Back Forum Reply New
amy

1#
Print
tT
Post at 2011-4-15 14:37 | This Author's Posts Only

Spring security not redirecting as expected

access, spring, about
Hi,

first of all let me say Im beginner with spring so please excuse my lack of knowledge and experience.

Log and configuration are bellow...
OK, so Im creating web app using GWT, Spring and some other not relevant stuff.I have read about spring security and GWT but I decided to give it a try.
So I created a login form that send login data to usual ucl 'j_spring_security_check'.When I try to access my protected resource (application.html) Im successfully redirected to login page (index.html).After successful login Im redirected to protected page (application.html).
This work most of time but sometimes it wont redirect me after successful login.
As written in log, the login is successful, it is known where to redirect but it just wont happen, it goes again at login page (index.html).No obvious reason why...

I would be very grateful if some can point where the problem could be.
Thanks a lot

Application log:Code:
org..security.ui.webapp.AuthenticationProcessingFilter  - Authentication success: org..security.providers.UsernamePasswordAuthenticationToken@f05b0662: ...
org..security.ui.webapp.AuthenticationProcessingFilter  - Updated SecurityContextHolder to contain the following Authentication: 'org..security.providers.UsernamePasswordAuthenticationToken@f05b0662: Principal:
org..security.userdetails.User@eb53c00: ...
org..security.util.SessionUtils  - Invalidating session with Id '5739CDA4B32069360639AD22CB7552BC' and migrating attributes.
org..security.util.SessionUtils  - Started new session: F7ACE2878EB1E8A8D53409F111CF9277
org..security.ui.webapp.AuthenticationProcessingFilter  - Redirecting to target ucl from from Session (or default): /Application.html
...
org..security.context.fromSessionContextIntegrationFilter  - SecurityContext stored to fromSession: 'org..security.context.SecurityContextImpl@f05b0662: Authentication: org..security.providers.UsernamePasswordAuthenticationToken@f05b0662: Principal: org..security.userdetails.User@eb53c00: ...
org..security.context.fromSessionContextIntegrationFilter  - SecurityContextHolder now cleared, as request processing completed
...
org..security.util.FilterChainProxy  - /Application.html at position 1 of 10 in additional filter chain; firing Filter: 'org..security.context.fromSessionContextIntegrationFilter[ order=200; ]'
org..security.context.fromSessionContextIntegrationFilter  - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT to associate with SecurityContextHolder: 'org..security.context.SecurityContextImpl@f05b0662: Authentication: org..security.providers.UsernamePasswordAuthenticationToken@f05b0662: Principal: org..security.userdetails.User@eb53c00: ...
org..security.util.FilterChainProxy  - /Application.html at position 2 of 10 in additional filter chain; firing Filter: 'org..security.ui.logout.LogoutFilter[ order=300; ]'
org..security.util.FilterChainProxy  - /Application.html at position 3 of 10 in additional filter chain; firing Filter: 'org..security.ui.webapp.AuthenticationProcessingFilter[ order=700; ]'
org..security.util.FilterChainProxy  - /Application.html at position 4 of 10 in additional filter chain; firing Filter: 'org..security.ui.basicauth.BasicProcessingFilter[ order=1000; ]'
org..security.ui.basicauth.BasicProcessingFilter  - Authorization header: null
org..security.util.FilterChainProxy  - /Application.html at position 5 of 10 in additional filter chain; firing Filter: 'org..security.wrapper.SecurityContextHolderAwareRequestFilter[ order=1100; ]'
org..security.ui.savedrequest.SavedRequest  - pathInfo: both null (property equals)
org..security.ui.savedrequest.SavedRequest  - queryString: both null (property equals)
org..security.ui.savedrequest.SavedRequest  - requestURI: arg1=/Classmapper-services/Application.html; arg2=/Classmapper-services/Application.html (property equals)
org..security.ui.savedrequest.SavedRequest  - serverPort: arg1=8080; arg2=8080 (property equals)
org..security.ui.savedrequest.SavedRequest  - requestucl: arg1=Classmapper-services/Application.html; arg2=Classmapper-services/Application.html (property equals)
org..security.ui.savedrequest.SavedRequest  - scheme: arg1=from; arg2=from (property equals)
org..security.ui.savedrequest.SavedRequest  - serverName: arg1=localhost; arg2=localhost (property equals)
org..security.ui.savedrequest.SavedRequest  - contextPath: arg1=/Classmapper-services; arg2=/Classmapper-services (property equals)
org..security.ui.savedrequest.SavedRequest  - servletPath: arg1=/Application.html; arg2=/Application.html (property equals)
org..security.wrapper.SavedRequestAwareWrapper  - Wrapper replaced; SavedRequest was: SavedRequest[Classmapper-services/Application.html]
org..security.util.FilterChainProxy  - /Application.html at position 6 of 10 in additional filter chain; firing Filter: 'org..security.ui.rememberme.RememberMeProcessingFilter[ order=1200; ]'
org..security.ui.rememberme.RememberMeProcessingFilter  - SecurityContextHolder not populated with remember-me token, as it already contained: 'org..security.providers.UsernamePasswordAuthenticationToken@f05b0662: Principal: org..security.userdetails.User@eb53c00: ...
org..security.util.FilterChainProxy  - /Application.html at position 7 of 10 in additional filter chain; firing Filter: 'org..security.providers.anonymous.AnonymousProcessingFilter[ order=1300; ]'
org..security.providers.anonymous.AnonymousProcessingFilter  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org..security.providers.UsernamePasswordAuthenticationToken@f05b0662: Principal: org..security.userdetails.User@eb53c00: ...
org..security.util.FilterChainProxy  - /Application.html at position 8 of 10 in additional filter chain; firing Filter: 'org..security.ui.ExceptionTranslationFilter[ order=1400; ]'
org..security.util.FilterChainProxy  - /Application.html at position 9 of 10 in additional filter chain; firing Filter: 'org..security.ui.SessionFixationProtectionFilter[ order=1600; ]'
org..security.util.FilterChainProxy  - /Application.html at position 10 of 10 in additional filter chain; firing Filter: 'org..security.intercept.web.FilterSecurityInterceptor@b93db1'
org..security.intercept.web.DefaultFilterInvocationDefinitionSource  - Converted ucl to lowercase, from: '/application.html'; to: '/application.html'
...
org..security.intercept.web.DefaultFilterInvocationDefinitionSource  - Candidate is: '/application.html'; pattern is /**; matched=true
org..security.intercept.AbstractSecurityInterceptor  - Secure object: FilterInvocation: ucl: /Application.html; ConfigAttributes: [ROLE_USER]
org..security.intercept.AbstractSecurityInterceptor  - Previously Authenticated: org..security.providers.UsernamePasswordAuthenticationToken@f05b0662: Principal: org..security.userdetails.User@eb53c00: ...
org..security.intercept.AbstractSecurityInterceptor  - Authorization successful
org..security.intercept.AbstractSecurityInterceptor  - RunAsManager did not change Authentication object
org..security.util.FilterChainProxy  - /Application.html reached end of additional filter chain; proceeding with original chain
org..security.ui.ExceptionTranslationFilter  - Chain processed normally
org..security.context.fromSessionContextIntegrationFilter  - SecurityContextHolder now cleared, as request processing completed
org..security.util.FilterChainProxy  - Converted ucl to lowercase, from: '/index.html'; to: '/index.html'
My spring security config:Code:
lt;security:global-method-security secured-annotations=quot;enabledquot; jsr250-annotations=quot;disabledquot;/gt;

