Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Crowd & Spring Integration Sample Not Persisting User Context

Reuben C.
Reuben C. April 10, 2014

I am currently running into issue with the user context not persisting after a successfully logon. I am pretty sure it a configuration issue but not sure where.

Running Spring 3.2.8, Spring Secuirty 3.2.3, with Crowd Spring 2.6.3 using Crowd 2.6.3.

I based my custom spring application off the documentation (https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Spring+Security) and code sample from (https://bitbucket.org/jwalton/crowd-spring-security-sample.git).

Here is a snippet from the logs from the application:

org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/login.jsp'; against '/login.jsp'
org.springframework.security.web.FilterChainProxy: /login.jsp has an empty filter list
org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/security_check'; against '/login.jsp'
org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/security_check'; against '/error.json'
org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/security_check'; against '/success.json'
org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/security_check'; against '/rest/public/authenticated'
org.springframework.security.web.FilterChainProxy: /security_check at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
org.springframework.security.web.context.HttpSessionSecurityContextRepository: HttpSession returned null object for SPRING_SECURITY_CONTEXT
org.springframework.security.web.context.HttpSessionSecurityContextRepository: No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@39dc44b6. A new one will be created.
org.springframework.security.web.FilterChainProxy: /security_check at position 2 of 10 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
org.springframework.security.web.FilterChainProxy: /security_check at position 3 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
org.springframework.security.web.FilterChainProxy: /security_check at position 4 of 10 in additional filter chain; firing Filter: 'CrowdSSOAuthenticationProcessingFilter'
com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter: Request is to process authentication
org.springframework.security.authentication.ProviderManager: Authentication attempt using com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider
com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider: Processing a UsernamePasswordAuthenticationToken
org.codehaus.xfire.client.XFireProxy: Method [authenticatePrincipal] [com.atlassian.crowd.integration.authentication.AuthenticatedToken@5a3c2fd0[name=*******,token=*******], com.atlassian.crowd.integration.authentication.UserAuthenticationContext@3c9373f7[name=username,credential=com.atlassian.crowd.integration.authentication.PasswordCredential@74a27c32[credential=password,encryptedCredential=false],validationFactors={com.atlassian.crowd.integration.authentication.ValidationFactor@5787f270[name=remote_address,value=0:0:0:0:0:0:0:1%0]},application=*******]]
org.codehaus.xfire.transport.http.HttpTransport: Creating new channel for uri: urn:xfire:transport:http:139756529970430-1046289272
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.handler.OutMessageSender@19535154 to phase send
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapActionOutHandler@7b5dcd5b to phase transport
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapSerializerHandler@4b5550a3 to phase post-invoke
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase post-invoke
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapSerializerHandler in phase post-invoke
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase policy
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase user
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase transport
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapActionOutHandler in phase transport
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase send
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.handler.OutMessageSender in phase send
org.codehaus.xfire.client.Client: Received message to http://****:8095/crowd/services/SecurityServer
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.client.CorrelatorHandler@275d1413 to phase pre-dispatch
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.ReadHeadersHandler@16b93531 to phase parse
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler@59532f9e to phase pre-invoke
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.handler.LocateBindingHandler@645b5be2 to phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapActionInHandler@29ed85e7 to phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapBodyHandler@28f21632 to phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase transport
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase parse
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.ReadHeadersHandler in phase parse
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase pre-dispatch
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.client.CorrelatorHandler in phase pre-dispatch
org.codehaus.xfire.client.Client: Correlating context with ID 139756529970431-1910751842
org.codehaus.xfire.client.Client: Found correlated context with ID 139756529970431-1910751842
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.client.ClientReceiveHandler@4fd0ff95 to phase service
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.handler.LocateBindingHandler in phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapBodyHandler in phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapActionInHandler in phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase policy
