Hello,
I have an issue with a web app (let's call it A) protected by acegi (1.0.0-RC2) ans CAS authentication manager.
This web app A is accessed through a proxy web application (let's call it B).
B transmit a proxy ticket to A which validates this ticket against CAS server, put the authentication object in SecureContext, then redirect to an URL transmitted from B. This URL is the starting URL of application A. But in between, when the redirection happens, the authentication object is lost!
Any suggestions please?
Here is the trace of web app A :
12:18:45,462 DEBUG PathBasedFilterInvocationDefinitionMap:113 - Converted URL to lowercase, from: '/j_acegi_cas_security_check'; to: '/j_acegi_cas_security_check'
12:18:45,478 DEBUG PathBasedFilterInvocationDefinitionMap:126 - Candidate is: '/j_acegi_cas_security_check'; pattern is /**; matched=true
12:18:45,478 DEBUG FilterChainProxy:297 - /j_acegi_cas_security_check?ticket=ST-17-y2bsOOo6WXpSEPHjMyTbdaAzEjSZbRAA2lf-20&redirect=http%3A%2F%2Fcn1983%3A8080%2FCreditsWebApp%2Fhtml%2FenterApplication.jsp%3Flanguage%3Dfr%26logonId%3Dtoto%26agentIdn%3D524778181%26personIdn%3D637345873 at position 1 of 5 in additional filter chain; firing Filter: '
[EMAIL PROTECTED]'
12:18:45,478 DEBUG RegExpBasedFilterInvocationDefinitionMap:129 - Converted URL to lowercase, from: '/j_acegi_cas_security_check?ticket=st-17-y2bsooo6wxpsephjmytbdaazejszbraa2lf-20&redirect=http%3a%2f%2fcn1983%3a8080%2fcreditswebapp%2fhtml%2fenterapplication.jsp%3flanguage%3dfr%26logonid%3dtoto%26agentidn%3d524778181%26personidn%3d637345873'; to: '/j_acegi_cas_security_check?ticket=st-17-y2bsooo6wxpsephjmytbdaazejszbraa2lf-20&redirect=http%3a%2f%2fcn1983%3a8080%2fcreditswebapp%2fhtml%2fenterapplication.jsp%3flanguage%3dfr%26logonid%3dtoto%26agentidn%3d524778181%26personidn%3d637345873'
12:18:45,509 DEBUG RegExpBasedFilterInvocationDefinitionMap:141 - Candidate is: '/j_acegi_cas_security_check?ticket=st-17-y2bsooo6wxpsephjmytbdaazejszbraa2lf-20&redirect=http%3a%2f%2fcn1983%3a8080%2fcreditswebapp%2fhtml%2fenterapplication.jsp%3flanguage%3dfr%26logonid%3dtoto%26agentidn%3d524778181%26personidn%3d637345873'; pattern is \A/html/.*\Z; matched=false
12:18:45,509 DEBUG RegExpBasedFilterInvocationDefinitionMap:141 - Candidate is: '/j_acegi_cas_security_check?ticket=st-17-y2bsooo6wxpsephjmytbdaazejszbraa2lf-20&redirect=http%3a%2f%2fcn1983%3a8080%2fcreditswebapp%2fhtml%2fenterapplication.jsp%3flanguage%3dfr%26logonid%3dtoto%26agentidn%3d524778181%26personidn%3d637345873'; pattern is \A/j_acegi_cas_security_check.*\Z; matched=true
12:18:45,509 DEBUG ChannelProcessingFilter:157 - Request:
https://cn1983:8443/CreditsWebApp/j_acegi_cas_security_check?ticket=ST-17-y2bsOOo6WXpSEPHjMyTbdaAzEjSZbRAA2lf-20&redirect=http%3A%2F%2Fcn1983%3A8080%2FCreditsWebApp%2Fhtml%2FenterApplication.jsp%3Flanguage%3Dfr%26logonId%3Dtoto%26agentIdn%3D524778181%26personIdn%3D637345873
; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
12:18:45,509 DEBUG FilterChainProxy:297 - /j_acegi_cas_security_check?ticket=ST-17-y2bsOOo6WXpSEPHjMyTbdaAzEjSZbRAA2lf-20&redirect=http%3A%2F%2Fcn1983%3A8080%2FCreditsWebApp%2Fhtml%2FenterApplication.jsp%3Flanguage%3Dfr%26logonId%3Dtoto%26agentIdn%3D524778181%26personIdn%3D637345873 at position 2 of 5 in additional filter chain; firing Filter: '
[EMAIL PROTECTED]'
12:18:45,509 DEBUG HttpSessionContextIntegrationFilter:203 - No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder
