• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

spring security issue  RSS feed

 
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Hello Every one.

In our project we are implementing spring security. Before I have done the changes it is working fine. I've changed to annotation based. spring is working fine. But I am not able to access "login" page also.
I tried to find out the issue but unable to. Please help me in resolving this issue. In the below xml file I removed filters="none" for "themes, login, /app/password, /services, /notfound". These were there in previous build. In the previous build we are using spring 3.0.0. and used xml based configuration. Now we changed to 3.1 and annotation based configuration.

spring-security.xml


I'm posting only code which is related to security.

NXLLoginUrlAuthenticationEntryPoint.java


Thank You very much for all help

Thanks and Regards,
G. Sathish Kumar
 
Ranch Hand
Posts: 672
4
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

maheedar sand wrote:But I am not able to access "login" page also.


what do you get when you try to acess the login page, a 404 or a access denied page?
 
maheedar sand
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Thank You for the reply.

I'm getting ERR_TOO_MANY_REDIRECTS error. It is calling implementation class "NXLLoginUrlAuthenticationEntryPoint"'s determineUrlToUseForThisRequest() method repetetively and causing redirect loop.

Thanks and Regards,
G. Sathish Kumar
 
Prasad Krishnegowda
Ranch Hand
Posts: 672
4
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Post the statcktrace and the complete error..
 
maheedar sand
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

In our project we are implementing spring security using preauthenticated credentials. When we enter url and hit go, login page is displayed. Once credentials are entered and click login it is throwing exception. In the stack it telling authenticated, but not granted any roles. I searched in the net and included password encoder as sha. I'm not able to figure out where to change my code. I'm new to spring security.
..
Thanks and Regards,
G. Sathish Kumar
 
maheedar sand
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

The below is the tomcat log when we deployed and run.

2015-01-21 15:14:11,135 INFO [NXLRedirectStrategy.java:57] : Redirecting to 'https://localhost:9443/CVPSCCUI'
2015-01-21 15:14:11,137 DEBUG [HttpSessionSecurityContextRepository.java:351] : SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@de8303e1: Authentication: org.springframework.
security.authentication.UsernamePasswordAuthenticationToken@de8303e1: Principal: december; Password: [PROTECTED]; Authenticated: true; Details: null; Not granted any authorities'

Where I need to do modifications.

Thanks and Regards,
G. Sathish Kumar
 
Prasad Krishnegowda
Ranch Hand
Posts: 672
4
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First, lets understand what are you trying to do.

You tell, you have a preauthenticated credentials, does it mean user has already entered their credentials and now trying to login to your page using spring security, so what do you intend to do here, just take them to main page without login page? Are you trying to implement Single Sign On (SSO)?
Next, why are you not adding any roles?
 
maheedar sand
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Thank You for the reply.

I'll explain you my problem. My previous employee has implemented SSO in the project using preauthenticated mechanism. He used mod_auth_tkt, a lightweight cookie-based authentication module for SSO implementation. From Internet R&D I came to know the mod_auth_tkt won't support SSO. I thought to implement CAS in my project and downloaded CAS Server and setup the server webapp. But the client is forcing us to resolve the issue ASAP. Hence stopped CAS implementation and trying to understand the implementation part. When I debugged the application it is telling no preauthenticated credentials found and it is telling Access Denied for anonymous user and displaying the home page. It is here I'm struck up. For resolving an issue with multiple databases I've setup two transaction managers, two datasources, two entitymanager factory's for project b. When I run the project a and project b as maven builds it is working fine locally, when I deploy the two projects in one tomcat instance(separate instance, not maven one) the issue is coming up. I have gone through with the stack trace and found that it is contacting another service internally which is not available. I'm not aware that service purpose. The developer worked on this is out of company.



Thanks and Regards,
G. Sathish Kumar
 
What's gotten into you? Could it be this tiny ad?
how do I do my own kindle-like thing - without amazon
https://coderanch.com/t/711421/engineering/kindle-amazon
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!