Re: [Acegisecurity-developer] contacts example with basic authentication only ?
No problem, glad I could help. That's the trick to remember with Acegi that I think people misunderstand. The filters that actually handle credentials, like the BasicProcessingFilter, AuthenticationProcessingFilter, DigestProcessingFilter only do anything when the credentials are presented. An entry point is used at the end of the filter chain as the final gate keeper. Each filter has it's own entry point wired in though, those are used when you screw up the credentials presented to one of the filters. So if you present bad credentials to the BasicProcessingFilter, it will send your request to it's entry point. In your case, that's the same entry point used by the ExceptionTranslationFilter. I really don't like that the final enforcement is done by something named "ExceptionTranslationFilter". That's very unclear. There used to be a "SecurityEnforcementFilter" back there who's name made it's responsibility clear. The ExceptionTranslationFilter was added, as it's name implies, to handle translating the exception messages using ResourceBundles and such. Unfortunately it was put in as a replacement for the ExceptionTranslationFilter which sort of blurred the line. I should have complained about this like a year ago when it was implemented but I wasn't paying attention :P On Nov 8, 2007 6:31 AM, <[EMAIL PROTECTED]> wrote: > > I needed to change the authenticationEntryPoint property of the > ExceptionTranslationFilter bean in order to make it work. > > Thanks a lot Ray ! > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > > - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] contacts example with basic authentication only ?
I needed to change the authenticationEntryPoint property of the ExceptionTranslationFilter bean in order to make it work. Thanks a lot Ray !- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] contacts example with basic authentication only ?
You know, I think that responsibility may have been moved to the exceptionTranslationFilter. That's probably not very clear... Look at what entryPoints you have and look how they're being used. On Nov 8, 2007 5:42 AM, <[EMAIL PROTECTED]> wrote: > > I looked inside the acegi-security-sample-contacts-filter.war that came with > acegi 1.0.4 > > the filter chain in applicationContext-acegi-security.xml is defined as > follows: > > class="org.acegisecurity.util.FilterChainProxy"> > > > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON > PATTERN_TYPE_APACHE_ANT > > /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter > > > > > The javadoc of BasicProcessingFilterEntryPoint also talks about > SecurityEnforcementFilter. But I can not find an class/interface or bean > name with that name ? > > Are we talking about the same acegi version ? > > Regards, > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > > - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] contacts example with basic authentication only ?
I looked inside the acegi-security-sample-contacts-filter.war that came with acegi 1.0.4 the filter chain in applicationContext-acegi-security.xml is defined as follows: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter The javadoc of BasicProcessingFilterEntryPoint also talks about SecurityEnforcementFilter. But I can not find an class/interface or bean name with that name ? Are we talking about the same acegi version ? Regards,- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] contacts example with basic authentication only ?
The last filter in the chain is the securityEnforcementFilter. That filter is configured with an EntryPoint. It is the EntryPoints responsibility to challenge the caller if they did not present credentials that one of the previous filters understands. The BasicProcessingFilter is there to authenticate basic auth credentials IF they are presented. If not, the request is allowed to proceed; as the SecurityEnforcementFilter will have the final say. Long story short, change the entryPoint being used by the securityEnforcementFilter :) On 11/8/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi acegi users, > > maybe someone of you knows the trick > > What do I have to change in the "contacts" sample application in order to > enforce basic authentication only ? > > if I remove the "authenticationProcessingFilter" from the filter chain and > keep "basicProcessingFilter" only it does not have the > expected effect. > > I would expect the browser to bring up a pop-up and ask me for > username/password, but i'm still being redirected to the login page. > > What am I doing wrong ? > > Regards, > Dirk > - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer