Yep ...
This is what is configured in the web.xml ...
<!-- Acegi Security filters - controls secure access to different parts of
Roller -->
<filter-mapping>
<filter-name>securityFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
Yesterday I saw something strange in the loginerror.jsp
There is a redirect with a comment above saying .... Comment it out on
OC4J ...
Why ?????
<%@ page import="org.roller.presentation.RollerSession" %>
<%
String dest = "login.jsp?error=true";
// This server-side redirect may work on some servers.
// Comment it out on OC4J.
response.sendRedirect(dest);
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
<meta http-equiv="refresh"
content="0;url=<%= dest %>">
</head>
<body bgcolor="#ffffff">
</body>
</html>
"Matt Raible" <[EMAIL PROTECTED]>
16/03/2006 16:05
Please respond to
[email protected]
To
[email protected]
cc
Subject
Re: Can't login after register,and no error display
Do you have the securityFilter configured so it applies for both
requests and forwards? You might need this - using the <dispatcher>
elements.
Matt
On 3/16/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
wrote:
> I downloaded the ACEGI source code and according to me the problem is
> that the URL I want to access is not a url that needs authentication.
>
> Check out the logfile:
>
> DEBUG 2006-03-16 15:08:29,492
FilterChainProxy$VirtualFilterChain:doFilter
> - /login.jsp at position 1 of 8 in additional filter chain; firing
Filter:
> '[EMAIL PROTECTED]'
> DEBUG 2006-03-16 15:08:29,493
HttpSessionContextIntegrationFilter:doFilter
> - HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new
> SecurityContext instance associated with SecurityContextHolder
> DEBUG 2006-03-16 15:08:29,493
FilterChainProxy$VirtualFilterChain:doFilter
> - /login.jsp at position 2 of 8 in additional filter chain; firing
Filter:
> '[EMAIL PROTECTED]'
> DEBUG 2006-03-16 15:08:29,498
FilterChainProxy$VirtualFilterChain:doFilter
> - /login.jsp at position 3 of 8 in additional filter chain; firing
Filter:
> '[EMAIL PROTECTED]'
> DEBUG 2006-03-16 15:08:29,500
FilterChainProxy$VirtualFilterChain:doFilter
> - /login.jsp at position 4 of 8 in additional filter chain; firing
Filter:
> '[EMAIL PROTECTED]'
> DEBUG 2006-03-16 15:08:29,500
FilterChainProxy$VirtualFilterChain:doFilter
> - /login.jsp at position 5 of 8 in additional filter chain; firing
Filter:
>
'[EMAIL PROTECTED]'
> DEBUG 2006-03-16 15:08:29,501
FilterChainProxy$VirtualFilterChain:doFilter
> - /login.jsp at position 6 of 8 in additional filter chain; firing
Filter:
>
'[EMAIL PROTECTED]'
> DEBUG 2006-03-16 15:08:29,502 AnonymousProcessingFilter:doFilter -
> Populated SecurityContextHolder with anonymous token:
> '[EMAIL PROTECTED]:
> Username: anonymous; Password: [PROTECTED]; Authenticated: true;
Details:
> [EMAIL PROTECTED]: RemoteIpAddress:
> 10.3.0.4; SessionId: 0a01009bce911dc8dc5682848bb914a9eb68351563e;
Granted
> Authorities: ROLE_ANONYMOUS'
> DEBUG 2006-03-16 15:08:29,503
FilterChainProxy$VirtualFilterChain:doFilter
> - /login.jsp at position 7 of 8 in additional filter chain; firing
Filter:
> '[EMAIL PROTECTED]'
> DEBUG 2006-03-16 15:08:29,504
FilterChainProxy$VirtualFilterChain:doFilter
> - /login.jsp at position 8 of 8 in additional filter chain; firing
Filter:
> '[EMAIL PROTECTED]'
>
>
>
> The only filters that write anything to the log file are the first one
and
> the anonymous one (which is normal because I'm not authenticated) ...
