This is a followup to my Newbie Questions... subject to provide more information about what I am encountering.
Here is my debug information when I have all the filters present in my web.xml file: 07.14.2004 09:11:01,003 DEBUG acegisecurity.ui.AbstractIntegrationFilter.doFilter:114 -> Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication) 07.14.2004 09:11:13,703 DEBUG intercept.web.RegExpBasedFilterInvocationDefinitionMap.lookupAttributes:144 -> Candidate is: '/flex-ws/FlexRemoteObjectService/remoteObject_OrderBusinessDelegate'; pattern is \A/secure/super.*\Z; matched=false 07.14.2004 09:11:13,703 DEBUG intercept.web.RegExpBasedFilterInvocationDefinitionMap.lookupAttributes:144 -> Candidate is: '/flex-ws/FlexRemoteObjectService/remoteObject_OrderBusinessDelegate'; pattern is \A/.*\Z; matched=true 07.14.2004 09:11:13,719 DEBUG acegisecurity.intercept.AbstractSecurityInterceptor.interceptor:273 -> Secure object: FilterInvocation: URL: /flex-ws/FlexRemoteObjectService/remoteObject_OrderBusinessDelegate; ConfigAttributes: [ROLE_SUPERVISOR, ROLE_TELLER] 07.14.2004 09:11:30,965 DEBUG intercept.web.SecurityEnforcementFilter.doFilter:191 -> Authentication failed - adding target URL to Session: http://localhost:8080/onjava/flex-ws/FlexRemoteObjectService/remoteObject_OrderBusinessDelegate 07.14.2004 09:12:00,255 INFO proxool.stats.spring.statistics:66 -> 09:11:00 - 09:12:00, s:0:0.00/s, r:0:0.00/s, a:0.00ms/0.00 07.14.2004 09:12:09,518 DEBUG ui.webapp.AuthenticationProcessingFilterEntryPoint.commence:176 -> Redirecting to: http://localhost:8080/onjava/OrderPlacer.mxml 07.14.2004 09:12:26,654 DEBUG acegisecurity.ui.AbstractIntegrationFilter.doFilter:142 -> ContextHolder does not contain any authentication information Here are the filters that I have in my web.xml: <filter> <filter-name>Acegi Channel Processing Filter</filter-name> <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy </filter-class> <init-param> <param-name>targetClass</param-name> <param-value> net.sf.acegisecurity.securechannel.ChannelProcessingFilter</param-value> </init-param> </filter> <filter> <filter-name>Acegi Authentication Processing Filter</filter-name> <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy </filter-class> <init-param> <param-name>targetClass</param-name> <param-value> net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter</param-value> </init-param> </filter> <filter> <filter-name>Acegi HTTP BASIC Authorization Filter</filter-name> <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy </filter-class> <init-param> <param-name>targetClass</param-name> <param-value> net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter</param-value> </init-param> </filter> <filter> <filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name> <filter-class>net.sf.acegisecurity.ui.AutoIntegrationFilter </filter-class> </filter> <filter> <filter-name>Acegi HTTP Request Security Filter</filter-name> <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy </filter-class> <init-param> <param-name>targetClass</param-name> <param-value> net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter</param-value> </init-param> </filter> And here is the class that I would expect to intercept the SOAP authentication - BasicProcessingFilterEntryPoint:commence(req, res); However, this method never gets invoked. My setup is very similar to the sample application that comes with the download. The sample works fine for me. Thanks, Mark ----- Forwarded by Mark Eagle/MATRIX on 07/14/2004 01:50 PM ----- Mark Eagle/MATRIX 07/14/2004 01:30 To PM [EMAIL PROTECTED] eforge.net cc Subject Newbie Questions... First, thanks to Ben for helping me understand some of the Acegi internals. My question revolves around using BASIC authentication with Acegi. First, let me start by stating that I am not using HTML. I am using Flex which uses a Flash client with SOAP requests. What I want to know is if I use BASIC authentication will Acegi still be able to use the notion of a ContextHolder to store authentication credentials such as roles? I want to use the roles for my Spring managed business objects of course. Furthermore, is there a filter that I should be using that will not redirect to a page if authentication fails? Instead of the filter redirecting to a JSP, or other page, I would like to just send a response.sendError(HttpServlet.SC_UNAUTHORIZED) back to the client. Should I just write my own filter that is similar to the BasicProcessingFilter and append it in the chain of filters? The Flash client is expecting a 401 HTTP error to notice a Client.Authentication fault/exception. The current filter tries to redirect to the custom login form which does not apply in my context. Here is an example of the kind of filter I would need for my Flex client to understand what happens when the user is not authenticated: public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String authorization = request.getHeader("Authorization"); boolean authorized = false; if (authorization != null) { String encoded = authorization.substring(HttpServletRequest.BASIC_AUTH.length()); String decoded = new String(Base64.decode(encoded)); String username = decoded.substring(0, decoded.indexOf(":")); String password = decoded.substring(decoded.indexOf(":") + 1); authorized = "sampleuser".equals(username) && "samplepassword".equals(password); } if (!authorized) { response.setHeader("WWW-Authenticate", "BASIC realm=\"\""); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } chain.doFilter(req, res); } Also, can I narrow the number of filters that need to be applied if I use BASIC authentication? This security framework would be a *huge* advantage for our development if we can integrate it with Spring and Flex. Thanks, Mark ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
