I got rid of org.acegisecurity.AccessDeniedException: Access is denied
at
org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
by changing the following
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"><ref
local="authenticationManager"/></property>
<property name="accessDecisionManager"><ref
local="httpRequestAccessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/secure/super.*\Z=ROLE_WE_DONT_HAVE
\A/secure/.*\Z=ROLE_IGNORED_BY_CAS
</value>
</property>
</bean>
ROLE_IGNORED_BY_CAS should match that of inMemoryDaoImpl bean
now after authentication i get redirected to
https://localhost:8443/concas/secure/ with page not found error (404)
the above url is same as the url which redirected me to cas login ...
log:
[DEBUG,ExceptionTranslationFilter,http-8443-Processor25]
Authentication entry point being called; SavedRequest added to
Session: SavedRequest[https://localhost:8443/concas/secure/]
[DEBUG,ExceptionTranslationFilter,http-8443-Processor25]
Authentication entry point being called; SavedRequest added to
Session: SavedRequest[https://localhost:8443/concas/secure/]
[epp] INFO [http-8443-Processor25]
AutomaticCookiePathSetterAction.doExecute(45) | Setting ContextPath
for cookies to: /cas
[epp] DEBUG [http-8443-Processor24]
CasAuthenticationHandler.authenticateUsernamePasswordInternal(63) |
Attempting to authenticate for user: marissa
[epp] DEBUG [http-8443-Processor24]
ProviderManager.doAuthentication(183) | Authentication attempt using
org.acegisecurity.providers.dao.DaoAuthenticationProvider
[epp] DEBUG [http-8443-Processor24]
CasAuthenticationHandler.authenticateUsernamePasswordInternal(77) |
Authentication request for marissa successful.
[epp] INFO [http-8443-Processor24]
AuthenticationManagerImpl.authenticate(90) | AuthenticationHandler:
org.acegisecurity.adapters.cas3.CasAuthenticationHandler successfully
authenticated the user which provided the following credentials:
marissa
[epp] INFO [http-8443-Processor24]
CentralAuthenticationServiceImpl.grantServiceTicket(166) | Granted
service ticket [ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20] for
service [https://localhost:8443/concas/j_acegi_cas_security_check] for
user [marissa]
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Converted URL to lowercase, from: '/j_acegi_cas_security_check'; to:
'/j_acegi_cas_security_check'
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Converted URL to lowercase, from: '/j_acegi_cas_security_check'; to:
'/j_acegi_cas_security_check'
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Converted URL to lowercase, from: '/j_acegi_cas_security_check'; to:
'/j_acegi_cas_security_check'
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Candidate is: '/j_acegi_cas_security_check'; pattern is /**;
matched=true
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Candidate is: '/j_acegi_cas_security_check'; pattern is /**;
matched=true
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Candidate is: '/j_acegi_cas_security_check'; pattern is /**;
matched=true
[DEBUG,FilterChainProxy,http-8443-Processor25]
/j_acegi_cas_security_check?ticket=ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20
at position 1 of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor25]
/j_acegi_cas_security_check?ticket=ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20
at position 1 of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Converted URL to lowercase, from:
'/j_acegi_cas_security_check?ticket=st-2-hoccjiln3mxifktdrf9v9hufgfw9o2fbaoz-20';
to:
'/j_acegi_cas_security_check?ticket=st-2-hoccjiln3mxifktdrf9v9hufgfw9o2fbaoz-20'
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Converted URL to lowercase, from:
'/j_acegi_cas_security_check?ticket=st-2-hoccjiln3mxifktdrf9v9hufgfw9o2fbaoz-20';
to:
'/j_acegi_cas_security_check?ticket=st-2-hoccjiln3mxifktdrf9v9hufgfw9o2fbaoz-20'
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Converted URL to lowercase, from:
'/j_acegi_cas_security_check?ticket=st-2-hoccjiln3mxifktdrf9v9hufgfw9o2fbaoz-20';
to:
'/j_acegi_cas_security_check?ticket=st-2-hoccjiln3mxifktdrf9v9hufgfw9o2fbaoz-20'
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Candidate is:
'/j_acegi_cas_security_check?ticket=st-2-hoccjiln3mxifktdrf9v9hufgfw9o2fbaoz-20';
pattern is \A/secure/.*\Z; matched=false
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Candidate is:
'/j_acegi_cas_security_check?ticket=st-2-hoccjiln3mxifktdrf9v9hufgfw9o2fbaoz-20';
pattern is \A/secure/.*\Z; matched=false
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Candidate is:
'/j_acegi_cas_security_check?ticket=st-2-hoccjiln3mxifktdrf9v9hufgfw9o2fbaoz-20';
pattern is \A/secure/.*\Z; matched=false
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Candidate is:
'/j_acegi_cas_security_check?ticket=st-2-hoccjiln3mxifktdrf9v9hufgfw9o2fbaoz-20';
pattern is \A/j_acegi_cas_security_check.*\Z; matched=true
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Candidate is:
'/j_acegi_cas_security_check?ticket=st-2-hoccjiln3mxifktdrf9v9hufgfw9o2fbaoz-20';