12:18:45,509 DEBUG FilterChainProxy:297 - /j_acegi_cas_security_check?ticket=ST-17-y2bsOOo6WXpSEPHjMyTbdaAzEjSZbRAA2lf-20&redirect=http%3A%2F%2Fcn1983%3A8080%2FCreditsWebApp%2Fhtml%2FenterApplication.jsp%3Flanguage%3Dfr%26logonId%3Dtoto%26agentIdn%3D524778181%26personIdn%3D637345873 at position 3 of 5 in additional filter chain; firing Filter: '
[EMAIL PROTECTED]'
12:18:45,509 DEBUG AbstractProcessingFilter:220 - Request is to process authentication
12:18:45,525 DEBUG ProviderManager:202 - Authentication attempt using
org.acegisecurity.providers.cas.CasAuthenticationProvider
12:18:45,650 DEBUG AcceptAnyCasProxy:51 - Always accepting proxy list: [https://hn144.crelan.be:8083/PortalSecureProxy/casProxy
]
12:18:45,665 DEBUG AdvancedCasProcessingFilter:28 - Authentication success: [EMAIL PROTECTED]: Username: u150161; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER; Credentials (Service/Proxy Ticket): ST-17-y2bsOOo6WXpSEPHjMyTbdaAzEjSZbRAA2lf-20; Proxy-Granting Ticket IOU: ; Proxy List: [
https://hn144.crelan.be:8083/PortalSecureProxy/casProxy]
12:18:45,665 DEBUG AdvancedCasProcessingFilter:34 - Updated SecurityContextHolder to contain the following Authentication: '
[EMAIL PROTECTED]: Username: u150161; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER; Credentials (Service/Proxy Ticket): ST-17-y2bsOOo6WXpSEPHjMyTbdaAzEjSZbRAA2lf-20; Proxy-Granting Ticket IOU: ; Proxy List: [
https://hn144.crelan.be:8083/PortalSecureProxy/casProxy]'
12:18:45,665 DEBUG AdvancedCasProcessingFilter:59 - Redirecting to target URL from HTTP Session (or default):
http://cn1983:8080/CreditsWebApp/html/enterApplication.jsp?language=fr&logonId=toto&agentIdn=524778181&personIdn=637345873
12:18:45,665 DEBUG HttpSessionContextIntegrationFilter:276 - SecurityContext stored to HttpSession: '[EMAIL PROTECTED]: Authentication: [EMAIL PROTECTED]
: Username: u150161; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER; Credentials (Service/Proxy Ticket): ST-17-y2bsOOo6WXpSEPHjMyTbdaAzEjSZbRAA2lf-20; Proxy-Granting Ticket IOU: ; Proxy List: [
https://hn144.crelan.be:8083/PortalSecureProxy/casProxy]'
12:18:45,665 DEBUG HttpSessionContextIntegrationFilter:285 - SecurityContextHolder set to new context, as request processing completed
12:18:46,743 DEBUG PathBasedFilterInvocationDefinitionMap:113 - Converted URL to lowercase, from: '/html/enterapplication.jsp'; to: '/html/enterapplication.jsp'
12:18:46,743 DEBUG PathBasedFilterInvocationDefinitionMap:126 - Candidate is: '/html/enterapplication.jsp'; pattern is /**; matched=true
12:18:46,743 DEBUG FilterChainProxy:297 - /html/enterApplication.jsp?language=fr&logonId=toto&agentIdn=524778181&personIdn=637345873 at position 1 of 5 in additional filter chain; firing Filter: '[EMAIL PROTECTED]
'
12:18:46,743 DEBUG RegExpBasedFilterInvocationDefinitionMap:129 - Converted URL to lowercase, from: '/html/enterapplication.jsp?language=fr&logonid=toto&agentidn=524778181&personidn=637345873'; to: '/html/enterapplication.jsp?language=fr&logonid=toto&agentidn=524778181&personidn=637345873'
12:18:46,743 DEBUG RegExpBasedFilterInvocationDefinitionMap:141 - Candidate is: '/html/enterapplication.jsp?language=fr&logonid=toto&agentidn=524778181&personidn=637345873'; pattern is \A/html/.*\Z; matched=true
12:18:46,743 DEBUG ChannelProcessingFilter:157 - Request: http://cn1983:8443/CreditsWebApp/html/enterApplication.jsp?language=fr&logonId=toto&agentIdn=524778181&personIdn=637345873
; ConfigAttributes: [REQUIRES_INSECURE_CHANNEL]
12:18:46,743 DEBUG FilterChainProxy:297 - /html/enterApplication.jsp?language=fr&logonId=toto&agentIdn=524778181&personIdn=637345873 at position 2 of 5 in additional filter chain; firing Filter: '
