I am currently running into issue with the user context not persisting after a successfully logon. I am pretty sure it a configuration issue but not sure where.
Running Spring 3.2.8, Spring Secuirty 3.2.3, with Crowd Spring 2.6.3 using Crowd 2.6.3.
I based my custom spring application off the documentation (https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Spring+Security) and code sample from (https://bitbucket.org/jwalton/crowd-spring-security-sample.git).
Here is a snippet from the logs from the application:
org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/login.jsp'; against '/login.jsp' org.springframework.security.web.FilterChainProxy: /login.jsp has an empty filter list org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/security_check'; against '/login.jsp' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/security_check'; against '/error.json' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/security_check'; against '/success.json' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/security_check'; against '/rest/public/authenticated' org.springframework.security.web.FilterChainProxy: /security_check at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' org.springframework.security.web.context.HttpSessionSecurityContextRepository: HttpSession returned null object for SPRING_SECURITY_CONTEXT org.springframework.security.web.context.HttpSessionSecurityContextRepository: No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@39dc44b6. A new one will be created. org.springframework.security.web.FilterChainProxy: /security_check at position 2 of 10 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' org.springframework.security.web.FilterChainProxy: /security_check at position 3 of 10 in additional filter chain; firing Filter: 'LogoutFilter' org.springframework.security.web.FilterChainProxy: /security_check at position 4 of 10 in additional filter chain; firing Filter: 'CrowdSSOAuthenticationProcessingFilter' com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter: Request is to process authentication org.springframework.security.authentication.ProviderManager: Authentication attempt using com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider: Processing a UsernamePasswordAuthenticationToken org.codehaus.xfire.client.XFireProxy: Method [authenticatePrincipal] [com.atlassian.crowd.integration.authentication.AuthenticatedToken@5a3c2fd0[name=*******,token=*******], com.atlassian.crowd.integration.authentication.UserAuthenticationContext@3c9373f7[name=username,credential=com.atlassian.crowd.integration.authentication.PasswordCredential@74a27c32[credential=password,encryptedCredential=false],validationFactors={com.atlassian.crowd.integration.authentication.ValidationFactor@5787f270[name=remote_address,value=0:0:0:0:0:0:0:1%0]},application=*******]] org.codehaus.xfire.transport.http.HttpTransport: Creating new channel for uri: urn:xfire:transport:http:139756529970430-1046289272 org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.handler.OutMessageSender@19535154 to phase send org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapActionOutHandler@7b5dcd5b to phase transport org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapSerializerHandler@4b5550a3 to phase post-invoke org.codehaus.xfire.handler.HandlerPipeline: Invoking phase post-invoke org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapSerializerHandler in phase post-invoke org.codehaus.xfire.handler.HandlerPipeline: Invoking phase policy org.codehaus.xfire.handler.HandlerPipeline: Invoking phase user org.codehaus.xfire.handler.HandlerPipeline: Invoking phase transport org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapActionOutHandler in phase transport org.codehaus.xfire.handler.HandlerPipeline: Invoking phase send org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.handler.OutMessageSender in phase send org.codehaus.xfire.client.Client: Received message to http://****:8095/crowd/services/SecurityServer org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.client.CorrelatorHandler@275d1413 to phase pre-dispatch org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.ReadHeadersHandler@16b93531 to phase parse org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler@59532f9e to phase pre-invoke org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.handler.LocateBindingHandler@645b5be2 to phase dispatch org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapActionInHandler@29ed85e7 to phase dispatch org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapBodyHandler@28f21632 to phase dispatch org.codehaus.xfire.handler.HandlerPipeline: Invoking phase transport org.codehaus.xfire.handler.HandlerPipeline: Invoking phase parse org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.ReadHeadersHandler in phase parse org.codehaus.xfire.handler.HandlerPipeline: Invoking phase pre-dispatch org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.client.CorrelatorHandler in phase pre-dispatch org.codehaus.xfire.client.Client: Correlating context with ID 139756529970431-1910751842 org.codehaus.xfire.client.Client: Found correlated context with ID 139756529970431-1910751842 org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.client.ClientReceiveHandler@4fd0ff95 to phase service org.codehaus.xfire.handler.HandlerPipeline: Invoking phase dispatch org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.handler.LocateBindingHandler in phase dispatch org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapBodyHandler in phase dispatch