Hello,
I've configured Acegi for my web apllication that is based on Spring. After
clicking submit in my html-form I get an exception:
AuthenticationCredentialsNotFoundException: An Authentication object was not
found in the SecurityContext
I don't know why. Acegi shall secure everything pointing to "secure/*". The
login page itself is located in the root directory as "login.jsp". Maybe the
form action value is wrong pointing to "/secure/j_acegi_security_check"
(which would be in the secured path). But how do I have to change this to
work properly?
Here is my acegi configuration:
<beans>
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"><ref
local="authenticationDao"/></property>
</bean>
<bean id="authenticationDao"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource"><ref bean="dataSource"/></property>
<property name="usersByUsernameQuery">
<value>select name as username,
password,enabled as ENABLED from users where
name=?
</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>select users.name as username,
roles.name as authority from users,
roles,userroles where
userroles.user_id=users.id and
userroles.role_id=roles.id and users.name=?
</value>
</property>
</bean>
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,formAuthenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<bean id="formAuthenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="filterProcessesUrl">
<value>/j_acegi_security_check</value>
</property>
<property name="authenticationFailureUrl">
<value>/login_failed.jsp</value>
</property>
<property name="defaultTargetUrl">
<value>/login.jsp</value>
</property>
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref bean="formLoginAuthenticationEntryPoint" />
</property>
</bean>
<bean id="filterSecurityInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/*=USER
/secure/webadmin/*=WEB_ADMINISTRATOR
/secure/groupadmin/*=GROUP_ADMINISTRATOR
</value>
</property>
</bean>
<bean id="formLoginAuthenticationEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/login.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
<bean id="accessDecisionManager"
class="org.acegisecurity.vote.UnanimousBased">
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
<property name="rolePrefix">
<value></value>
</property>
</bean>
</beans>
Here is the web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";>
<!-- <listener>
<description>ServletContextListener</description>
<listener-class>de.sourcepark.bls.bestellsystem.ConfigurationListener</listener-class>
</listener> -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>SpringDispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SpringDispatcher</servlet-name>
<url-pattern>*.command</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/secure/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/SpringDispatcher-servlet.xml
/WEB-INF/applicationContext-acegi-security.xml
</param-value>
</context-param>
</web-app>
There is a Spring configuration xml, too. It defines the dataSource-bean and
some controllers. But I think there's no problem with that.
Any help would be appreciated.
Thanks in advance!
--
View this message in context:
http://www.nabble.com/AuthenticationCredentialsNotFoundException%3A-An-Authentication-object-was-not-found-in-the-SecurityContext-tf2588362.html#a7217342
Sent from the acegisecurity-developer mailing list archive at Nabble.com.
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
