Authentication object was not found in the SecurityContext
k2g
kkganesan at gmail.com
Fri Feb 23 19:42:04 EST 2007
The CAS server after authentication redirects to the myapp (service),
but the operation couldnt be completed as authentication object not
found exception was thrown. CAS authentication was successful. Its
thrown in the filter entry point of exceptionTranslation filter when
the myapp is trying to check the authentication object user
credentials.
It looks like a cas - spring filter configuration issue. I have all
the required filters...
Here is the applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="loggerListener"
class="org.acegisecurity.event.authentication.LoggerListener" />
<bean id="serviceProperties"
class="org.acegisecurity.ui.cas.ServiceProperties">
<property name="service"
value="https://localhost:8443/myapp/j_acegi_cas_security_check"/>
<property name="sendRenew" value="false"/>
</bean>
<bean id="authenticationFilter"
class="com.myapp.security.AuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="userManager" ref="userManager"/>
<property name="authenticationFailureUrl" value="/casfailed.jsp"/>
<property name="defaultTargetUrl" value="/"/>
<property name="filterProcessesUrl"
value="/j_acegi_cas_security_check"/>
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="casProcessingFilterEntryPoint"/>
</property>
</bean>
<bean id="casProcessingFilterEntryPoint"
class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
<property name="loginUrl" value="https://localhost:8443/cas/login"/>
<property name="serviceProperties" ref="serviceProperties"/>
</bean>
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="casAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="casAuthenticationProvider"
class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
<property name="casAuthoritiesPopulator">
<ref local="casAuthoritiesPopulator"/>
</property>
<property name="casProxyDecider">
<ref local="casProxyDecider"/>
</property>
<property name="ticketValidator">
<ref local="casProxyTicketValidator"/>
</property>
<property name="statelessTicketCache">
<ref local="statelessTicketCache"/>
</property>
<property name="key" value="password"/><!--
password_for_this_auth_provider_only --><!-- changed from changeit to
password -->
</bean>
<bean id="casProxyTicketValidator"
class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
<property name="casValidate"
value="https://localhost:8443/cas/proxyValidate"/>
<!-- <property name="proxyCallbackUrl"
value="https://localhost:8443/myapp/casProxy/receptor"/> -->
<property name="serviceProperties" ref="serviceProperties"/>
<!-- <property
name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property>
-->
</bean>
<bean id="cacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation" value="classpath:/eh-cache.xml" />
</bean>
<bean id="ticketCacheBackend"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager"/>
</property>
<property name="cacheName">
<value>ticketCache</value>
</property>
</bean>
<bean id="statelessTicketCache"
class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
<property name="cache">
<ref local="ticketCacheBackend"/>
</property>
</bean>
<!--Populates the CAS authorities via an UserDetailsService-->
<bean id="casAuthoritiesPopulator"
class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
<property name="userDetailsService" ref="userManager"/>
</bean>
<bean id="casProxyDecider"
class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/>
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticationFilter,exceptionTranslationFilter,fitlerInvocationInterceptor
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
<!-- This interceptor performs the security checks on HTTP resources.
The "objectDefinitionSource" contains newline-separated arguments
that specify behaviors and resources for the filter:
The behavior specifications tell the filter to convert the URL
to lowercase before doing comparisons, and to use Ant-style path
specifications for the following resources. The resources are
associated with directives that tell the filter how to decide if
specified URL is accessible:
ROLE_ANY means that the URL is available to any authenticated user
FEATURE_CHECK means that the the URL must be evaluated
against the authenticated user's Roles to determine whether or not
those Roles support access to the feature.
