Dear List,
I'm sorry, I think I found my problem, and it was a stupid one. It
took a 3rd cup of coffee to make it appear.
I wasn't prefixing my Authority strings with "ROLE_"
i.e. my DB had "ADMIN" stored in a field instead of "ROLE_ADMIN"
This still doesn't explain why I wasn't redirected properly to the
LoginFailure page.
When I type in the URL for the LoginFailure manually, it works of course.
Daniel
On 7/2/07, Daniel Jue <[EMAIL PROTECTED]> wrote:
I am beating my head against a brick wall.
I am trying to get Acegi working (using Spring to configure it). I
have it working to the point where a secured page (secured in the xml
files, not using any annotations for securing classes) redirects me to
a login page.
If I type in a login/password that is wrong, I get sent to my "Access
Denied" page like I want.
However with a good login, I'm getting unsuccessfully forwarded to my
"Access Denied" page. The url at the top displays the secure url I
was trying to go to, but the browser displays a 404 error indicating
it can't find the AccessDenied page.
It seems like there are sooo many things that can go wrong with an
Acegi configuration.
I only want form authentication, so the Basic authentication filter
can probably be deleted.
It would be nice to see a complete T5 Acegi application this on the T5
Wiki, first with Spring configuration, since Tapestry-Acegi is not
ported to T5 yet.
<sigh>
Here is my configuration:
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"><ref
bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref
bean="httpRequestAccessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/start=ROLE_ADMIN
/loginsuccess=ROLE_ADMIN
/tests/gridpage=ROLE_ADMIN
/tests/guess=ROLE_ADMIN
/tests/hilo=ROLE_ADMIN
/tests/imagepage=ROLE_ADMIN
/postlogin=ROLE_ANONYMOUS,ROLE_ADMIN
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
</bean>
<bean id="httpRequestAccessDecisionManager"
class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>true</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
</list>
</property>
</bean>
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/LogoutSuccess"/> <!-- URL redirected to
after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<bean
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="rememberMeAuthenticationProvider"
class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key"><value>springRocks</value></property>
</bean>
<bean id="rememberMeProcessingFilter"
class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="rememberMeServices"><ref
bean="rememberMeServices"/></property>
</bean>
<bean id="rememberMeServices"
class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService"><ref
bean="userDetailsService"/></property>
<property name="key"><value>springRocks</value></property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
<property name="rolePrefix">
<value>ROLE_</value>
</property>
</bean>
<bean id="userDetailsService"
class="myapp.security.AuthenticationJdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource"/>
</property>
<property name="userInfoObjectTypes">
<list>
<value>Admin</value>
<value>Standard</value>
</list>
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="resourceRef">
<value>true</value>
</property>
<property name="jndiName">
<value>java:comp/env/jdbc/MyUserDatabase</value>
</property>
</bean>
<bean id="accessDecisionManager"
class="org.acegisecurity.vote.UnanimousBased">
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
<!--<ref
local="anonymousAuthenticationProvider"/>-->
<ref bean="rememberMeAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="filterProcessesUrl"
value="/j_acegi_security_check" />
<property name="authenticationFailureUrl" value="/AccessDenied" />
<property name="defaultTargetUrl" value="/" />
<property name="authenticationManager" ref="authenticationManager"
/>
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>
<bean id="formAuthenticationEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/tests/comcypozpetroslogin"
/>
<property name="forceHttps" value="false" />
</bean>
<bean id="basicProcessingFilter"
class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager"><ref
bean="authenticationManager"/></property>
<property name="authenticationEntryPoint"><ref
bean="basicProcessingFilterEntryPoint"/></property>
</bean>
<bean id="basicProcessingFilterEntryPoint"
class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName"><value>Contacts Realm</value></property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref bean="userDetailsService" />
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref bean="formAuthenticationEntryPoint"/>
</property>
<property name="accessDeniedHandler">
<bean
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage"
value="/AccessDenied"/>
</bean>
</property>
</bean>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