[EMAIL PROTECTED]'
12:18:46,743 DEBUG HttpSessionContextIntegrationFilter:203 - No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder
12:18:46,743 DEBUG FilterChainProxy:297 - /html/enterApplication.jsp?language=fr&logonId=toto&agentIdn=524778181&personIdn=637345873 at position 3 of 5 in additional filter chain; firing Filter: '[EMAIL PROTECTED]
'
12:18:46,759 DEBUG FilterChainProxy:297 - /html/enterApplication.jsp?language=fr&logonId=toto&agentIdn=524778181&personIdn=637345873 at position 4 of 5 in additional filter chain; firing Filter: '[EMAIL PROTECTED]
'
12:18:46,759 DEBUG FilterChainProxy:297 - /html/enterApplication.jsp?language=fr&logonId=toto&agentIdn=524778181&personIdn=637345873 at position 5 of 5 in additional filter chain; firing Filter: '[EMAIL PROTECTED]
'
12:18:46,759 DEBUG PathBasedFilterInvocationDefinitionMap:113 - Converted URL to lowercase, from: '/html/enterapplication.jsp'; to: '/html/enterapplication.jsp'
12:18:46,759 DEBUG PathBasedFilterInvocationDefinitionMap:126 - Candidate is: '/html/enterapplication.jsp'; pattern is /**; matched=true
12:18:46,759 DEBUG AbstractSecurityInterceptor:301 - Secure object: FilterInvocation: URL: /html/enterApplication.jsp?language=fr&logonId=toto&agentIdn=524778181&personIdn=637345873; ConfigAttributes: [ROLE_USER]
12:18:46,790 DEBUG ExceptionTranslationFilter:150 - Authentication exception occurred; redirecting to authentication entry point
org.acegisecurity.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
at org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:414)
at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java
:308)
at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:113)
at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java
:79)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:143)
at
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:246)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter
(FilterChainProxy.java:303)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:220)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter
(FilterChainProxy.java:303)
at org.acegisecurity.securechannel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:168)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java
:303)
at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:213)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java
:256)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext
(StandardPipeline.java:643)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java
:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke
(StandardContext.java:2417)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java
:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext
(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service
(CoyoteAdapter.java:193)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java
:549)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:589)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:666)
at java.lang.Thread.run(Thread.java
:534)
12:18:46,790 DEBUG ExceptionTranslationFilter:255 - Authentication entry point being called; target URL added to Session:
http://cn1983:8080/CreditsWebApp/html/enterApplication.jsp?language=fr&logonId=toto&agentIdn=524778181&personIdn=637345873
12:18:46,790 DEBUG HttpSessionContextIntegrationFilter:285 - SecurityContextHolder set to new context, as request processing completed
- [Acegisecurity-developer] SecurityContext keeps losing the Aut... Lucas Opara