pattern is \A/j_acegi_cas_security_check.*\Z; matched=true
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25]
Candidate is:
'/j_acegi_cas_security_check?ticket=st-2-hoccjiln3mxifktdrf9v9hufgfw9o2fbaoz-20';
pattern is \A/j_acegi_cas_security_check.*\Z; matched=true
[DEBUG,FilterChainProxy,http-8443-Processor25]
/j_acegi_cas_security_check?ticket=ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20
at position 2 of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor25]
/j_acegi_cas_security_check?ticket=ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20
at position 2 of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor25]
/j_acegi_cas_security_check?ticket=ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20
at position 3 of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor25]
/j_acegi_cas_security_check?ticket=ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20
at position 3 of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor25]
/j_acegi_cas_security_check?ticket=ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20
at position 4 of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor25]
/j_acegi_cas_security_check?ticket=ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20
at position 4 of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,CasProcessingFilter,http-8443-Processor25] Request is to
process authentication
[DEBUG,CasProcessingFilter,http-8443-Processor25] Request is to
process authentication
[DEBUG,CasProcessingFilter,http-8443-Processor25] Authentication
success: [EMAIL PROTECTED]:
Username: [EMAIL PROTECTED]: Username:
marissa; Password: [PROTECTED]; Enabled: true; AccountNonExpired:
true; credentialsNonExpired: true; AccountNonLocked: true; Granted
Authorities: ROLE_IGNORED_BY_CAS; Password: [PROTECTED];
Authenticated: true; Details:
[EMAIL PROTECTED]: RemoteIpAddress:
127.0.0.1; SessionId: C599F0509D7BE66E9875A27ED50030B0; Granted
Authorities: ROLE_IGNORED_BY_CAS; Credentials (Service/Proxy Ticket):
ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20; Proxy-Granting Ticket
IOU: ; Proxy List: []
[DEBUG,CasProcessingFilter,http-8443-Processor25] Authentication
success: [EMAIL PROTECTED]:
Username: [EMAIL PROTECTED]: Username:
marissa; Password: [PROTECTED]; Enabled: true; AccountNonExpired:
true; credentialsNonExpired: true; AccountNonLocked: true; Granted
Authorities: ROLE_IGNORED_BY_CAS; Password: [PROTECTED];
Authenticated: true; Details:
[EMAIL PROTECTED]: RemoteIpAddress:
127.0.0.1; SessionId: C599F0509D7BE66E9875A27ED50030B0; Granted
Authorities: ROLE_IGNORED_BY_CAS; Credentials (Service/Proxy Ticket):
ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20; Proxy-Granting Ticket
IOU: ; Proxy List: []
[DEBUG,CasProcessingFilter,http-8443-Processor25] Updated
SecurityContextHolder to contain the following Authentication:
'[EMAIL PROTECTED]:
Username: [EMAIL PROTECTED]: Username:
marissa; Password: [PROTECTED]; Enabled: true; AccountNonExpired:
true; credentialsNonExpired: true; AccountNonLocked: true; Granted
Authorities: ROLE_IGNORED_BY_CAS; Password: [PROTECTED];
Authenticated: true; Details:
[EMAIL PROTECTED]: RemoteIpAddress:
127.0.0.1; SessionId: C599F0509D7BE66E9875A27ED50030B0; Granted
Authorities: ROLE_IGNORED_BY_CAS; Credentials (Service/Proxy Ticket):
ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20; Proxy-Granting Ticket
IOU: ; Proxy List: []'
[DEBUG,CasProcessingFilter,http-8443-Processor25] Updated
SecurityContextHolder to contain the following Authentication:
'[EMAIL PROTECTED]:
Username: [EMAIL PROTECTED]: Username:
marissa; Password: [PROTECTED]; Enabled: true; AccountNonExpired:
true; credentialsNonExpired: true; AccountNonLocked: true; Granted
Authorities: ROLE_IGNORED_BY_CAS; Password: [PROTECTED];
Authenticated: true; Details:
[EMAIL PROTECTED]: RemoteIpAddress:
127.0.0.1; SessionId: C599F0509D7BE66E9875A27ED50030B0; Granted
Authorities: ROLE_IGNORED_BY_CAS; Credentials (Service/Proxy Ticket):
ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20; Proxy-Granting Ticket
IOU: ; Proxy List: []'
[DEBUG,CasProcessingFilter,http-8443-Processor25] Redirecting to
target URL from HTTP Session (or default):
https://localhost:8443/concas/secure/
[DEBUG,CasProcessingFilter,http-8443-Processor25] Redirecting to
target URL from HTTP Session (or default):
https://localhost:8443/concas/secure/
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Converted URL to lowercase, from: '/secure/'; to: '/secure/'
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Converted URL to lowercase, from: '/secure/'; to: '/secure/'
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Converted URL to lowercase, from: '/secure/'; to: '/secure/'
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Candidate is: '/secure/'; pattern is /**; matched=true
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Candidate is: '/secure/'; pattern is /**; matched=true
[DEBUG,PathBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Candidate is: '/secure/'; pattern is /**; matched=true
