Solved

Spring Auto login issue

Posted on 2011-03-24
16
2,998 Views
Last Modified: 2012-05-11
Hello

I'm trying to implement the below spring auto login, but my authenticationManager instance throws the below exception and is not autowired. How do I get an instance of it from Spring manually? I'm not using a spring controller, I'm using a JSF request scoped bean. I get the below exception at runtime when the container tries to autowire the authenticationManager. The requestCache comes in fine. Should I be using a method on my UserDetailsService implementation (userManager)? I don't see an appropriate method exposed by UserDetailsService that takes a UsernamePasswordAuthenticationToken objet. Any ideas? config:

config:
    <authentication-manager>
    		<authentication-provider user-service-ref="userManager">
    		        <password-encoder ref="passwordEncoder" />
    		</authentication-provider>
        </authentication-manager>

Open in new window





>Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: protected org.springframework.security.authentication.AuthenticationManager com.dc.web.actions.SignUpDetail.authenticationManager; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No unique bean of type [org.springframework.security.authentication.AuthenticationManager] is defined: expected single matching bean but found 2: [org.springframework.security.authentication.ProviderManager#0, org.springframework.security.authenticationManager]
      javax.faces.webapp.FacesServlet.service(FacesServlet.java:325)

   
 
   @Named
    @Scope("request")
    public class Signup
    {
    
        @Inject
        RequestCache requestCache;
    
        @Inject
        protected AuthenticationManager authenticationManager;
    
        public String login(){
	authenticateUserAndSetSession(utilities.getLoggedInUser(), (HttpServletRequest)        FacesUtils.getExternalContext().getRequest());
		return "/home.html";
	}
 private void authenticateUserAndSetSession(Users user,
		        HttpServletRequest request)
		    {
		        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
		                user.getUsername(), user.getPassword());

		        // generate session if one doesn't exist
		        request.getSession();

		        token.setDetails(new WebAuthenticationDetails(request));
		       Authentication authenticatedUser = authenticationManager.authenticate(token);

		        SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
		    }

    }

Open in new window

0
Comment
Question by:cgray1223
16 Comments
 
LVL 47

Expert Comment

by:for_yan
ID: 35205968
Should not you obtain instance of AuthenticationManager from ApplicationSecurityManager using the
DeafualtApplicationSecurityManager (which has construtors)
and using the method getAuthenticationManager() ?
0
 
LVL 92

Expert Comment

by:objects
ID: 35212251
you appear to have two AuthenticationManagers wired up
can you post all your security config
0
 

Author Comment

by:cgray1223
ID: 35212477
I got a lot further...I got passed that issue.  I'm able to authenticate the user as I get an Authentication object with a valid user principal object but when I send the user to /registered/home.html.  That page gets intercepted and I get redirected to the user page like I'm not authenticated.  I guess the SecurityContextHolder.getContext().setAuthentication(auth); doesn't save properly in the users session.  Any ideas?
@Named
    @Scope("request")
    public class SignUpDetail extends BaseAction{
        @Inject
        private SignUpDetailBean signUpDetailBean;
        @Inject
        private UserManager userManager;
        @Inject @Named("am")
        protected AuthenticationManager authenticationManager;

        public String login(){
            if(signUpDetailBean.getEmail() != null){
                Users currentUser = userManager.getUser(signUpDetailBean.getEmail());
                authenticateUserAndSetSession(currentUser, (HttpServletRequest) FacesUtils.getExternalContext().getRequest());

                return "/registered/home.html";
            }else{

                return "/auth/login.html";
            }

        }

     private void authenticateUserAndSetSession(Users user,
                    HttpServletRequest request)
                {
             UserDetails details = userManager.loadUserByUsername(user.getUsername());
             UsernamePasswordAuthenticationToken usernameAndPassword = 
                 new UsernamePasswordAuthenticationToken(
                     user.getUsername(), "pwd", details.getAuthorities());

             // Authenticate, just to be sure
             Authentication auth = authenticationManager.authenticate(usernameAndPassword);

             // Place the new Authentication object in the security context.
             SecurityContextHolder.getContext().setAuthentication(auth);
        }