> So, if you check out the AuthenticationProcessingFilter class which
> extends the AbstractProcessingFilter class you can see the following:
>
> if (requiresAuthentication(httpRequest, httpResponse)) {
> if (logger.isDebugEnabled()) {
> logger.debug("Request is to process authentication");
> }
> Since the above log sentence is not written to the log file I assume the
> URL I want to access is not being described as requires authentication
...
> but it should though ...
>
> The definition in security.xml is the following:
>
> <bean id="filterInvocationInterceptor"
> class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
> <property name="authenticationManager"
> ref="authenticationManager"/>
> <property name="accessDecisionManager"
> ref="accessDecisionManager"/>
> <property name="objectDefinitionSource">
> <value>
> PATTERN_TYPE_APACHE_ANT
> /editor/**=admin,editor
> /admin/**=admin
> /rewrite-status*=admin
> /login-redirect.jsp=admin,editor
> </value>
> </property>
> </bean>
>
> Since I kick in the authentication process by clicking on the "login"
link
> on the main page (which is actually a link to login-redict.jsp file) I
> should think that the url should be authenticated if you look at the
above
> definition ...
>
>
> I'm really getting good on roller configuration, the only problem is
that
> it doesn't work with my configuration ! :-(
>
>
>
>
>
>
>
> [EMAIL PROTECTED]
> 16/03/2006 14:09
> Please respond to
> [email protected]
>
>
> To
> [email protected]
> cc
> [email protected]
> Subject
> Re: Can't login after register,and no error display
>
>
>
>
>
>
> Hello,
>
> Me again.
>
> Like already stated in the mail below the roller application always
> authenticates me as anonymous.
>
> Are there any other things that need to be changed in the security.xml
> file so that authentication starts working.
> I have already changed the things like described in the installation
guide
>
> ...
> For testing reasons I have granted the ANONYMOUS role access in the
> security.xml file and then I can go to the main page.
>
> However if I try to create a weblog I get a NULL pointer because my
> session is not associated to a specific user.
>
> Pretty pretty please ?
>
> Thanks,
>
> Best regards,
>
> Tom.
>
>
>
>
>
> [EMAIL PROTECTED]
> 16/03/2006 09:06
> Please respond to
> [email protected]
>
>
> To
> [email protected]
> cc
>
> Subject
> Re: Can't login after register,and no error display
>
>
>
>
>
>
> Since this wouldn't work I'm really getting desperate ... I've got the
> feeling that it's some kind of a very small configuration change that is
> needed ... I also deployed the while application again, but with the
same
> result ...
>
> I've seen the topic op internet a few times but no one has posted a
> solution ...
>
> What's is also weird is that when enter a non existing username and
> password I get the same result ... I don't get any error saysing that
the
> user doesn't exist or that the combination of username and password
> doesn't exist ... Does that ring any bell ??
>
> When using a user that does exist and I check the logfile it shows me
the
> following:
>
> '[EMAIL PROTECTED]:
> Username: anonymous; Password: [PROTECTED]; Authenticated: true;
Details:
> [EMAIL PROTECTED]: RemoteIpAddress:
> 10.3.0.4; SessionId: 0a01009bce982fe1500a2644bff8a88a16960c5ce9a;
Granted
> Authorities: ROLE_ANONYMOUS'
>
> This I find weird because the username is anonymous ... While I typed in
a
>
>
> username ... Weird ... It does say I'm authenticated but with the
> ANONYMOUS ROLE ...
>
> Really hope someone can help me ...
>
>
> Pretty please ?
>
>
>
>
> Tommeke <[EMAIL PROTECTED]>
> 15/03/2006 09:57
> Please respond to
> [email protected]
>
>
> To
> [email protected]
> cc
>
> Subject
> Re: Can't login after register,and no error display
>
>
>
>
>
>
>
> According to me the problem is situated in the security.xml ... I'm
> experimenting a little bit ...
> Check out the installation guide at topic 8.2
> --
> View this message in context:
>
http://www.nabble.com/Can%27t-login-after-register%2Cand-no-error-display-t1259455c12275.html#a3412153
>
>
>
> Sent from the Roller - User forum at Nabble.com.
>
>
>
>
>
>