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ at position 1
of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ at position 1
of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Converted URL to lowercase, from: '/secure/'; to: '/secure/'
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Converted URL to lowercase, from: '/secure/'; to: '/secure/'
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Converted URL to lowercase, from: '/secure/'; to: '/secure/'
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Candidate is: '/secure/'; pattern is \A/secure/.*\Z; matched=true
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Candidate is: '/secure/'; pattern is \A/secure/.*\Z; matched=true
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Candidate is: '/secure/'; pattern is \A/secure/.*\Z; matched=true
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ at position 2
of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ at position 2
of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ at position 3
of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ at position 3
of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ at position 4
of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ at position 4
of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ at position 5
of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ at position 5
of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ at position 6
of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ at position 6
of 6 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Converted URL to lowercase, from: '/secure/'; to: '/secure/'
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Converted URL to lowercase, from: '/secure/'; to: '/secure/'
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Converted URL to lowercase, from: '/secure/'; to: '/secure/'
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Candidate is: '/secure/'; pattern is \A/secure/super.*\Z;
matched=false
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Candidate is: '/secure/'; pattern is \A/secure/super.*\Z;
matched=false
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Candidate is: '/secure/'; pattern is \A/secure/super.*\Z;
matched=false
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Candidate is: '/secure/'; pattern is \A/secure/.*\Z; matched=true
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Candidate is: '/secure/'; pattern is \A/secure/.*\Z; matched=true
[DEBUG,RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24]
Candidate is: '/secure/'; pattern is \A/secure/.*\Z; matched=true
[DEBUG,AbstractSecurityInterceptor,http-8443-Processor24] Secure
object: FilterInvocation: URL: /secure/; ConfigAttributes:
[ROLE_IGNORED_BY_CAS]
[DEBUG,AbstractSecurityInterceptor,http-8443-Processor24] Secure
object: FilterInvocation: URL: /secure/; ConfigAttributes:
[ROLE_IGNORED_BY_CAS]
[DEBUG,AbstractSecurityInterceptor,http-8443-Processor24] Previously
Authenticated: [EMAIL PROTECTED]:
Username: [EMAIL PROTECTED]: Username:
marissa; Password: [PROTECTED]; Enabled: true; AccountNonExpired:
true; credentialsNonExpired: true; AccountNonLocked: true; Granted
Authorities: ROLE_IGNORED_BY_CAS; Password: [PROTECTED];
Authenticated: true; Details:
[EMAIL PROTECTED]: RemoteIpAddress:
127.0.0.1; SessionId: C599F0509D7BE66E9875A27ED50030B0; Granted
Authorities: ROLE_IGNORED_BY_CAS; Credentials (Service/Proxy Ticket):
ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20; Proxy-Granting Ticket
IOU: ; Proxy List: []
[DEBUG,AbstractSecurityInterceptor,http-8443-Processor24] Previously
Authenticated: [EMAIL PROTECTED]:
Username: [EMAIL PROTECTED]: Username:
marissa; Password: [PROTECTED]; Enabled: true; AccountNonExpired:
true; credentialsNonExpired: true; AccountNonLocked: true; Granted
Authorities: ROLE_IGNORED_BY_CAS; Password: [PROTECTED];
Authenticated: true; Details:
[EMAIL PROTECTED]: RemoteIpAddress:
127.0.0.1; SessionId: C599F0509D7BE66E9875A27ED50030B0; Granted
Authorities: ROLE_IGNORED_BY_CAS; Credentials (Service/Proxy Ticket):
ST-2-HocCJIln3mxiFKTdRf9v9HUFgfW9O2fbAOZ-20; Proxy-Granting Ticket
IOU: ; Proxy List: []
[DEBUG,AbstractSecurityInterceptor,http-8443-Processor24]
Authorization successful
[DEBUG,AbstractSecurityInterceptor,http-8443-Processor24]
Authorization successful
[DEBUG,AbstractSecurityInterceptor,http-8443-Processor24] RunAsManager
did not change Authentication object
[DEBUG,AbstractSecurityInterceptor,http-8443-Processor24] RunAsManager
did not change Authentication object
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ reached end of
additional filter chain; proceeding with original chain
[DEBUG,FilterChainProxy,http-8443-Processor24] /secure/ reached end of
additional filter chain; proceeding with original chain
[DEBUG,ExceptionTranslationFilter,http-8443-Processor24] Chain
processed normally
[DEBUG,ExceptionTranslationFilter,http-8443-Processor24] Chain
processed normally
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