-->
<bean id="fitlerInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref local="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login.action*=ROLE_ANY
/logout.action*=ROLE_ANY
/home.action*=ROLE_ANY
/refresh.action*=ROLE_ANY
/saveuserpreferences.action*=ROLE_ANY
/restoredefaultpreferences.action*=ROLE_ANY
/**/home.action*=ROLE_ANY
/admin/default.action*=ROLE_ANY
/admin/user/profile.action=ROLE_ANY
/admin/search/result.action=ROLE_ANY
/index.jsp*=ROLE_ANY
/**/*.action*=FEATURE_CHECK
</value>
</property>
</bean>
<bean id="httpRequestAccessDecisionManager"
class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref local="featureVoter" />
</list>
</property>
</bean>
<!—role to feature beans not included here
</beans>
and the log output
------------------------------------------------
DEBUG [http-8443-Processor22]
ExceptionTranslationFilter.sendStartAuthentication(195) |
Authentication entry point being called; SavedRequest added to
Session: SavedRequest[https://localhost:8443/myapp/home.action]
DEBUG [http-8443-Processor22]
HttpSessionContextIntegrationFilter.doFilter(291) |
SecurityContextHolder set to new context, as request processing
completed
2007-02-23 14:20:03,057 DEBUG
[org.jasig.cas.web.flow.TicketGrantingTicketExistsAction] - <Action
'org.jasig.cas.web.flow.TicketGrantingTicketExistsAction' beginning
execution>
2007-02-23 14:20:03,057 DEBUG
[org.jasig.cas.web.flow.TicketGrantingTicketExistsAction] - <Action
'org.jasig.cas.web.flow.TicketGrantingTicketExistsAction' completed
execution; result event is [Event at 4d6992 source =
org.jasig.cas.web.flow.TicketGrantingTicketExistsAction at ed4b7a, id =
'ticketGrantingTicketExists', stateId = [null], parameters = [null]]>
2007-02-23 14:20:03,057 DEBUG
[org.jasig.cas.web.flow.HasServiceCheckAction] - <Action
'org.jasig.cas.web.flow.HasServiceCheckAction' beginning execution>
2007-02-23 14:20:03,057 DEBUG
[org.jasig.cas.web.flow.HasServiceCheckAction] - <Action
'org.jasig.cas.web.flow.HasServiceCheckAction' completed execution;
result event is [Event at 4e02dc source =
org.jasig.cas.web.flow.HasServiceCheckAction at 3faa8d, id =
'hasService', stateId = [null], parameters = [null]]>
2007-02-23 14:20:03,057 DEBUG
[org.jasig.cas.web.flow.RenewRequestCheckAction] - <Action
'org.jasig.cas.web.flow.RenewRequestCheckAction' beginning execution>
2007-02-23 14:20:03,057 DEBUG
[org.jasig.cas.web.flow.RenewRequestCheckAction] - <Action
'org.jasig.cas.web.flow.RenewRequestCheckAction' completed execution;
result event is [Event at 19de5c8 source =
org.jasig.cas.web.flow.RenewRequestCheckAction at 872ba6, id =
'generateServiceTicket', stateId = [null], parameters = [null]]>
2007-02-23 14:20:03,057 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'org.jasig.cas.web.flow.GenerateServiceTicketAction' beginning
execution>
2007-02-23 14:20:03,057 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket [TGT-2-kcfKAuufUbaoac7FEATFbPVaMnERLxsiqKx-50]>
2007-02-23 14:20:03,057 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-2-kcfKAuufUbaoac7FEATFbPVaMnERLxsiqKx-50] found in registry.>
2007-02-23 14:20:03,057 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[ST-292-f4iGv0CSJcWowY7FJ93fdCEmFzp95oesllm-20] to registry.>
2007-02-23 14:20:03,057 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-292-f4iGv0CSJcWowY7FJ93fdCEmFzp95oesllm-20] for service
[https://localhost:8443/myapp/j_acegi_cas_security_check] for user
[admin]>
2007-02-23 14:20:03,057 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'org.jasig.cas.web.flow.GenerateServiceTicketAction' completed
execution; result event is [Event at 158bba2 source =
org.jasig.cas.web.flow.GenerateServiceTicketAction at 30f961, id =
'success', stateId = [null], parameters = [null]]>
2007-02-23 14:20:03,057 DEBUG [org.jasig.cas.web.flow.WarnAction] -
<Action 'org.jasig.cas.web.flow.WarnAction' beginning execution>
2007-02-23 14:20:03,057 DEBUG [org.jasig.cas.web.flow.WarnAction] -
<Action 'org.jasig.cas.web.flow.WarnAction' completed execution;
result event is [Event at 8696b4 source =
org.jasig.cas.web.flow.WarnAction at 1d129d1, id = 'redirect', stateId =
[null], parameters = [null]]>
DEBUG [http-8443-Processor22] AuthenticationFilter.doFilter(192) |
Request is to process authentication
DEBUG [http-8443-Processor22] ProviderManager.doAuthentication(183) |
Authentication attempt using
org.acegisecurity.providers.cas.CasAuthenticationProvider
2007-02-23 14:20:03,073 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket [ST-292-f4iGv0CSJcWowY7FJ93fdCEmFzp95oesllm-20]>
2007-02-23 14:20:03,073 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[ST-292-f4iGv0CSJcWowY7FJ93fdCEmFzp95oesllm-20] found in registry.>