<context:annotation-config />
    <context:component-scan base-package="dc" />
    <global-method-security />
    <http security="none" pattern="/javax.faces.resource/**" />
    <http security="none" pattern="/services/rest-api/1.0/**" />
    <http security="none" pattern="/preregistered/*" />
    <http access-denied-page="/auth/denied.html">
        <intercept-url
            pattern="/**/*.xhtml"
            access="ROLE_NONE_GETS_ACCESS" />
        <intercept-url
            pattern="/auth/**"
            access="ROLE_ANONYMOUS,ROLE_USER" />
         <intercept-url
            pattern="/auth/*"
            access="ROLE_ANONYMOUS" />
         <intercept-url
            pattern="/registered/*"
            access="ROLE_USER" />
          <intercept-url
            pattern="/*"
           access="ROLE_ANONYMOUS" />
        <form-login
            login-processing-url="/j_spring_security_check.html"
            login-page="/auth/login.html"
            default-target-url="/registered/home.html"
            authentication-failure-url="/auth/login.html" />
         <logout invalidate-session="true" 
              logout-success-url="/" 
              logout-url="/auth/logout.html"/>
        <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
        <remember-me user-service-ref="userManager" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
    </http>
    <!-- Configure the authentication provider -->
    <authentication-manager alias="am">
        <authentication-provider user-service-ref="userManager">
                <password-encoder ref="passwordEncoder" />
        </authentication-provider>
    </authentication-manager>

Open in new window

0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 92

Expert Comment

by:objects
ID: 35212496
enable debug logging for the security package to get a better idea whats happening
0
 
LVL 92

Expert Comment

by:objects
ID: 35212502
what page are getting redirected to?
Is the role set correctly for the user?
0
 

Author Comment

by:cgray1223
ID: 35212509
i get sent to the auth/login.html page which is the page i have configured at login.  Basically im trying to auto login after the user fills out the registration form.  The flow use to be just send them to auth/login.html and they would login and its fine.  Now auto auths them and does attempt to send to registered/home.html and that url does have a user_role requirement but that role is associated to that user prior to the redirect.  I can see it in the debugger.
0
 
LVL 92

Expert Comment

by:objects
ID: 35212514
debug logging will show you why its being redirected there
0
 

Author Comment

by:cgray1223
ID: 35212520
how is that enabled?
0
 
LVL 92

Expert Comment

by:objects
ID: 35212522
in your log4j config
0
 

Author Comment

by:cgray1223
ID: 35212721
thanks, I got more info now.  It looks like Spring doesn't recognize my Authentication as being associated to ROLE_USER.  I trace the code in the debugger and it does call my getAuthorities method of my UserDetails implementation.  I attached a picture of my debugger view.  So somehow its not saving.  I looked at the SecurityContext context = SecurityContextHolder.getContext(); at the very end and it does have the ROLE_USER so somehow its not getting associated to my HttpSession.

0:51:23,066 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/registered/*'
20:51:23,067 DEBUG FilterSecurityInterceptor:191 - Secure object: FilterInvocation: URL: /registered/home.html; Attributes: [ROLE_USER]
20:51:23,067 DEBUG FilterSecurityInterceptor:291 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@2ba823d0: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffdaa08: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 1808E4A5E551B6643C4DA801CBD94C21; Granted Authorities: ROLE_ANONYMOUS
20:51:23,067 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.RoleVoter@e49f9fa, returned: -1
20:51:23,067 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@3aa09a08, returned: 0
20:51:23,068 DEBUG ExceptionTranslationFilter:151 - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
      at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71)
Screen-shot-2011-03-24-at-9.00.0.png
0
 
LVL 92

Expert Comment

by:objects
ID: 35219637
looks to have authenticated you as an anonymous user
check further up the log where the authentication takes place
0
 

Author Comment

by:cgray1223
ID: 35220450
below is my entire log from when I click the signup button on signup.html that maps to my backing bean method (request scope) that has the code to store a UsernamePasswordAuthenticationToken in the SecurityContext and then sends the user to registered/home.html.  I have Authentication auth = SecurityContextHolder.getContext().getAuthentication(); right before I send the user to registered/home.html and it has a user principal and a valid user role.  You see anything?  