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase user
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase pre-invoke
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler in phase pre-invoke
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase service
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.client.ClientReceiveHandler in phase service
org.codehaus.xfire.client.XFireProxy: Result [0060aFa2mwnYFcg8ENJ3kA00]
org.codehaus.xfire.client.XFireProxy: Method [getCookieInfo] [com.atlassian.crowd.integration.authentication.AuthenticatedToken@5a3c2fd0[name=*******,token=*******]]
org.codehaus.xfire.transport.http.HttpTransport: Creating new channel for uri: urn:xfire:transport:http:139756529994332-257757693
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.handler.OutMessageSender@7f398360 to phase send
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapActionOutHandler@7b5dcd5b to phase transport
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapSerializerHandler@4b5550a3 to phase post-invoke
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase post-invoke
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapSerializerHandler in phase post-invoke
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase policy
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase user
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase transport
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapActionOutHandler in phase transport
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase send
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.handler.OutMessageSender in phase send
org.codehaus.xfire.client.Client: Received message to http://****:8095/crowd/services/SecurityServer
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.client.CorrelatorHandler@6ac481fa to phase pre-dispatch
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.ReadHeadersHandler@16b93531 to phase parse
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler@59532f9e to phase pre-invoke
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.handler.LocateBindingHandler@645b5be2 to phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapActionInHandler@29ed85e7 to phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapBodyHandler@28f21632 to phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase transport
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase parse
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.ReadHeadersHandler in phase parse
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase pre-dispatch
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.client.CorrelatorHandler in phase pre-dispatch
org.codehaus.xfire.client.Client: Correlating context with ID 139756529994433-1011096177
org.codehaus.xfire.client.Client: Found correlated context with ID 139756529994433-1011096177
org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.client.ClientReceiveHandler@b317ad9 to phase service
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.handler.LocateBindingHandler in phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapBodyHandler in phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapActionInHandler in phase dispatch
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase policy
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase user
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase pre-invoke
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler in phase pre-invoke
org.codehaus.xfire.handler.HandlerPipeline: Invoking phase service
org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.client.ClientReceiveHandler in phase service
org.codehaus.xfire.client.XFireProxy: Result [com.atlassian.crowd.integration.soap.SOAPCookieInfo@248bb85[domain=mobilehealth.va.gov,secure=false]]
com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter: Authentication success. Updating SecurityContextHolder to contain: com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationToken@58fd6328: Principal: com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails@750f19ee; Credentials: [PROTECTED]; Authenticated: true; Details: com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationDetails@dbe6f9b4; Granted Authorities: ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****
org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler: Using default Url: /success.json
org.springframework.security.web.DefaultRedirectStrategy: Redirecting to '/App/success.json'
org.springframework.security.web.context.HttpSessionSecurityContextRepository: SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@58fd6328: Authentication: com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationToken@58fd6328: Principal: com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails@750f19ee; Credentials: [PROTECTED]; Authenticated: true; Details: com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationDetails@dbe6f9b4; Granted Authorities: ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****&M, ROLE_****, ROLE_****, ROLE_****'
org.springframework.security.web.context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed
org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/success.json'; against '/login.jsp'
org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/success.json'; against '/error.json'
org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/success.json'; against '/success.json'
org.springframework.security.web.FilterChainProxy: /success.json has an empty filter list