2007-02-23 14:20:03,073 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing
ticket [ST-292-f4iGv0CSJcWowY7FJ93fdCEmFzp95oesllm-20] from registry>
WARN [http-8443-Processor22] LoggerListener.onApplicationEvent(55) |
Authentication event AuthenticationSuccessEvent: admin; details: null
DEBUG [http-8443-Processor22]
AuthenticationFilter.successfulAuthentication(375) | Authentication
success: org.acegisecurity.providers.cas.CasAuthenticationToken at c1d3fc12:
Username: com.myapp.model.User at 8063de[name=admin,id=-1]; Password:
[PROTECTED]; Authenticated: true; Details:
org.acegisecurity.ui.WebAuthenticationDetails at fffe3f86:
RemoteIpAddress: 127.0.0.1; SessionId:
893AC08684B79AEB1470436C36DD9F72; Granted Authorities:
com.myapp.model.Role at 13b0147[
name=Administrator
id=-1
]; Credentials (Service/Proxy Ticket):
ST-292-f4iGv0CSJcWowY7FJ93fdCEmFzp95oesllm-20; Proxy-Granting Ticket
IOU: ; Proxy List: []
DEBUG [http-8443-Processor22]
AuthenticationFilter.successfulAuthentication(381) | Updated
SecurityContextHolder to contain the following Authentication:
'org.acegisecurity.providers.cas.CasAuthenticationToken at c1d3fc12:
Username: com.myapp.model.User at 8063de[name=admin,id=-1]; Password:
[PROTECTED]; Authenticated: true; Details:
org.acegisecurity.ui.WebAuthenticationDetails at fffe3f86:
RemoteIpAddress: 127.0.0.1; SessionId:
893AC08684B79AEB1470436C36DD9F72; Granted Authorities:
com.myapp.model.Role at 13b0147[
name=Administrator
id=-1
]; Credentials (Service/Proxy Ticket):
ST-292-f4iGv0CSJcWowY7FJ93fdCEmFzp95oesllm-20; Proxy-Granting Ticket
IOU: ; Proxy List: []'
DEBUG [http-8443-Processor22]
AuthenticationFilter.successfulAuthentication(392) | Redirecting to
target URL from HTTP Session (or default):
https://localhost:8443/myapp/home.action
DEBUG [http-8443-Processor22] GenericManagerImpl.debug(290) | Saving:
com.myapp.model.User at d24418[name=admin,id=-1]
INFO [http-8443-Processor22] UserDAOImpl.info(374) | Updated
User'com.myapp.model.User at d24418[name=admin,id=-1]'
WARN [http-8443-Processor22] LoggerListener.onApplicationEvent(55) |
Authentication event InteractiveAuthenticationSuccessEvent: admin;
details: org.acegisecurity.ui.WebAuthenticationDetails at fffe3f86:
RemoteIpAddress: 127.0.0.1; SessionId:
893AC08684B79AEB1470436C36DD9F72
DEBUG [http-8443-Processor22]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(100) |
Converted URL to lowercase, from: '/home.action'; to: '/home.action'
DEBUG [http-8443-Processor22]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) |
Candidate is: '/home.action'; pattern is /**; matched=true
DEBUG [http-8443-Processor22] FilterChainProxy.doFilter(269) |
/home.action at position 1 of 4 in additional filter chain; firing
Filter: 'org.acegisecurity.context.HttpSessionContextIntegrationFilter at bc6f46'
DEBUG [http-8443-Processor22]
HttpSessionContextIntegrationFilter.doFilter(205) | HttpSession
returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext
instance associated with SecurityContextHolder
DEBUG [http-8443-Processor22] FilterChainProxy.doFilter(269) |
/home.action at position 2 of 4 in additional filter chain; firing
Filter: 'com.myapp.security.AuthenticationFilter at 1a7ecb9'
DEBUG [http-8443-Processor22] FilterChainProxy.doFilter(269) |
/home.action at position 3 of 4 in additional filter chain; firing
Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter at 1a6699c'
DEBUG [http-8443-Processor22] FilterChainProxy.doFilter(269) |
/home.action at position 4 of 4 in additional filter chain; firing
Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor at 5f9206'
DEBUG [http-8443-Processor22]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(100) |
Converted URL to lowercase, from: '/home.action'; to: '/home.action'
DEBUG [http-8443-Processor22]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) |
Candidate is: '/home.action'; pattern is /login.action*; matched=false
DEBUG [http-8443-Processor22]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) |
Candidate is: '/home.action'; pattern is /logout.action*;
matched=false
DEBUG [http-8443-Processor22]
PathBasedFilterInvocationDefinitionMap.lookupAttributes(112) |
Candidate is: '/home.action'; pattern is /home.action*; matched=true
DEBUG [http-8443-Processor22]
AbstractSecurityInterceptor.beforeInvocation(248) | Secure object:
FilterInvocation: URL: /home.action; ConfigAttributes: [ROLE_ANY]
DEBUG [http-8443-Processor22]
ExceptionTranslationFilter.handleException(147) | Authentication
exception occurred; redirecting to authentication entry point
org.acegisecurity.AuthenticationCredentialsNotFoundException: An
Authentication object was not found in the
More information about the cas
mailing list