18:48:59,063 DEBUG ProviderManager:130 - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
18:48:59,063 DEBUG SharedEntityManagerCreator$SharedEntityManagerInvocationHandler:231 - Creating new EntityManager for shared EntityManager invocation
18:48:59,064 DEBUG DriverManagerDataSource:162 - Creating new JDBC DriverManager Connection to [jdbc:mysql://localhost:3306/dreamcatcher]
Hibernate: select users0_.ID as ID3_, users0_.BEGIN_EFFECTIVE_DATE as BEGIN2_3_, users0_.BIRTH_YEAR as BIRTH3_3_, users0_.BOOKMARKLET_LAST_USED_DATE as BOOKMARK4_3_, users0_.CITY as CITY3_, users0_.CREATION_DATE as CREATION6_3_, users0_.EMAIL as EMAIL3_, users0_.EMAIL_NOTIFICATION as EMAIL8_3_, users0_.END_EFFECTIVE_DATE as END9_3_, users0_.FAILED_LOGIN_ATTEMPTS as FAILED10_3_, users0_.FIRST_NAME as FIRST11_3_, users0_.GENDER as GENDER3_, users0_.GROUP_EMAIL_NOTIFICATION as GROUP13_3_, users0_.LAST_LOGIN_DATE as LAST14_3_, users0_.LAST_NAME as LAST15_3_, users0_.MOBILE_LAST_USED_DATE as MOBILE16_3_, users0_.PASSWORD as PASSWORD3_, users0_.SCREENSAVER_LAST_USED_DATE as SCREENS18_3_, users0_.STATE as STATE3_, users0_.STATUS as STATUS3_, users0_.STREET_ADDRESS as STREET21_3_, users0_.TYPE as TYPE3_, users0_.SITE_USAGE as SITE23_3_, users0_.USER_NAME as USER24_3_, users0_.ZIPCODE as ZIPCODE3_ from USER users0_ where users0_.USER_NAME=upper(?)
18:48:59,080 DEBUG EntityManagerFactoryUtils:328 - Closing JPA EntityManager
18:48:59,082 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'eventDispatcher'
18:49:00,874 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/javax.faces.resource/**'
18:49:00,874 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/services/rest-api/1.0/**'
18:49:00,875 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/preregistered/*'
18:49:00,875 DEBUG FilterChainProxy:263 - /registered/home.html at position 1 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@6db17b38'
18:49:00,875 DEBUG HttpSessionSecurityContextRepository:138 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
18:49:00,875 DEBUG HttpSessionSecurityContextRepository:84 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@222596c1. A new one will be created.
18:49:00,876 DEBUG FilterChainProxy:263 - /registered/home.html at position 2 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@5ce904c4'
18:49:00,876 DEBUG FilterChainProxy:263 - /registered/home.html at position 3 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@46380f83'
18:49:00,876 DEBUG FilterChainProxy:263 - /registered/home.html at position 4 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@a828579'
18:49:00,876 DEBUG DefaultSavedRequest:316 - pathInfo: both null (property equals)
18:49:00,877 DEBUG DefaultSavedRequest:316 - queryString: both null (property equals)
18:49:00,877 DEBUG DefaultSavedRequest:338 - requestURI: arg1=/dreamcatcher/registered/modify.html; arg2=/dreamcatcher/registered/home.html (property not equals)
18:49:00,877 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
18:49:00,877 DEBUG FilterChainProxy:263 - /registered/home.html at position 5 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@15a8cf03'
18:49:00,878 DEBUG FilterChainProxy:263 - /registered/home.html at position 6 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@72b02d64'
18:49:00,878 DEBUG FilterChainProxy:263 - /registered/home.html at position 7 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@c743b0f'
18:49:00,878 DEBUG AnonymousAuthenticationFilter:68 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@d455fe40: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 5077C62B29BDFA7654F7FFB00CB9B1C8; Granted Authorities: ROLE_ANONYMOUS'
18:49:00,879 DEBUG FilterChainProxy:263 - /registered/home.html at position 8 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@7562f00'
18:49:00,879 DEBUG FilterChainProxy:263 - /registered/home.html at position 9 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@2b27acc3'
18:49:00,879 DEBUG FilterChainProxy:263 - /registered/home.html at position 10 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@39bf4c57'
18:49:00,879 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/**/*.xhtml'
18:49:00,880 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/auth/**'
18:49:00,880 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/auth/*'
18:49:00,880 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/registered/*'
18:49:00,886 DEBUG FilterSecurityInterceptor:191 - Secure object: FilterInvocation: URL: /registered/home.html; Attributes: [ROLE_USER]
18:49:00,893 DEBUG FilterSecurityInterceptor:291 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@d455fe40: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 5077C62B29BDFA7654F7FFB00CB9B1C8; Granted Authorities: ROLE_ANONYMOUS
18:49:00,895 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.RoleVoter@2d52912f, returned: -1
18:49:00,896 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@5845807a, returned: 0
18:49:00,907 DEBUG ExceptionTranslationFilter:151 - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
      at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71)
      at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203)
      at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114)
      at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:95)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:79)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:112)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:121)
      at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
      at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:244)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:550)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:380)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:288)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
      at java.lang.Thread.run(Thread.java:680)
18:49:00,909 DEBUG HttpSessionRequestCache:41 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/dreamcatcher/registered/home.html]
18:49:00,909 DEBUG ExceptionTranslationFilter:175 - Calling Authentication entry point.
18:49:00,910 DEBUG DefaultRedirectStrategy:36 - Redirecting to 'http://localhost:8080/dreamcatcher/auth/login.html'
18:49:00,912 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed
18:49:00,944 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/javax.faces.resource/**'
18:49:00,944 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/services/rest-api/1.0/**'
18:49:00,944 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/preregistered/*'
18:49:00,945 DEBUG FilterChainProxy:263 - /auth/login.html at position 1 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@6db17b38'