Here is a snippet from the applicationContext-security.xml from the application:

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!--
        <debug />
        <beans:alias name="springSecurityFilterChain" alias="org.springframework.security.filterChainProxy"/>
    -->

    <!-- Added for Integrating Crowd with Spring Security -->

    <!-- 3.1 Configuring Centralised User Management -->

    <!-- 3.1.1 -->
    <beans:bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
        <beans:property name="authenticationManager" ref="crowdAuthenticationManager"/>
        <beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/>
        <beans:property name="userManager" ref="crowdUserManager"/>
        <beans:property name="authorityPrefix" value="ROLE_"/>
    </beans:bean>

    <!-- 3.1.2 -->
    <beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
        <beans:constructor-arg ref="crowdAuthenticationManager"/>
        <beans:constructor-arg ref="httpAuthenticator"/>
        <beans:constructor-arg ref="crowdUserDetailsService"/>
    </beans:bean>

    <http pattern="/login.jsp" security="none" />
    <http pattern="/error.json" security="none" />
    <http pattern="/success.json" security="none" />

    <http auto-config="false"
          entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint">
        <custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter"/>
        <custom-filter position="LOGOUT_FILTER" ref="logoutFilter"/>

        <!-- setting access to backend services-->
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <intercept-url pattern="/rest/public/authenticated" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED" />

        <!-- intercepted urls -->
        <intercept-url pattern="/security_logout" access="IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"/>
        <intercept-url pattern="/security_check" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

        <session-management session-fixation-protection="newSession">
            <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
        </session-management>

    </http>


    <authentication-manager alias='authenticationManager'>
        <authentication-provider ref='crowdAuthenticationProvider'/>
    </authentication-manager>

    <beans:bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>

    <beans:bean id="crowdAuthenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <beans:constructor-arg value="/login.jsp"/>
    </beans:bean>

    <beans:bean id="authenticationProcessingFilter" class="com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter">
        <beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
        <beans:property name="authenticationManager" ref="authenticationManager"/>
        <beans:property name="filterProcessesUrl" value="/security_check"/>
        <beans:property name="authenticationFailureHandler">
            <beans:bean class="com.atlassian.crowd.integration.springsecurity.UsernameStoringAuthenticationFailureHandler">
                <beans:property name="defaultFailureUrl" value="/error.json"/>
            </beans:bean>
        </beans:property>

        <beans:property name="authenticationSuccessHandler">
            <beans:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
                <beans:property name="defaultTargetUrl" value="/success.json"/>
            </beans:bean>
        </beans:property>
    </beans:bean>

    <beans:bean id="crowdLogoutHandler" class="com.atlassian.crowd.integration.springsecurity.CrowdLogoutHandler">
        <beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
    </beans:bean>

    <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
        <beans:constructor-arg value="/login.html"/>
        <beans:constructor-arg>
            <beans:list>
                <beans:ref bean="crowdLogoutHandler"/>
                <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
            </beans:list>
        </beans:constructor-arg>
        <beans:property name="filterProcessesUrl" value="/console/logoff.action"/>
    </beans:bean>
</beans:beans>

Here is a snippet from the web.xml from the application: 

<!-- Enables Spring Security-->
    <filter>
        <filter-name>security-check</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
            <param-name>targetBeanName</param-name>
            <param-value>springSecurityFilterChain</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>security-check</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>ERROR</dispatcher>
    </filter-mapping>

Watch
Like Be the first to like this
1079 views

1 answer

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Answer accepted
Reuben C.
Reuben C. April 16, 2014

Well, not sure what the exact problem was. Here is what I did to reslove the problem.

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.2.xsd">


    <http auto-config="true">
        <intercept-url pattern="/rest/**" access="My Role" />
        <form-login
                login-page="/login"
                default-target-url="/welcome"
                authentication-failure-url="/error.json?error"
                username-parameter="username"
                password-parameter="password" />
        <logout logout-success-url="/error.json?logout" />
    </http>

    <authentication-manager alias='authenticationManager'>
        <authentication-provider ref='crowdAuthenticationProvider'/>
    </authentication-manager>


    <beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
        <beans:constructor-arg ref="crowdAuthenticationManager"/>
        <beans:constructor-arg ref="httpAuthenticator"/>
        <beans:constructor-arg ref="crowdUserDetailsService"/>
    </beans:bean>

    <beans:bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
        <beans:property name="authenticationManager" ref="crowdAuthenticationManager"/>
        <beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/>
        <beans:property name="userManager" ref="crowdUserManager"/>
        <beans:property name="authorityPrefix" value="ROLE_"/>
    </beans:bean>
</beans:beans>

Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events