Nevermind... was so sure that I had it working without a SecurityEnforcementFilter that I
didn't hook one up for basic.... Got it working now...
b
Ben Munat wrote:
Hi All,
I've been trying to figure out why my basic auth configuration stopped
working in my app for hours now. I don't think I've changed anything in
my configuration that would affect it and I haven't changed Acegi
verions (still on 0.83).
I have the following in my config:
<bean id="filterChainProxy"
class="net.sf.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/services/**=httpSessionContextIntegrationFilter,basicAuthenticationFilter
/**/*=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityEnforcementFilter
</value>
</property>
</bean>
<bean id="basicAuthenticationFilter"
class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
<property name="authenticationEntryPoint"><ref
local="basicAuthEntryPoint"/></property>
<property name="authenticationManager"><ref
local="authenticationManager"/></property>
</bean>
<bean id="basicAuthEntryPoint"
class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName"><value>OSCAR</value></property>
</bean>
And I swear the basic auth was kicking in on a /services/* url at one
point, but now it doesn't.
I've debugged it into the BasicProcessingFilter I see that it looks for
a header called "Authorization" and then falls out unless that header is
non-null and starts with "Basic". Well, it's always null and the chain
continues, serving the page without authorization.
I see that the BasicProcessingFilterEntryPoint has the code to send the
401 to the client in the commence method, but that is *only* called
within the body of the above if statement... which it never gets to
because the "Authorization" header is always null!
Could someone please fill me in on how this is supposed to work? Did I
just accidentally remove some other piece of configuration? Why would
the code that sends the 401 response be inside an if-block that depends
on an Authorization header?
Thanks very much in advance for any help!!
Ben
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