18:49:00,945 DEBUG HttpSessionSecurityContextRepository:138 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
18:49:00,945 DEBUG HttpSessionSecurityContextRepository:84 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@222596c1. A new one will be created.
18:49:00,946 DEBUG FilterChainProxy:263 - /auth/login.html at position 2 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@5ce904c4'
18:49:00,946 DEBUG FilterChainProxy:263 - /auth/login.html at position 3 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@46380f83'
18:49:00,946 DEBUG FilterChainProxy:263 - /auth/login.html at position 4 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@a828579'
18:49:00,946 DEBUG DefaultSavedRequest:316 - pathInfo: both null (property equals)
18:49:00,947 DEBUG DefaultSavedRequest:316 - queryString: both null (property equals)
18:49:00,947 DEBUG DefaultSavedRequest:338 - requestURI: arg1=/dreamcatcher/registered/home.html; arg2=/dreamcatcher/auth/login.html (property not equals)
18:49:00,947 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
18:49:00,948 DEBUG FilterChainProxy:263 - /auth/login.html at position 5 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@15a8cf03'
18:49:00,948 DEBUG FilterChainProxy:263 - /auth/login.html at position 6 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@72b02d64'
18:49:00,948 DEBUG FilterChainProxy:263 - /auth/login.html at position 7 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@c743b0f'
18:49:00,949 DEBUG AnonymousAuthenticationFilter:68 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@d455fe40: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 5077C62B29BDFA7654F7FFB00CB9B1C8; Granted Authorities: ROLE_ANONYMOUS'
18:49:00,949 DEBUG FilterChainProxy:263 - /auth/login.html at position 8 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@7562f00'
18:49:00,949 DEBUG FilterChainProxy:263 - /auth/login.html at position 9 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@2b27acc3'
18:49:00,949 DEBUG FilterChainProxy:263 - /auth/login.html at position 10 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@39bf4c57'
18:49:00,950 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/**/*.xhtml'
18:49:00,950 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/auth/**'
18:49:00,950 DEBUG FilterSecurityInterceptor:191 - Secure object: FilterInvocation: URL: /auth/login.html; Attributes: [ROLE_ANONYMOUS, ROLE_USER]
18:49:00,951 DEBUG FilterSecurityInterceptor:291 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@d455fe40: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 5077C62B29BDFA7654F7FFB00CB9B1C8; Granted Authorities: ROLE_ANONYMOUS
18:49:00,951 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.RoleVoter@2d52912f, returned: 1
18:49:00,952 DEBUG FilterSecurityInterceptor:212 - Authorization successful
18:49:00,952 DEBUG FilterSecurityInterceptor:222 - RunAsManager did not change Authentication object
18:49:00,952 DEBUG FilterChainProxy:252 - /auth/login.html reached end of additional filter chain; proceeding with original chain
18:49:00,966 DEBUG DefaultListableBeanFactory:430 - Creating instance of bean 'authentication'
18:49:00,967 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.web.beans.LayoutBean com.dc.web.actions.BaseAction.layoutBean
18:49:00,968 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.web.beans.AuthenticationBean com.dc.web.actions.Authentication.authenticationBean
18:49:00,968 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.api.service.UserManager com.dc.web.actions.Authentication.userManager
18:49:00,969 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'userManager'
18:49:00,969 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.api.service.Utilities com.dc.web.actions.Authentication.utilities
18:49:00,970 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'utilities'
18:49:00,970 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.web.util.PasswordMailContentHelper com.dc.web.actions.Authentication.passwordMailContentHelper
18:49:00,971 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'passwordMailContentHelper'
18:49:00,971 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.web.util.UsernameMailContentHelper com.dc.web.actions.Authentication.usernameMailContentHelper
18:49:00,971 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'usernameMailContentHelper'
18:49:00,972 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for org.springframework.security.authentication.encoding.PasswordEncoder com.dc.web.actions.Authentication.passwordEncoder
18:49:00,972 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'passwordEncoder'
18:49:00,972 DEBUG DefaultListableBeanFactory:458 - Finished creating instance of bean 'authentication'
18:49:00,977 DEBUG DefaultListableBeanFactory:430 - Creating instance of bean 'signUpDetail'
18:49:00,978 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for com.dc.web.beans.LayoutBean com.dc.web.actions.BaseAction.layoutBean
18:49:00,979 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for private com.dc.web.beans.SignUpDetailBean com.dc.web.actions.SignUpDetail.signUpDetailBean
18:49:00,979 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for private com.dc.api.service.UserManager com.dc.web.actions.SignUpDetail.userManager
18:49:00,980 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'userManager'
18:49:00,980 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for protected org.springframework.security.authentication.AuthenticationManager com.dc.web.actions.SignUpDetail.authenticationManager
18:49:00,981 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
18:49:00,981 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for com.dc.api.service.Utilities com.dc.web.actions.SignUpDetail.utilities
18:49:00,982 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'utilities'
18:49:00,982 DEBUG DefaultListableBeanFactory:458 - Finished creating instance of bean 'signUpDetail'
18:49:01,002 DEBUG DefaultListableBeanFactory:430 - Creating instance of bean 'layout'
18:49:01,003 DEBUG InjectionMetadata:82 - Processing injected method of bean 'layout': AutowiredFieldElement for com.dc.web.beans.LayoutBean com.dc.web.actions.BaseAction.layoutBean
18:49:01,004 DEBUG InjectionMetadata:82 - Processing injected method of bean 'layout': AutowiredFieldElement for private com.dc.web.beans.LayoutBean com.dc.web.actions.Layout.layoutBean
18:49:01,004 DEBUG DefaultListableBeanFactory:458 - Finished creating instance of bean 'layout'
18:49:01,024 DEBUG ExceptionTranslationFilter:98 - Chain processed normally
18:49:01,025 DEBUG HttpSessionSecurityContextRepository:271 - SecurityContext contents are anonymous - context will not be stored in HttpSession.
18:49:01,025 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed
0
 