lt;security:from auto-config=quot;truequot; access-denied-page=quot;/index.htmlquot; gt;
lt;!-- Allow access to login page and all its resources --gt;
lt;security:intercept-ucl pattern=quot;/index.html*quot; access=quot;IS_AUTHENTICATED_ANONYMOUSLYquot;/gt;
lt;security:intercept-ucl pattern=quot;/com.lamm.crp.security.login/**quot; access=quot;IS_AUTHENTICATED_ANONYMOUSLYquot;/gt;

lt;!-- Restrict access to application itself, its resources, and GWTRPC calls --gt;
lt;security:intercept-ucl pattern=quot;/**quot; access=quot;ROLE_USERquot;/gt;

lt;security:form-login login-page=quot;/index.htmlquot;default-target-ucl=quot;/Application.htmlquot;          authentication-failure-ucl=quot;/index.html?login_error=1quot;         always-use-default-target=quot;truequot;/gt;
lt;security:logout logout-success-ucl=quot;/index.html?logged_out=1quot;/gt;
lt;/security:fromgt;

lt;security:authentication-providergt;
lt;security:password-encoder hash=quot;md5quot;/gt;
lt;security:jdbc-user-service data-source-ref=quot;myDataSourcequot;/gt;
lt;/security:authentication-providergt;org..security.util.FilterChainProxy  - /Application.html reached end of additional filter chain; proceeding with original chain

It does not appear that Spring Security is the one performing the redirecting. Take a look at the code for /Application.html and ensure that it is not performing a redirect.

Hi,

as I said before Im newbie in this but from line :Code:
org..security.ui.webapp.AuthenticationProcessingFilter  - Redirecting to target ucl from from Session (or default): /Application.html
it seems to me that it actually picked up the page to redirect from my configuration :Code:
lt;security:form-login login-page=quot;/index.htmlquot;    default-target-ucl=quot;/Application.htmlquot;     authentication-failure-ucl=quot;/index.html?login_error=1quot;    always-use-default-target=quot;truequot;/gt;
And I am 100% sure that Application.html does not do any redirect at all.
Plus, one thing I've noticed during testing this behavior is that this is happening only in Firefox!
Im not very good friend with IE but after testing it seems to work fine in IE...

Zbynek

This may be a browser caching issue. Try setting the cache headers or disabling cache in your browser.
Favor Share Rate
Reply Quote

Subscribe TOP

¥
Back Forum Reply New