I downloaded the ACEGI source code and according to me the problem is
that the URL I want to access is not a url that needs authentication.
Check out the logfile:
DEBUG 2006-03-16 15:08:29,492 FilterChainProxy$VirtualFilterChain:doFilter
- /login.jsp at position 1 of 8 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
DEBUG 2006-03-16 15:08:29,493 HttpSessionContextIntegrationFilter:doFilter
- HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new
SecurityContext instance associated with SecurityContextHolder
DEBUG 2006-03-16 15:08:29,493 FilterChainProxy$VirtualFilterChain:doFilter
- /login.jsp at position 2 of 8 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
DEBUG 2006-03-16 15:08:29,498 FilterChainProxy$VirtualFilterChain:doFilter
- /login.jsp at position 3 of 8 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
DEBUG 2006-03-16 15:08:29,500 FilterChainProxy$VirtualFilterChain:doFilter
- /login.jsp at position 4 of 8 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
DEBUG 2006-03-16 15:08:29,500 FilterChainProxy$VirtualFilterChain:doFilter
- /login.jsp at position 5 of 8 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
DEBUG 2006-03-16 15:08:29,501 FilterChainProxy$VirtualFilterChain:doFilter
- /login.jsp at position 6 of 8 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
DEBUG 2006-03-16 15:08:29,502 AnonymousProcessingFilter:doFilter -
Populated SecurityContextHolder with anonymous token:
'[EMAIL PROTECTED]:
Username: anonymous; Password: [PROTECTED]; Authenticated: true; Details:
[EMAIL PROTECTED]: RemoteIpAddress:
10.3.0.4; SessionId: 0a01009bce911dc8dc5682848bb914a9eb68351563e; Granted
Authorities: ROLE_ANONYMOUS'
DEBUG 2006-03-16 15:08:29,503 FilterChainProxy$VirtualFilterChain:doFilter
- /login.jsp at position 7 of 8 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
DEBUG 2006-03-16 15:08:29,504 FilterChainProxy$VirtualFilterChain:doFilter
- /login.jsp at position 8 of 8 in additional filter chain; firing Filter:
'[EMAIL PROTECTED]'
The only filters that write anything to the log file are the first one and
the anonymous one (which is normal because I'm not authenticated) ...
So, if you check out the AuthenticationProcessingFilter class which
extends the AbstractProcessingFilter class you can see the following:
if (requiresAuthentication(httpRequest, httpResponse)) {
if (logger.isDebugEnabled()) {
logger.debug("Request is to process authentication");
}
Since the above log sentence is not written to the log file I assume the
URL I want to access is not being described as requires authentication ...
but it should though ...
The definition in security.xml is the following:
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager"/>
<property name="accessDecisionManager"
ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/editor/**=admin,editor
/admin/**=admin
/rewrite-status*=admin
/login-redirect.jsp=admin,editor
</value>
</property>
</bean>
Since I kick in the authentication process by clicking on the "login" link
on the main page (which is actually a link to login-redict.jsp file) I
should think that the url should be authenticated if you look at the above
definition ...
I'm really getting good on roller configuration, the only problem is that
it doesn't work with my configuration ! :-(
[EMAIL PROTECTED]
16/03/2006 14:09
Please respond to
[email protected]
To
[email protected]
cc
[email protected]
Subject
Re: Can't login after register,and no error display
Hello,
Me again.
Like already stated in the mail below the roller application always
authenticates me as anonymous.
Are there any other things that need to be changed in the security.xml
file so that authentication starts working.
I have already changed the things like described in the installation guide
...
For testing reasons I have granted the ANONYMOUS role access in the
security.xml file and then I can go to the main page.
However if I try to create a weblog I get a NULL pointer because my
session is not associated to a specific user.
Pretty pretty please ?
Thanks,
Best regards,
Tom.
[EMAIL PROTECTED]
16/03/2006 09:06
Please respond to
[email protected]
To
[email protected]
cc
Subject
Re: Can't login after register,and no error display
Since this wouldn't work I'm really getting desperate ... I've got the
feeling that it's some kind of a very small configuration change that is
needed ... I also deployed the while application again, but with the same
result ...
I've seen the topic op internet a few times but no one has posted a
solution ...
What's is also weird is that when enter a non existing username and
password I get the same result ... I don't get any error saysing that the
user doesn't exist or that the combination of username and password
doesn't exist ... Does that ring any bell ??
When using a user that does exist and I check the logfile it shows me the
following:
'[EMAIL PROTECTED]:
Username: anonymous; Password: [PROTECTED]; Authenticated: true; Details:
[EMAIL PROTECTED]: RemoteIpAddress:
10.3.0.4; SessionId: 0a01009bce982fe1500a2644bff8a88a16960c5ce9a; Granted
Authorities: ROLE_ANONYMOUS'
This I find weird because the username is anonymous ... While I typed in a
username ... Weird ... It does say I'm authenticated but with the
ANONYMOUS ROLE ...
Really hope someone can help me ...
Pretty please ?
Tommeke <[EMAIL PROTECTED]>
15/03/2006 09:57
Please respond to
[email protected]
To
[email protected]
cc
Subject
Re: Can't login after register,and no error display
According to me the problem is situated in the security.xml ... I'm
experimenting a little bit ...
Check out the installation guide at topic 8.2
--
View this message in context:
http://www.nabble.com/Can%27t-login-after-register%2Cand-no-error-display-t1259455c12275.html#a3412153
Sent from the Roller - User forum at Nabble.com.
