Spring Security - Problem to configure an anonymous access to register page on login's page

Greenhorn

Posts: 3

posted 11 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Hi,

I have some difficulty to implement an anonymous configuration with spring security.

application-context.xml

web.xml

<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/application-context.xml,
	        /WEB-INF/beans-security.xml
        </param-value>		
	</context-param>
	
	
	<servlet>
		<servlet-name>PopupCommunication</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<init-param>
			<param-name>contextConfigLocation</param-name>
			<param-value>/WEB-INF/dispatcher-context.xml</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
	</servlet>
	
		
	<servlet-mapping>
		<servlet-name>PopupCommunication</servlet-name>
		<url-pattern>/admin/**</url-pattern>
	</servlet-mapping>			
	<servlet-mapping>
		<servlet-name>PopupCommunication</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>

<filter>
	  <filter-name>sitemesh</filter-name>
	  <filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class>
	</filter>
	
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>

<filter>
  
   <filter-name>encoding-filter</filter-name>
        <filter-class>
            org.springframework.web.filter.CharacterEncodingFilter
        </filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
    </filter>

<filter-mapping>
        <filter-name>encoding-filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

<filter>
		<filter-name>OpenEntityManagerInViewFilter</filter-name>
		<filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
	    <init-param>
	        <param-name>entityManagerFactory</param-name>
	        <param-value>persistence.EntityManagerFactory</param-value>
	    </init-param>		
	</filter>
	<filter-mapping>
		<filter-name>OpenEntityManagerInViewFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>	
		
		
	
	<filter-mapping>
	  <filter-name>sitemesh</filter-name>
	  <url-pattern>/*</url-pattern>
	</filter-mapping>

Here my security-beans.xml

At begin, i had a problem to create a session id in anonymous mode. I have add create-session="always" for solve this problem but my register page ("/public/inscription") give me a blank page and in console the message "SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.".

In console:

