html"/> > </security:http> > > The log file after pressing logout button: > > org.springframework.security.web.FilterChainProxy - Converted URL to > lowercase, from: '/j_spring_security_logout'; to: '/ > j_spring_security_logout' > DEBUG 23:25:06,632 [btpool0-1] > org.springframework.security.web.FilterChainProxy - Candidate is: '/ > j_spring_security_logout'; pattern is /**; matched=true > DEBUG 23:25:06,632 [btpool0-1] > org.springframework.security.web.FilterChainProxy - / > j_spring_security_logout at position 1 of 11 in additional filter > chain; firing Filter: 'ChannelProcessingFilter' > DEBUG 23:25:06,632 [btpool0-1] > security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource > - Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/ > j_spring_security_logout' > DEBUG 23:25:06,633 [btpool0-1] > security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource > - Candidate is: '/j_spring_security_logout'; pattern is /secure/ > index.html; matched=false > DEBUG 23:25:06,633 [btpool0-1] > org.springframework.security.web.FilterChainProxy - / > j_spring_security_logout at position 2 of 11 in additional filter > chain; firing Filter: 'SecurityContextPersistenceFilter' > DEBUG 23:25:06,633 [btpool0-1] > springframework.security.web.context.HttpSessionSecurityContextRepository > - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: > 'org.springframework.security.core.context.SecurityContextImpl@441d0230: > Authentication: > > org.springframework.security.authentication.UsernamePasswordAuthenticationToken@441d0230 > : > Principal: org.springframework.security.core.userdetails.User@36ebcb: > Username: user; Password: [PROTECTED]; Enabled: true; > AccountNonExpired: true; credentialsNonExpired: true; > AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: > [PROTECTED]; Authenticated: true; Details: > org.springframework.security.web.authentication.WebAuthenticationDetails@0 > : > RemoteIpAddress: 127.0.0.1; SessionId: 1mkhid3rhfysw; Granted > Authorities: ROLE_USER' > DEBUG 23:25:06,633 [btpool0-1] > org.springframework.security.web.FilterChainProxy - / > j_spring_security_logout at position 3 of 11 in additional filter > chain; firing Filter: 'LogoutFilter' > DEBUG 23:25:06,633 [btpool0-1] > security.web.authentication.logout.LogoutFilter - Logging out user > > 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@441d0230 > : > Principal: org.springframework.security.core.userdetails.User@36ebcb: > Username: user; Password: [PROTECTED]; Enabled: true; > AccountNonExpired: true; credentialsNonExpired: true; > AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: > [PROTECTED]; Authenticated: true; Details: > org.springframework.security.web.authentication.WebAuthenticationDetails@0 > : > RemoteIpAddress: 127.0.0.1; SessionId: 1mkhid3rhfysw; Granted > Authorities: ROLE_USER' and transferring to logout destination > DEBUG 23:25:06,633 [btpool0-1] > security.web.authentication.logout.SimpleUrlLogoutSuccessHandler - > Using default Url: /logout.html > DEBUG 23:25:06,633 [btpool0-1] > org.springframework.security.web.DefaultRedirectStrategy - Redirecting > to '/logout.html' > DEBUG 23:25:06,633 [btpool0-1] > springframework.security.web.context.HttpSessionSecurityContextRepository > - SecurityContext is empty or anonymous - context will not be stored > in HttpSession. > DEBUG 23:25:06,633 [btpool0-1] > springframework.security.web.context.SecurityContextPersistenceFilter > - SecurityContextHolder now cleared, as request processing completed > DEBUG 23:25:06,634 [btpool0-1] > org.springframework.security.web.FilterChainProxy - Converted URL to > lowercase, from: '/logout.html'; to: '/logout.html' > DEBUG 23:25:06,634 [btpool0-1] > org.springframework.security.web.FilterChainProxy - Candidate is: '/ > logout.html'; pattern is /**; matched=true > DEBUG 23:25:06,634 [btpool0-1] > org.springframework.security.web.FilterChainProxy - /logout.html at > position 1 of 11 in additional filter chain; firing Filter: > 'ChannelProcessingFilter' > DEBUG 23:25:06,634 [btpool0-1] > security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource > - Converted URL to lowercase, from: '/logout.html'; to: '/logout.html' > DEBUG 23:25:06,634 [btpool0-1] > security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource > - Candidate is: '/logout.html'; pattern is /secure/index.html; > matched=false > DEBUG 23:25:06,634 [btpool0-1] > org.springframework.security.web.FilterChainProxy - /logout.html at > position 2 of 11 in additional filter chain; firing Filter: > 