org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapActionInHandler in phase dispatch org.codehaus.xfire.handler.HandlerPipeline: Invoking phase policy org.codehaus.xfire.handler.HandlerPipeline: Invoking phase user org.codehaus.xfire.handler.HandlerPipeline: Invoking phase pre-invoke org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler in phase pre-invoke org.codehaus.xfire.handler.HandlerPipeline: Invoking phase service org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.client.ClientReceiveHandler in phase service org.codehaus.xfire.client.XFireProxy: Result [0060aFa2mwnYFcg8ENJ3kA00] org.codehaus.xfire.client.XFireProxy: Method [getCookieInfo] [com.atlassian.crowd.integration.authentication.AuthenticatedToken@5a3c2fd0[name=*******,token=*******]] org.codehaus.xfire.transport.http.HttpTransport: Creating new channel for uri: urn:xfire:transport:http:139756529994332-257757693 org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.handler.OutMessageSender@7f398360 to phase send org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapActionOutHandler@7b5dcd5b to phase transport org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapSerializerHandler@4b5550a3 to phase post-invoke org.codehaus.xfire.handler.HandlerPipeline: Invoking phase post-invoke org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapSerializerHandler in phase post-invoke org.codehaus.xfire.handler.HandlerPipeline: Invoking phase policy org.codehaus.xfire.handler.HandlerPipeline: Invoking phase user org.codehaus.xfire.handler.HandlerPipeline: Invoking phase transport org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapActionOutHandler in phase transport org.codehaus.xfire.handler.HandlerPipeline: Invoking phase send org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.handler.OutMessageSender in phase send org.codehaus.xfire.client.Client: Received message to http://****:8095/crowd/services/SecurityServer org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.client.CorrelatorHandler@6ac481fa to phase pre-dispatch org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.ReadHeadersHandler@16b93531 to phase parse org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler@59532f9e to phase pre-invoke org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.handler.LocateBindingHandler@645b5be2 to phase dispatch org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapActionInHandler@29ed85e7 to phase dispatch org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.soap.handler.SoapBodyHandler@28f21632 to phase dispatch org.codehaus.xfire.handler.HandlerPipeline: Invoking phase transport org.codehaus.xfire.handler.HandlerPipeline: Invoking phase parse org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.ReadHeadersHandler in phase parse org.codehaus.xfire.handler.HandlerPipeline: Invoking phase pre-dispatch org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.client.CorrelatorHandler in phase pre-dispatch org.codehaus.xfire.client.Client: Correlating context with ID 139756529994433-1011096177 org.codehaus.xfire.client.Client: Found correlated context with ID 139756529994433-1011096177 org.codehaus.xfire.handler.HandlerPipeline: adding handler org.codehaus.xfire.client.ClientReceiveHandler@b317ad9 to phase service org.codehaus.xfire.handler.HandlerPipeline: Invoking phase dispatch org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.handler.LocateBindingHandler in phase dispatch org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapBodyHandler in phase dispatch org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.SoapActionInHandler in phase dispatch org.codehaus.xfire.handler.HandlerPipeline: Invoking phase policy org.codehaus.xfire.handler.HandlerPipeline: Invoking phase user org.codehaus.xfire.handler.HandlerPipeline: Invoking phase pre-invoke org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler in phase pre-invoke org.codehaus.xfire.handler.HandlerPipeline: Invoking phase service org.codehaus.xfire.handler.HandlerPipeline: Invoking handler org.codehaus.xfire.client.ClientReceiveHandler in phase service org.codehaus.xfire.client.XFireProxy: Result [com.atlassian.crowd.integration.soap.SOAPCookieInfo@248bb85[domain=mobilehealth.va.gov,secure=false]] com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter: Authentication success. Updating SecurityContextHolder to contain: com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationToken@58fd6328: Principal: com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails@750f19ee; Credentials: [PROTECTED]; Authenticated: true; Details: com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationDetails@dbe6f9b4; Granted Authorities: ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_**** org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler: Using default Url: /success.json org.springframework.security.web.DefaultRedirectStrategy: Redirecting to '/App/success.json' org.springframework.security.web.context.HttpSessionSecurityContextRepository: SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@58fd6328: Authentication: com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationToken@58fd6328: Principal: com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails@750f19ee; Credentials: [PROTECTED]; Authenticated: true; Details: com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationDetails@dbe6f9b4; Granted Authorities: ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****, ROLE_****&M, ROLE_****, ROLE_****, ROLE_****' org.springframework.security.web.context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/success.json'; against '/login.jsp' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/success.json'; against '/error.json' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/success.json'; against '/success.json' org.springframework.security.web.FilterChainProxy: /success.json has an empty filter list