2014-03-13 00:47:29,573 [DEBUG] (AntPathRequestMatcher.java:matches:116) Checking match of request : '/public/inscription'; against '/resources/**'
2014-03-13 00:47:29,573 [DEBUG] (FilterChainProxy.java:doFilter:337) /public/inscription at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-03-13 00:47:29,573 [DEBUG] (HttpSessionSecurityContextRepository.java:readSecurityContextFromSession:139) HttpSession returned null object for SPRING_SECURITY_CONTEXT
2014-03-13 00:47:29,574 [DEBUG] (HttpSessionSecurityContextRepository.java:loadContext:85) No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@5cbe6d8b. A new one will be created.
2014-03-13 00:47:29,574 [DEBUG] (FilterChainProxy.java:doFilter:337) /public/inscription at position 2 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2014-03-13 00:47:29,574 [DEBUG] (FilterChainProxy.java:doFilter:337) /public/inscription at position 3 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2014-03-13 00:47:29,574 [DEBUG] (FilterChainProxy.java:doFilter:337) /public/inscription at position 4 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2014-03-13 00:47:29,574 [DEBUG] (FilterChainProxy.java:doFilter:337) /public/inscription at position 5 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2014-03-13 00:47:29,574 [DEBUG] (DefaultSavedRequest.java:propertyEquals:309) pathInfo: both null (property equals)
2014-03-13 00:47:29,575 [DEBUG] (DefaultSavedRequest.java:propertyEquals:309) queryString: both null (property equals)
2014-03-13 00:47:29,575 [DEBUG] (DefaultSavedRequest.java:propertyEquals:331) requestURI: arg1=/PopupCommunication/; arg2=/PopupCommunication/public/inscription (property not equals)
2014-03-13 00:47:29,575 [DEBUG] (HttpSessionRequestCache.java:getMatchingRequest:75) saved request doesn't match
2014-03-13 00:47:29,575 [DEBUG] (FilterChainProxy.java:doFilter:337) /public/inscription at position 6 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2014-03-13 00:47:29,575 [DEBUG] (FilterChainProxy.java:doFilter:337) /public/inscription at position 7 of 11 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2014-03-13 00:47:29,576 [DEBUG] (FilterChainProxy.java:doFilter:337) /public/inscription at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2014-03-13 00:47:29,576 [DEBUG] (AnonymousAuthenticationFilter.java:doFilter:102) Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: 37CC8C88F52C4AF5DBEE27081BDD6733; Granted Authorities: ROLE_ANONYMOUS'
2014-03-13 00:47:29,576 [DEBUG] (FilterChainProxy.java:doFilter:337) /public/inscription at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2014-03-13 00:47:29,576 [DEBUG] (FilterChainProxy.java:doFilter:337) /public/inscription at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-03-13 00:47:29,576 [DEBUG] (FilterChainProxy.java:doFilter:337) /public/inscription at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2014-03-13 00:47:29,577 [DEBUG] (AntPathRequestMatcher.java:matches:116) Checking match of request : '/public/inscription'; against '/login*'
2014-03-13 00:47:29,579 [DEBUG] (AntPathRequestMatcher.java:matches:116) Checking match of request : '/public/inscription'; against '/public/**'
2014-03-13 00:47:29,580 [DEBUG] (AbstractSecurityInterceptor.java:beforeInvocation:194) Secure object: FilterInvocation: URL: /public/inscription; Attributes: [permitAll]
2014-03-13 00:47:29,580 [DEBUG] (AbstractSecurityInterceptor.java:authenticateIfRequired:310) Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: 37CC8C88F52C4AF5DBEE27081BDD6733; Granted Authorities: ROLE_ANONYMOUS
2014-03-13 00:47:29,580 [DEBUG] (AffirmativeBased.java:decide:65) Voter: org.springframework.security.web.access.expression.WebExpressionVoter@7326fd79, returned: 1
2014-03-13 00:47:29,580 [DEBUG] (AbstractSecurityInterceptor.java:beforeInvocation:215) Authorization successful
2014-03-13 00:47:29,580 [DEBUG] (AbstractSecurityInterceptor.java:beforeInvocation:227) RunAsManager did not change Authentication object
2014-03-13 00:47:29,581 [DEBUG] (FilterChainProxy.java:doFilter:323) /public/inscription reached end of additional filter chain; proceeding with original chain
2014-03-13 00:47:29,581 [DEBUG] (OpenEntityManagerInViewFilter.java:doFilterInternal:163) Opening JPA EntityManager in OpenEntityManagerInViewFilter
2014-03-13 00:47:29,583 [DEBUG] (DispatcherServlet.java:doService:823) DispatcherServlet with name 'PopupCommunication' processing GET request for [/PopupCommunication/public/inscription]
2014-03-13 00:47:29,583 [DEBUG] (AbstractHandlerMethodMapping.java:getHandlerInternal:220) Looking up handler method for path /public/inscription
2014-03-13 00:47:29,584 [DEBUG] (AbstractHandlerMethodMapping.java:getHandlerInternal:227) Returning handler method [public java.lang.String org.popupcommunication.controller.RegisterController.showIndex(org.springframework.web.context.request.WebRequest,org.springframework.ui.Model)]
2014-03-13 00:47:29,584 [DEBUG] (AbstractBeanFactory.java:doGetBean:246) Returning cached instance of singleton bean 'registerController'
2014-03-13 00:47:29,584 [DEBUG] (DispatcherServlet.java:doDispatch:912) Last-Modified value for [/PopupCommunication/public/inscription] is: -1
2014-03-13 00:47:29,585 [DEBUG] (DispatcherServlet.java:render:1206) Rendering view [org.springframework.web.servlet.view.JstlView: name 'inscription'; URL [/WEB-INF/jsp/inscription.jsp]] in DispatcherServlet with name 'PopupCommunication'
2014-03-13 00:47:29,586 [DEBUG] (InternalResourceView.java:renderMergedOutputModel:236) Forwarding to resource [/WEB-INF/jsp/inscription.jsp] in InternalResourceView 'inscription'
2014-03-13 00:47:29,594 [DEBUG] (FrameworkServlet.java:processRequest:966) Successfully completed request
2014-03-13 00:47:29,609 [DEBUG] (AbstractBeanFactory.java:doGetBean:246) Returning cached instance of singleton bean 'org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler#0'
2014-03-13 00:47:29,610 [DEBUG] (OpenEntityManagerInViewFilter.java:doFilterInternal:188) Closing JPA EntityManager in OpenEntityManagerInViewFilter
2014-03-13 00:47:29,610 [DEBUG] (EntityManagerFactoryUtils.java:closeEntityManager:338) Closing JPA EntityManager
2014-03-13 00:47:29,611 [DEBUG] (ExceptionTranslationFilter.java:doFilter:115) Chain processed normally
2014-03-13 00:47:29,611 [DEBUG] (HttpSessionSecurityContextRepository.java:saveContext:269) SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2014-03-13 00:47:29,611 [DEBUG] (SecurityContextPersistenceFilter.java:doFilter:97) SecurityContextHolder now cleared, as request processing completed

My goal was add a link to a registration's page on login's page.

Thank you in advance for your advices

Don't get me started about those stupid light bulbs.