Archive for July 2008

Spring Security (PreAuthentication) setup fails with Spring webflow, works otherwise

July 16, 2008

[16/07/08 10:52:08:611 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,611 [WebContainer : 1] DEBUG FilterChainProxy – Converted URL to lowercase, from: ‘/spring/newbusiness'; to: ‘/spring/newbusiness’
[16/07/08 10:52:08:611 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,611 [WebContainer : 1] DEBUG FilterChainProxy – Candidate is: ‘/spring/newbusiness'; pattern is /**; matched=true
[16/07/08 10:52:08:611 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,611 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain – /spring/newBusiness at position 1 of 6 in additional filter chain; firing Filter: ‘org.springframework.security.context.HttpSessionContextIntegrationFilter[ order=200; ]’
[16/07/08 10:52:08:621 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,611 [WebContainer : 1] DEBUG HttpSessionContextIntegrationFilter – No HttpSession currently exists
[16/07/08 10:52:08:621 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,621 [WebContainer : 1] DEBUG HttpSessionContextIntegrationFilter – New SecurityContext instance will be associated with SecurityContextHolder
[16/07/08 10:52:08:621 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,621 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain – /spring/newBusiness at position 2 of 6 in additional filter chain; firing Filter: ‘org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter[ order=500; ]’
[16/07/08 10:52:08:621 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,621 [WebContainer : 1] DEBUG AbstractPreAuthenticatedProcessingFilter – Checking secure context token: null
[16/07/08 10:52:08:621 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,621 [WebContainer : 1] DEBUG AbstractPreAuthenticatedProcessingFilter – preAuthenticatedPrincipal = super, trying to authenticate
[16/07/08 10:52:08:631 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,621 [WebContainer : 1] DEBUG ProviderManager – Authentication attempt using org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider
[16/07/08 10:52:08:631 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,631 [WebContainer : 1] DEBUG PreAuthenticatedAuthenticationProvider – PreAuthenticated authentication request: org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken@9561: Principal: super; Password: [PROTECTED]; Authenticated: false; Details: org.springframework.security.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities
[16/07/08 10:52:08:631 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,631 [WebContainer : 1] DEBUG AbstractPreAuthenticatedProcessingFilter – Authentication success: org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken@ae9d5b10: Principal: org.springframework.security.userdetails.User@1f60800: Username: super; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_SUPERVISOR
[16/07/08 10:52:08:631 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,631 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain – /spring/newBusiness at position 3 of 6 in additional filter chain; firing Filter: ‘org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter[ order=1100; ]’
[16/07/08 10:52:08:631 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,631 [WebContainer : 1] DEBUG SavedRequestAwareWrapper – Wrapper not replaced; no session available for SavedRequest extraction
[16/07/08 10:52:08:641 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,631 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain – /spring/newBusiness at position 4 of 6 in additional filter chain; firing Filter: ‘org.springframework.security.ui.ExceptionTranslationFilter[ order=1400; ]’
[16/07/08 10:52:08:641 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,641 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain – /spring/newBusiness at position 5 of 6 in additional filter chain; firing Filter: ‘org.springframework.security.ui.SessionFixationProtectionFilter[ order=1600; ]’
[16/07/08 10:52:08:641 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,641 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain – /spring/newBusiness at position 6 of 6 in additional filter chain; firing Filter: ‘org.springframework.security.intercept.web.FilterSecurityInterceptor@317a317a’
[16/07/08 10:52:08:661 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,641 [WebContainer : 1] DEBUG DefaultFilterInvocationDefinitionSource – Converted URL to lowercase, from: ‘/spring/newbusiness'; to: ‘/spring/newbusiness’
[16/07/08 10:52:08:671 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,661 [WebContainer : 1] DEBUG DefaultFilterInvocationDefinitionSource – Candidate is: ‘/spring/newbusiness'; pattern is /secure/extreme/*; matched=false
[16/07/08 10:52:08:671 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,671 [WebContainer : 1] DEBUG DefaultFilterInvocationDefinitionSource – Candidate is: ‘/spring/newbusiness'; pattern is /secure/*; matched=false
[16/07/08 10:52:08:671 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,671 [WebContainer : 1] DEBUG DefaultFilterInvocationDefinitionSource – Candidate is: ‘/spring/newbusiness'; pattern is /faces/policysearch*; matched=false
[16/07/08 10:52:08:681 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,671 [WebContainer : 1] DEBUG DefaultFilterInvocationDefinitionSource – Candidate is: ‘/spring/newbusiness'; pattern is /spring/*; matched=true
[16/07/08 10:52:08:681 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,681 [WebContainer : 1] DEBUG AbstractSecurityInterceptor – Secure object: FilterInvocation: URL: /spring/newBusiness; ConfigAttributes: [ROLE_SUPERVISOR, ROLE_USER]
[16/07/08 10:52:08:681 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,681 [WebContainer : 1] DEBUG AbstractSecurityInterceptor – Previously Authenticated: org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken@ae9d5b10: Principal: org.springframework.security.userdetails.User@1f60800: Username: super; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_SUPERVISOR
[16/07/08 10:52:08:681 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,681 [WebContainer : 1] DEBUG AbstractSecurityInterceptor – Authorization successful
[16/07/08 10:52:08:691 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,681 [WebContainer : 1] DEBUG AbstractSecurityInterceptor – RunAsManager did not change Authentication object
[16/07/08 10:52:08:691 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,691 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain – /spring/newBusiness reached end of additional filter chain; proceeding with original chain
[16/07/08 10:52:08:691 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,691 [WebContainer : 1] DEBUG HttpSessionContextIntegrationFilter – HttpSession being created as SecurityContextHolder contents are non-default
[16/07/08 10:52:08:701 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,691 [WebContainer : 1] DEBUG HttpSessionContextIntegrationFilter – SecurityContext stored to HttpSession: ‘org.springframework.security.context.SecurityContextImpl@ae9d5b10: Authentication: org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken@ae9d5b10: Principal: org.springframework.security.userdetails.User@1f60800: Username: super; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_SUPERVISOR’
[16/07/08 10:52:08:701 EDT] 0000002a WebApp        E   [Servlet Error]-[Spring MVC Dispatcher Servlet]: com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method  is not defined in RFC 2068 and is not supported by the Servlet API
at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext.java:538)
at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendError(SRTServletResponse.java:968)
at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:152)
at org.springframework.security.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendError(HttpSessionContextIntegrationFilter.java:498)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:788)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1068)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1009)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:359)
at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
at org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:52)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
at org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
at org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter.doFilterHttp(AbstractPreAuthenticatedProcessingFilter.java:60)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:174)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at com.ing.canada.cl.clfleets.filter.MockAuthFilter.doFilter(MockAuthFilter.java:90)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:771)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:679)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:539)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3357)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:267)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1455)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:115)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:383)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:263)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)

[16/07/08 10:52:08:992 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,992 [WebContainer : 1] DEBUG ExceptionTranslationFilter – Chain processed normally
[16/07/08 10:52:08:992 EDT] 0000002a SystemOut     O 2008-07-16 10:52:08,992 [WebContainer : 1] DEBUG HttpSessionContextIntegrationFilter – SecurityContextHolder now cleared, as request processing completed

Follow

Get every new post delivered to your Inbox.