Here is a snippet from the applicationContext-security.xml from the application:
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> <!-- <debug /> <beans:alias name="springSecurityFilterChain" alias="org.springframework.security.filterChainProxy"/> --> <!-- Added for Integrating Crowd with Spring Security --> <!-- 3.1 Configuring Centralised User Management --> <!-- 3.1.1 --> <beans:bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl"> <beans:property name="authenticationManager" ref="crowdAuthenticationManager"/> <beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/> <beans:property name="userManager" ref="crowdUserManager"/> <beans:property name="authorityPrefix" value="ROLE_"/> </beans:bean> <!-- 3.1.2 --> <beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider"> <beans:constructor-arg ref="crowdAuthenticationManager"/> <beans:constructor-arg ref="httpAuthenticator"/> <beans:constructor-arg ref="crowdUserDetailsService"/> </beans:bean> <http pattern="/login.jsp" security="none" /> <http pattern="/error.json" security="none" /> <http pattern="/success.json" security="none" /> <http auto-config="false" entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint"> <custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter"/> <custom-filter position="LOGOUT_FILTER" ref="logoutFilter"/> <!-- setting access to backend services--> <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" /> <intercept-url pattern="/rest/public/authenticated" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED" /> <!-- intercepted urls --> <intercept-url pattern="/security_logout" access="IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"/> <intercept-url pattern="/security_check" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <session-management session-fixation-protection="newSession"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> </http> <authentication-manager alias='authenticationManager'> <authentication-provider ref='crowdAuthenticationProvider'/> </authentication-manager> <beans:bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/> <beans:bean id="crowdAuthenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <beans:constructor-arg value="/login.jsp"/> </beans:bean> <beans:bean id="authenticationProcessingFilter" class="com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter"> <beans:property name="httpAuthenticator" ref="httpAuthenticator"/> <beans:property name="authenticationManager" ref="authenticationManager"/> <beans:property name="filterProcessesUrl" value="/security_check"/> <beans:property name="authenticationFailureHandler"> <beans:bean class="com.atlassian.crowd.integration.springsecurity.UsernameStoringAuthenticationFailureHandler"> <beans:property name="defaultFailureUrl" value="/error.json"/> </beans:bean> </beans:property> <beans:property name="authenticationSuccessHandler"> <beans:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> <beans:property name="defaultTargetUrl" value="/success.json"/> </beans:bean> </beans:property> </beans:bean> <beans:bean id="crowdLogoutHandler" class="com.atlassian.crowd.integration.springsecurity.CrowdLogoutHandler"> <beans:property name="httpAuthenticator" ref="httpAuthenticator"/> </beans:bean> <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <beans:constructor-arg value="/login.html"/> <beans:constructor-arg> <beans:list> <beans:ref bean="crowdLogoutHandler"/> <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/> </beans:list> </beans:constructor-arg> <beans:property name="filterProcessesUrl" value="/console/logoff.action"/> </beans:bean> </beans:beans>
Here is a snippet from the web.xml from the application:
<!-- Enables Spring Security--> <filter> <filter-name>security-check</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetBeanName</param-name> <param-value>springSecurityFilterChain</param-value> </init-param> </filter> <filter-mapping> <filter-name>security-check</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
Community moderators have prevented the ability to post new answers.
Well, not sure what the exact problem was. Here is what I did to reslove the problem.
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> <http auto-config="true"> <intercept-url pattern="/rest/**" access="My Role" /> <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/error.json?error" username-parameter="username" password-parameter="password" /> <logout logout-success-url="/error.json?logout" /> </http> <authentication-manager alias='authenticationManager'> <authentication-provider ref='crowdAuthenticationProvider'/> </authentication-manager> <beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider"> <beans:constructor-arg ref="crowdAuthenticationManager"/> <beans:constructor-arg ref="httpAuthenticator"/> <beans:constructor-arg ref="crowdUserDetailsService"/> </beans:bean> <beans:bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl"> <beans:property name="authenticationManager" ref="crowdAuthenticationManager"/> <beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/> <beans:property name="userManager" ref="crowdUserManager"/> <beans:property name="authorityPrefix" value="ROLE_"/> </beans:bean> </beans:beans>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.