Re: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors
Tiny URL version: http://tinyurl.com/8zhka On 11/7/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Oliver, Very, very interesting - excellent find. I have several things to test tomorrow. Scott -Original Message- From: Oliver Hutchison [mailto:[EMAIL PROTECTED] Sent: Monday, November 07, 2005 11:13 PM To: acegisecurity-developer@lists.sourceforge.net Subject: RE: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors Looks like this you hit this: http://groups.google.com/groups?hl=delr=ie=UTF-8oe=UTF-8th readm=3F84 200E.4060207%40profitsoftware.comrnum=1prev=/groups%3Fq%3D%2 52Binherit ablethreadlocal%2Bnullpointerexception%26ie%3DUTF-8%26oe%3DUTF -8%26hl%3D de http://groups.google.com/groups?hl=delr=ie=UTF-8oe=UTF-8t hreadm=3F8 4200E.4060207%40profitsoftware.comrnum=1prev=/groups%3Fq%3D% 252Binheri tablethreadlocal%2Bnullpointerexception%26ie%3DUTF-8%26oe%3DUT F-8%26hl%3 Dde HTH Ollie From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark St.Godard Sent: Tuesday, 8 November 2005 2:46 PM To: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors I dont think its in the Assert...from the stackTrace it looks like it is getting into the contextHolder.set( ) when it NPEs I use Websphere 6 and Tomcat 5.5 ... I will also upgrade to 0.9 tomorow and see if it displays the appropriate behavior. Cheers, Mark On 11/7/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi Mark and Ben, I'm using WSAD 5.1 with its built-in Websphere 5.0 Test Environment on Windows XP Pro, then deploying to a Websphere Application Server 5.0 instance on Windows 2000 Server. Websphere 5.0 is still widely used in the financial industry, and uses IBM's JDK 1.3. It isn't practical for me to test the app under Tomcat due to some classloading issue I haven't had time to debug, but I suspect it would work OK (as would running it within WAS 6.0). I'd be glad to switch the code back to ThreadLocal but I'm wondering if the Assert code might actually be the problem? Thanks, Scott From: Mark St.Godard [mailto:[EMAIL PROTECTED] ] Sent: Monday, November 07, 2005 9:34 PM To: acegisecurity-developer@lists.sourceforge.net mailto:acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors Ben, Scott, Scott what version of Websphere are you running? What JRE/JDK version? Ben the code looks fine... seems abnormal for InheritableThreadLocal to NPE... Scott, try without the InheritableTL or as Ben suggests try a different servlet container / appserver if you can. Cheers, Mark On 11/7/05, Ben Alex [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: [11/7/05 15:24:43:513 EST] 5a6d5a6d WebGroup E SRVE0026E: [Servlet Error]-[Filter [Acegi Filter Chain Proxy]: filter is unavailable.]: java.lang.NullPointerException at java.lang.Throwable.init(Throwable.java) at java.lang.Throwable .init(Throwable.java) at java.lang.NullPointerException.init(NullPointerException.java:63) at java.lang.InheritableThreadLocal.set(InheritableThreadLocal.java :95) at net.sf.acegisecurity.context.SecurityContextHolder.setContext( SecurityCo ntextHolder.java:58) at net.sf.acegisecurity.context.HttpSessionContextIntegrationFilt er.doFilte r (HttpSessionContextIntegrationFilter.java:207) Very odd. If you look at the code for SecurityContextHolder: private static InheritableThreadLocal contextHolder = new InheritableThreadLocal(); public static void setContext(SecurityContext context) { Assert.notNull(context,
RE: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors
Oliver, You were absolutely right - it's an IBM JDK 1.3 issue. I can't post to the developer group from work right now, so could you forward this for me? I started WSAD 5.1 and its Websphere 5.0's test environment in run mode (debug disabled) and everything ran fine with 0.9.0-SNAPSHOT, but ONLY in run mode - debug mode failed with the NPE I reported earlier. I then dropped in 0.9.0-SNAPHOT-WITH-THREADLOCAL and sure enough, both the run mode and debug mode worked fine. This looks to only effect WSAD 5.x users debugging with the Websphere 5.0 Test Environment. I recommend that 0.9.0 still get released with a mention in the 0.8.0-0.9.0 upgrade doc about this and that a 0.9.0-FOR-IBM-JDK-1.3 (or whatever) be available for users still on WSAD 5.x. Thoughts? Scott Quoting Oliver Hutchison [EMAIL PROTECTED]: Looks like this you hit this: http://groups.google.com/groups?hl=delr=ie=UTF-8oe=UTF-8threadm=3F84[1] 200E.4060207%40profitsoftware.comrnum=1prev=/groups%3Fq%3D%252Binherit ablethreadlocal%2Bnullpointerexception%26ie%3DUTF-8%26oe%3DUTF-8%26hl%3D de http://groups.google.com/groups?hl=delr=ie=UTF-8oe=UTF-8threadm=3F8[2] 4200E.4060207%40profitsoftware.comrnum=1prev=/groups%3Fq%3D%252Binheri tablethreadlocal%2Bnullpointerexception%26ie%3DUTF-8%26oe%3DUTF-8%26hl%3 Dde Links: -- [1] /horde/services/go.php?url=http%3A%2F%2Fgroups.google.com%2Fgroups%3Fhl%3Dde%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26threadm%3D3F84 [2] /horde/services/go.php?url=http%3A%2F%2Fgroups.google.com%2Fgroups%3Fhl%3Dde%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26threadm%3D3F8 --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