'SecurityContextPersistenceFilter' > DEBUG 23:25:06,634 [btpool0-1] > springframework.security.web.context.HttpSessionSecurityContextRepository > - No HttpSession currently exists > DEBUG 23:25:06,634 [btpool0-1] > springframework.security.web.context.HttpSessionSecurityContextRepository > - No SecurityContext was available from the HttpSession: null. A new > one will be created. > DEBUG 23:25:06,634 [btpool0-1] > org.springframework.security.web.FilterChainProxy - /logout.html at > position 3 of 11 in additional filter chain; firing Filter: > 'LogoutFilter' > DEBUG 23:25:06,634 [btpool0-1] > org.springframework.security.web.FilterChainProxy - /logout.html at > position 4 of 11 in additional filter chain; firing Filter: > 'UsernamePasswordAuthenticationFilter' > DEBUG 23:25:06,634 [btpool0-1] > org.springframework.security.web.FilterChainProxy - /logout.html at > position 5 of 11 in additional filter chain; firing Filter: > 'BasicAuthenticationFilter' > DEBUG 23:25:06,635 [btpool0-1] > org.springframework.security.web.FilterChainProxy - /logout.html at > position 6 of 11 in additional filter chain; firing Filter: > 'RequestCacheAwareFilter' > DEBUG 23:25:06,635 [btpool0-1] > org.springframework.security.web.FilterChainProxy - /logout.html at > position 7 of 11 in additional filter chain; firing Filter: > 'SecurityContextHolderAwareRequestFilter' > DEBUG 23:25:06,635 [btpool0-1] > org.springframework.security.web.FilterChainProxy - /logout.html at > position 8 of 11 in additional filter chain; firing Filter: > 'AnonymousAuthenticationFilter' > DEBUG 23:25:06,635 [btpool0-1] > springframework.security.web.authentication.AnonymousAuthenticationFilter > - Populated SecurityContextHolder with anonymous token: > > 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6 > : > Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: > true; Details: > > org.springframework.security.web.authentication.WebAuthenticationDetails@957e > : > RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: > ROLE_ANONYMOUS' > DEBUG 23:25:06,635 [btpool0-1] > org.springframework.security.web.FilterChainProxy - /logout.html at > position 9 of 11 in additional filter chain; firing Filter: > 'SessionManagementFilter' > DEBUG 23:25:06,635 [btpool0-1] > springframework.security.web.session.SessionManagementFilter - > Requested session IDeczk3f3upmyn is invalid. > DEBUG 23:25:06,635 [btpool0-1] > org.springframework.security.web.FilterChainProxy - /logout.html at > position 10 of 11 in additional filter chain; firing Filter: > 'ExceptionTranslationFilter' > DEBUG 23:25:06,635 [btpool0-1] > org.springframework.security.web.FilterChainProxy - /logout.html at > position 11 of 11 in additional filter chain; firing Filter: > 'FilterSecurityInterceptor' > DEBUG 23:25:06,635 [btpool0-1] > security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource > - Converted URL to lowercase, from: '/logout.html'; to: '/logout.html' > DEBUG 23:25:06,635 [btpool0-1] > security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource > - Candidate is: '/logout.html'; pattern is /secure/index.html; > matched=false > DEBUG 23:25:06,635 [btpool0-1] > security.web.access.intercept.FilterSecurityInterceptor - Public > object - authentication not attempted > DEBUG 23:25:06,635 [btpool0-1] > springframework.web.context.support.XmlWebApplicationContext - > Publishing event in Root WebApplicationContext: > > org.springframework.security.access.event.PublicInvocationEvent[source=FilterInvocation: > URL: /logout.html] > DEBUG 23:25:06,635 [btpool0-1] > org.springframework.security.web.FilterChainProxy - /logout.html > reached end of additional filter chain; proceeding with original chain > DEBUG 23:25:06,636 [btpool0-1] > springframework.security.web.access.ExceptionTranslationFilter - Chain > processed normally > DEBUG 23:25:06,636 [btpool0-1] > springframework.security.web.context.HttpSessionSecurityContextRepository > - SecurityContext is empty or anonymous - context will not be stored > in HttpSession. > DEBUG 23:25:06,636 [btpool0-1] > springframework.security.web.context.SecurityContextPersistenceFilter > - SecurityContextHolder now cleared, as request processing completed > > In general my problem is why the browser stays in my application? > Shouldn't it get redirected to /logout.html? > > Thanks for help :) > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to google-web-toolkit@googlegroups.com. > To unsubscribe from this group, send email to > google-web-toolkit+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.