I'm a newbie to acegi-security and am running into a problem (probably something stupid on my end). Anyway, I have a page that is protected. The definition in my FilterSecurityInterceptor goes something like this: /rcp/launchhr.jsp=ROLE_HUMANRESOURCES Ok, so I attempt to access the page and acegi security kicks me to the login page. So far, so good. I enter a user and password that does not have the required role and get kicked to the login error page (the login failed) - though I expected to see an error telling me I didn't have the required authority (roles) to access the page. After looking through the debug output, I see that acegi validated the user and password, but it seems (from the debug output) that the user was still not authenticated. Any ideas what I'm doing wrong? Here is the log output of interest (Look at the third log entry in particular):
... 11:22:55,394 DEBUG [XmlWebApplicationContext] Publishing event in context [Root XmlWebApplicationContext]: [EMAIL PROTECTED]: Username: sysadmin; Password: [PROTECTED]; Authenticated: false; Details: 127.0.0.1; Not granted any authorities] 11:22:55,394 INFO [LoggerListener] Authentication success for user: sysadmin; details: 127.0.0.1 11:22:55,394 DEBUG [AbstractProcessingFilter] Authentication success: [EMAIL PROTECTED]: Username: sysadmin; Password: [PROTECTED]; Authenticated: false; Details: null; Granted Authorities: ROLE_ADMIN, ROLE_USER, ROLE_SYSADMIN 11:22:55,394 DEBUG [AbstractProcessingFilter] Redirecting to target URL from HTTP Session (or default): http://localhost:8080/mm/rcp/launchhr.jsp 11:22:55,394 DEBUG [SecurityEnforcementFilter] Chain processed normally 11:22:55,399 DEBUG [PathBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '[EMAIL PROTECTED]'; to: '/rcp/launchhr.jsp' 11:22:55,399 DEBUG [PathBasedFilterInvocationDefinitionMap] Candidate is: '/rcp/launchhr.jsp'; pattern is /rcp/launchhr.jsp; matched=true 11:22:55,399 DEBUG [AbstractSecurityInterceptor] Secure object: FilterInvocation: URL: /rcp/launchhr.jsp; ConfigAttributes: [ROLE_HUMANRESOURCES] 11:22:55,399 DEBUG [SecurityEnforcementFilter] Authentication failed - adding target URL to Session: http://localhost:8080/mm/rcp/launchhr.jsp 11:22:55,399 DEBUG [AuthenticationProcessingFilterEntryPoint] Redirecting to: http://localhost:8080/mm/login.jsp 11:22:55,408 DEBUG [PathBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '[EMAIL PROTECTED]'; to: '/login.jsp' ... ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