FW: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors
Forwarded on for Scott -Original Message- From: Scott McCrory [mailto:[EMAIL PROTECTED] Sent: Wednesday, 9 November 2005 3:10 AM To: Oliver Hutchison Cc: acegisecurity-developer@lists.sourceforge.net Subject: RE: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors Oliver, You were absolutely right - it's an IBM JDK 1.3 issue. I can't post to the developer group from work right now, so could you forward this for me? I started WSAD 5.1 and its Websphere 5.0's test environment in run mode (debug disabled) and everything ran fine with 0.9.0-SNAPSHOT, but ONLY in run mode - debug mode failed with the NPE I reported earlier. I then dropped in 0.9.0-SNAPHOT-WITH-THREADLOCAL and sure enough, both the run mode and debug mode worked fine. This looks to only effect WSAD 5.x users debugging with the Websphere 5.0 Test Environment. I recommend that 0.9.0 still get released with a mention in the 0.8.0-0.9.0 upgrade doc about this and that a 0.9.0-FOR-IBM-JDK-1.3 (or whatever) be available for users still on WSAD 5.x. Thoughts? Scott Quoting Oliver Hutchison [EMAIL PROTECTED]: Looks like this you hit this: http://groups.google.com/groups?hl=delr=ie=UTF-8oe=UTF-8threadm=3F84 [1] 200E.4060207%40profitsoftware.comrnum=1prev=/groups%3Fq%3D%252Binherit ablethreadlocal%2Bnullpointerexception%26ie%3DUTF-8%26oe%3DUTF-8%26hl%3D de http://groups.google.com/groups?hl=delr=ie=UTF-8oe=UTF-8threadm=3F8 [2] 4200E.4060207%40profitsoftware.comrnum=1prev=/groups%3Fq%3D%252Binheri tablethreadlocal%2Bnullpointerexception%26ie%3DUTF-8%26oe%3DUTF-8%26hl%3 Dde Links: -- [1] /horde/services/go.php?url=http%3A%2F%2Fgroups.google.com%2Fgroups%3Fhl% 3Dde%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26threadm%3D3F84 [2] /horde/services/go.php?url=http%3A%2F%2Fgroups.google.com%2Fgroups%3Fhl% 3Dde%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26threadm%3D3F8 --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Preparing for 0.9.0
On Nov 3, 2005, at 9:51 AM, Ben Alex wrote: Hi everyone CVS now contains pretty much all the tasks scheduled for 0.9.0. The roadmap is at: http://opensource2.atlassian.com/projects/spring/browse/SEC? report=com.atlassian.jira.plugin.system.project:roadmap-panel I'd be grateful if people using CVS could checkout and provide feedback on the changes / stability of the code over the next couple of days so that we can release. Cheers I've been attempting to upgrade AppFuse to use 0.9.0 (from 0.8.3) for the last hour or so and I've had pretty good luck so far. However, there's one issue that I can't seem to solve. With 0.8.3, I used the following to automatically login a user after they registered: // log user in automatically Authentication auth = new UsernamePasswordAuthenticationToken (user.getUsername(), user.getConfirmPassword()); auth.sentAuthenticated(true); try { ProviderManager authenticationManager = (ProviderManager) getBean(authenticationManager); SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication (authenticationManager.doAuthentication(auth)); } catch (NoSuchBeanDefinitionException n) { // ignore, should only happen when testing } (of course, class names have been changed for 0.9.0). With 0.9.0, this doesn't work. First of all, I needed to change the constructor of UsernamePasswordAuthenticationToken to: Authentication auth = new UsernamePasswordAuthenticationToken (user.getUsername(), user.getConfirmPassword(), new GrantedAuthority[] {new GrantedAuthorityImpl (Constants.USER_ROLE)}); But this doesn't seem to solve anything. I also tried reseetting the SecurityContext on the SecurityContextHolder, but that doesn't seem to help either. ctx.setAuthentication (authenticationManager.doAuthentication(auth)); SecurityContextHolder.setContext(ctx); Here's a diff of changes I've made in my applicationContext- security.xml file: Index: applicationContext-security.xml === RCS file: /cvs/appfuse/web/WEB-INF/applicationContext-security.xml,v retrieving revision 1.14 diff -u -r1.14 applicationContext-security.xml --- applicationContext-security.xml19 Sep 2005 22:03:36 - 1.14 +++ applicationContext-security.xml8 Nov 2005 06:46:50 - @@ -47,8 +47,8 @@ /property /bean -!