LVL 92

Accepted Solution

by:
objects earned 500 total points
ID: 35220500
try instead using a RememberMeAuthenticationToken
0
 

Author Comment

by:cgray1223
ID: 35220610
so I tried the below and got the below exception...I think your suggestion is correct.  thanks for helping with this!

exception:
SEVERE: org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.RememberMeAuthenticationToken
javax.faces.el.EvaluationException: org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.RememberMeAuthenticationToken
    at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)


public class SignUpDetail{
    @Inject @Named("am")
    protected AuthenticationManager authenticationManager;

    public String login(){
        if(signUpDetailBean.getEmail() != null){
            Users currentUser = userManager.getUser(signUpDetailBean.getEmail());
            authenticateUserAndSetSession(currentUser, (HttpServletRequest) FacesUtils.getExternalContext().getRequest());
            clearForm();
            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
            return "/registered/home.html";
        }else{
            clearForm();
            return "/auth/login.html";
        }

    }

    private void authenticateUserAndSetSession(Users user,
                HttpServletRequest request)
            {
         RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("matching config key value", user, user.getAuthorities());

         Authentication authenticatedUser = authenticationManager
            .authenticate(token);

          SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
}


}

Open in new window

0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 36935156
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I had a project requirement for a displaying a user workbench .This workbench would consist multiple data grids .In each grid the user will be able to see a large number of data. These data grids should allow the user to 1. Sort 2. Export the …
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question