I assume that it is possible to install the roller application under a different URI then /roller ??
[EMAIL PROTECTED] 17/03/2006 07:04 Please respond to [email protected] To [email protected] cc Subject Re: Can't login after register,and no error display Yep ... This is what is configured in the web.xml ... <!-- Acegi Security filters - controls secure access to different parts of Roller --> <filter-mapping> <filter-name>securityFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> Yesterday I saw something strange in the loginerror.jsp There is a redirect with a comment above saying .... Comment it out on OC4J ... Why ????? <%@ page import="org.roller.presentation.RollerSession" %> <% String dest = "login.jsp?error=true"; // This server-side redirect may work on some servers. // Comment it out on OC4J. response.sendRedirect(dest); %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title></title> <meta http-equiv="refresh" content="0;url=<%= dest %>"> </head> <body bgcolor="#ffffff"> </body> </html> "Matt Raible" <[EMAIL PROTECTED]> 16/03/2006 16:05 Please respond to [email protected] To [email protected] cc Subject Re: Can't login after register,and no error display Do you have the securityFilter configured so it applies for both requests and forwards? You might need this - using the <dispatcher> elements. Matt On 3/16/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > I downloaded the ACEGI source code and according to me the problem is > that the URL I want to access is not a url that needs authentication. > > Check out the logfile: > > DEBUG 2006-03-16 15:08:29,492 FilterChainProxy$VirtualFilterChain:doFilter > - /login.jsp at position 1 of 8 in additional filter chain; firing Filter: > '[EMAIL PROTECTED]' > DEBUG 2006-03-16 15:08:29,493 HttpSessionContextIntegrationFilter:doFilter > - HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new > SecurityContext instance associated with SecurityContextHolder > DEBUG 2006-03-16 15:08:29,493 FilterChainProxy$VirtualFilterChain:doFilter > - /login.jsp at position 2 of 8 in additional filter chain; firing Filter: > '[EMAIL PROTECTED]' > DEBUG 2006-03-16 15:08:29,498 FilterChainProxy$VirtualFilterChain:doFilter > - /login.jsp at position 3 of 8 in additional filter chain; firing Filter: > '[EMAIL PROTECTED]' > DEBUG 2006-03-16 15:08:29,500 FilterChainProxy$VirtualFilterChain:doFilter > - /login.jsp at position 4 of 8 in additional filter chain; firing Filter: > '[EMAIL PROTECTED]' > DEBUG 2006-03-16 15:08:29,500 FilterChainProxy$VirtualFilterChain:doFilter > - /login.jsp at position 5 of 8 in additional filter chain; firing Filter: > '[EMAIL PROTECTED]' > DEBUG 2006-03-16 15:08:29,501 FilterChainProxy$VirtualFilterChain:doFilter > - /login.jsp at position 6 of 8 in additional filter chain; firing Filter: > '[EMAIL PROTECTED]' > DEBUG 2006-03-16 15:08:29,502 AnonymousProcessingFilter:doFilter - > Populated SecurityContextHolder with anonymous token: > '[EMAIL PROTECTED]: > Username: anonymous; Password: [PROTECTED]; Authenticated: true; Details: > [EMAIL PROTECTED]: RemoteIpAddress: > 10.3.0.4; SessionId: 0a01009bce911dc8dc5682848bb914a9eb68351563e; Granted > Authorities: ROLE_ANONYMOUS' > DEBUG 2006-03-16 15:08:29,503 FilterChainProxy$VirtualFilterChain:doFilter > - /login.jsp at position 7 of 8 in additional filter chain; firing Filter: > '[EMAIL PROTECTED]' > DEBUG 2006-03-16 15:08:29,504 FilterChainProxy$VirtualFilterChain:doFilter > - /login.jsp at position 8 of 8 in additional filter chain; firing Filter: > '[EMAIL PROTECTED]' > > > > The only filters that write anything to the log file are the first one and > the anonymous one (which is normal because I'm not authenticated) ... > So, if you check out the AuthenticationProcessingFilter class which > extends the AbstractProcessingFilter class you can see the following: > > if (requiresAuthentication(httpRequest, httpResponse)) { > if (logger.isDebugEnabled()) { > logger.debug("Request is to process authentication"); > } > Since the above log sentence is not written to the log file I assume the > URL I want to access is not being described as requires authentication ... > but it should though ... > > The definition in security.xml is the following: > > <bean id="filterInvocationInterceptor" > class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> > <property name="authenticationManager" > ref="authenticationManager"/> > <property name="accessDecisionManager" > ref="accessDecisionManager"/> > <property name="objectDefinitionSource"> > <value> > PATTERN_TYPE_APACHE_ANT > /editor/**=admin,editor > /admin/**=admin > /rewrite-status*=admin > /login-redirect.jsp=admin,editor > </value> > </property> > </bean> > > Since I kick in the authentication process by clicking on the "login" link > on the main page (which is actually a link to login-redict.jsp file) I > should think that the url should be authenticated if you look at the above > definition ... > > > I'm really getting good on roller configuration, the only problem is that > it doesn't work with my configuration ! :-( > > > > > > > > [EMAIL PROTECTED] > 16/03/2006 14:09 > Please respond to > [email protected] > > > To > [email protected] > cc > [email protected] > Subject > Re: Can't login after register,and no error display > > > > > > > Hello, > > Me again. > > Like already stated in the mail below the roller application always > authenticates me as anonymous. > > Are there any other things that need to be changed in the security.xml > file so that authentication starts working. > I have already changed the things like described in the installation guide > > ... > For testing reasons I have granted the ANONYMOUS role access in the > security.xml file and then I can go to the main page. > > However if I try to create a weblog I get a NULL pointer because my > session is not associated to a specific user. > > Pretty pretty please ? > > Thanks, > > Best regards, > > Tom. > > > > > > [EMAIL PROTECTED] > 16/03/2006 09:06 > Please respond to > [email protected] > > > To > [email protected] > cc > > Subject > Re: Can't login after register,and no error display > > > > > > > Since this wouldn't work I'm really getting desperate ... I've got the > feeling that it's some kind of a very small configuration change that is > needed ... I also deployed the while application again, but with the same > result ... > > I've seen the topic op internet a few times but no one has posted a > solution ... > > What's is also weird is that when enter a non existing username and > password I get the same result ... I don't get any error saysing that the > user doesn't exist or that the combination of username and password > doesn't exist ... Does that ring any bell ?? > > When using a user that does exist and I check the logfile it shows me the > following: > > '[EMAIL PROTECTED]: > Username: anonymous; Password: [PROTECTED]; Authenticated: true; Details: > [EMAIL PROTECTED]: RemoteIpAddress: > 10.3.0.4; SessionId: 0a01009bce982fe1500a2644bff8a88a16960c5ce9a; Granted > Authorities: ROLE_ANONYMOUS' > > This I find weird because the username is anonymous ... While I typed in a > > > username ... Weird ... It does say I'm authenticated but with the > ANONYMOUS ROLE ... > > Really hope someone can help me ... > > > Pretty please ? > > > > > Tommeke <[EMAIL PROTECTED]> > 15/03/2006 09:57 > Please respond to > [email protected] > > > To > [email protected] > cc > > Subject > Re: Can't login after register,and no error display > > > > > > > > According to me the problem is situated in the security.xml ... I'm > experimenting a little bit ... > Check out the installation guide at topic 8.2 > -- > View this message in context: > http://www.nabble.com/Can%27t-login-after-register%2Cand-no-error-display-t1259455c12275.html#a3412153 > > > > Sent from the Roller - User forum at Nabble.com. > > > > > >