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -- -bean id=loggerListener class=net.sf.acegisecurity.providers.dao.event.LoggerListener/ +!-- Log failed authentication attempts to commons-logging -- +bean id=loggerListener class=net.sf.acegisecurity.event.authentication.LoggerListener/ bean id=daoAuthenticationProvider class=net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider property name=authenticationDao ref=jdbcAuthenticationDao/ @@ -100,9 +100,7 @@ /bean !-- = HTTP REQUEST SECURITY -- -bean id=httpSessionContextIntegrationFilter class=net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter -property name=context value=net.sf.acegisecurity.context.security.SecureContextImpl/ -/bean +bean id=httpSessionContextIntegrationFilter class=net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter / bean id=authenticationProcessingFilter class=net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter property name=authenticationManager ref=authenticationManager/ @@ -122,7 +120,7 @@ property name=authenticationEntryPoint ref=authenticationProcessingFilterEntryPoint/ /bean -bean id=remoteUserFilter class=net.sf.acegisecurity.wrapper.ContextHolderAwareRequestFilter/ +bean id=remoteUserFilter class=net.sf.acegisecurity.wrapper.SecurityContextHolderAwareRequestFil ter/ bean id=authenticationProcessingFilterEntryPoint class=net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntr yPoint property name=loginFormUrl value=/login.jsp/ Thanks, Matt --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Preparing for 0.9.0
Matt Raible wrote: // log user in automatically Authentication auth = new UsernamePasswordAuthenticationToken (user.getUsername(), user.getConfirmPassword()); auth.sentAuthenticated(true); try { ProviderManager authenticationManager = (ProviderManager) getBean(authenticationManager); SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication (authenticationManager.doAuthentication(auth)); } catch (NoSuchBeanDefinitionException n) { // ignore, should only happen when testing } You can continue to use the constructor shown above, but don't call setAuthenticated(true). This will be performed by the UsernamePasswordAuthenticationToken when the AuthenticationProvider creates a new Authentication object to return. You don't want to be setting it earlier, as the GrantedAuthority[]s haven't been populated. Whilst not Acegi Security related, you might like to consider dependency injecting that authenticationManager rather than performing a lookup. Maybe try: Authentication auth = new UsernamePasswordAuthenticationToken (user.getUsername(), user.getConfirmPassword()); Authentication response = authenticationManager.authenticate(auth); SecurityContextHolder.getContext().setAuthentication(response); If this still doesn't work, try following the debug logs. It might be something to do with filters changing the SecurityContextHolder, particularly if you're going from an anonymous user. Did you see the Logic bug with AnonymousProcessingFilter thread yesterday? Cheers Ben --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors
Ben Alex wrote: I'd prefer to avoid multiple releases floating around. We should revert back to a standard ThreadLocal and not an InheritableThreadLocal and release 0.9.0. Does anyone really require InheritableThreadLocal behaviour? I've checked in the change to use ThreadLocal. This is consistent with Spring's TransactionSynchronizationManager and AopContext (but interestingly not with LocaleContextHolder). Cheers Ben --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Acegi 0.8.3 to 0.9.0 errors
Quoting Ben Alex [EMAIL PROTECTED]: Ben Alex wrote: I'd prefer to avoid multiple releases floating around. We should revert back to a standard ThreadLocal and not an InheritableThreadLocal and release 0.9.0. Does anyone really require InheritableThreadLocal behaviour? I've checked in the change to use ThreadLocal. This is consistent with Spring's TransactionSynchronizationManager and AopContext (but interestingly not with LocaleContextHolder). Cheers Ben FYI I tested Acegi 0.9.0-SNAPSHOT-WITH-THREADLOCAL in our app for 4-6 hours today and all looks well. Scott --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer