Solved

Spring Auto login issue

Posted on 2011-03-24
16
2,973 Views
Last Modified: 2012-05-11
Hello

I'm trying to implement the below spring auto login, but my authenticationManager instance throws the below exception and is not autowired. How do I get an instance of it from Spring manually? I'm not using a spring controller, I'm using a JSF request scoped bean. I get the below exception at runtime when the container tries to autowire the authenticationManager. The requestCache comes in fine. Should I be using a method on my UserDetailsService implementation (userManager)? I don't see an appropriate method exposed by UserDetailsService that takes a UsernamePasswordAuthenticationToken objet. Any ideas? config:

config:
    <authentication-manager>
    		<authentication-provider user-service-ref="userManager">
    		        <password-encoder ref="passwordEncoder" />
    		</authentication-provider>
        </authentication-manager>

Open in new window





>Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: protected org.springframework.security.authentication.AuthenticationManager com.dc.web.actions.SignUpDetail.authenticationManager; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No unique bean of type [org.springframework.security.authentication.AuthenticationManager] is defined: expected single matching bean but found 2: [org.springframework.security.authentication.ProviderManager#0, org.springframework.security.authenticationManager]
      javax.faces.webapp.FacesServlet.service(FacesServlet.java:325)

   
 
   @Named
    @Scope("request")
    public class Signup
    {
    
        @Inject
        RequestCache requestCache;
    
        @Inject
        protected AuthenticationManager authenticationManager;
    
        public String login(){
	authenticateUserAndSetSession(utilities.getLoggedInUser(), (HttpServletRequest)        FacesUtils.getExternalContext().getRequest());
		return "/home.html";
	}
 private void authenticateUserAndSetSession(Users user,
		        HttpServletRequest request)
		    {
		        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
		                user.getUsername(), user.getPassword());

		        // generate session if one doesn't exist
		        request.getSession();

		        token.setDetails(new WebAuthenticationDetails(request));
		       Authentication authenticatedUser = authenticationManager.authenticate(token);

		        SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
		    }

    }

Open in new window

0
Comment
Question by:cgray1223
16 Comments
 
LVL 47

Expert Comment

by:for_yan
ID: 35205968
Should not you obtain instance of AuthenticationManager from ApplicationSecurityManager using the
DeafualtApplicationSecurityManager (which has construtors)
and using the method getAuthenticationManager() ?
0
 
LVL 92

Expert Comment

by:objects
ID: 35212251
you appear to have two AuthenticationManagers wired up
can you post all your security config
0
 

Author Comment

by:cgray1223
ID: 35212477
I got a lot further...I got passed that issue.  I'm able to authenticate the user as I get an Authentication object with a valid user principal object but when I send the user to /registered/home.html.  That page gets intercepted and I get redirected to the user page like I'm not authenticated.  I guess the SecurityContextHolder.getContext().setAuthentication(auth); doesn't save properly in the users session.  Any ideas?
@Named
    @Scope("request")
    public class SignUpDetail extends BaseAction{
        @Inject
        private SignUpDetailBean signUpDetailBean;
        @Inject
        private UserManager userManager;
        @Inject @Named("am")
        protected AuthenticationManager authenticationManager;

        public String login(){
            if(signUpDetailBean.getEmail() != null){
                Users currentUser = userManager.getUser(signUpDetailBean.getEmail());
                authenticateUserAndSetSession(currentUser, (HttpServletRequest) FacesUtils.getExternalContext().getRequest());

                return "/registered/home.html";
            }else{

                return "/auth/login.html";
            }

        }

     private void authenticateUserAndSetSession(Users user,
                    HttpServletRequest request)
                {
             UserDetails details = userManager.loadUserByUsername(user.getUsername());
             UsernamePasswordAuthenticationToken usernameAndPassword = 
                 new UsernamePasswordAuthenticationToken(
                     user.getUsername(), "pwd", details.getAuthorities());

             // Authenticate, just to be sure
             Authentication auth = authenticationManager.authenticate(usernameAndPassword);

             // Place the new Authentication object in the security context.
             SecurityContextHolder.getContext().setAuthentication(auth);
        }

<context:annotation-config />
    <context:component-scan base-package="dc" />
    <global-method-security />
    <http security="none" pattern="/javax.faces.resource/**" />
    <http security="none" pattern="/services/rest-api/1.0/**" />
    <http security="none" pattern="/preregistered/*" />
    <http access-denied-page="/auth/denied.html">
        <intercept-url
            pattern="/**/*.xhtml"
            access="ROLE_NONE_GETS_ACCESS" />
        <intercept-url
            pattern="/auth/**"
            access="ROLE_ANONYMOUS,ROLE_USER" />
         <intercept-url
            pattern="/auth/*"
            access="ROLE_ANONYMOUS" />
         <intercept-url
            pattern="/registered/*"
            access="ROLE_USER" />
          <intercept-url
            pattern="/*"
           access="ROLE_ANONYMOUS" />
        <form-login
            login-processing-url="/j_spring_security_check.html"
            login-page="/auth/login.html"
            default-target-url="/registered/home.html"
            authentication-failure-url="/auth/login.html" />
         <logout invalidate-session="true" 
              logout-success-url="/" 
              logout-url="/auth/logout.html"/>
        <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
        <remember-me user-service-ref="userManager" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
    </http>
    <!-- Configure the authentication provider -->
    <authentication-manager alias="am">
        <authentication-provider user-service-ref="userManager">
                <password-encoder ref="passwordEncoder" />
        </authentication-provider>
    </authentication-manager>

Open in new window

0
 
LVL 92

Expert Comment

by:objects
ID: 35212496
enable debug logging for the security package to get a better idea whats happening
0
 
LVL 92

Expert Comment

by:objects
ID: 35212502
what page are getting redirected to?
Is the role set correctly for the user?
0
 

Author Comment

by:cgray1223
ID: 35212509
i get sent to the auth/login.html page which is the page i have configured at login.  Basically im trying to auto login after the user fills out the registration form.  The flow use to be just send them to auth/login.html and they would login and its fine.  Now auto auths them and does attempt to send to registered/home.html and that url does have a user_role requirement but that role is associated to that user prior to the redirect.  I can see it in the debugger.
0
 
LVL 92

Expert Comment

by:objects
ID: 35212514
debug logging will show you why its being redirected there
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:cgray1223
ID: 35212520
how is that enabled?
0
 
LVL 92

Expert Comment

by:objects
ID: 35212522
in your log4j config
0
 

Author Comment

by:cgray1223
ID: 35212721
thanks, I got more info now.  It looks like Spring doesn't recognize my Authentication as being associated to ROLE_USER.  I trace the code in the debugger and it does call my getAuthorities method of my UserDetails implementation.  I attached a picture of my debugger view.  So somehow its not saving.  I looked at the SecurityContext context = SecurityContextHolder.getContext(); at the very end and it does have the ROLE_USER so somehow its not getting associated to my HttpSession.

0:51:23,066 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/registered/*'
20:51:23,067 DEBUG FilterSecurityInterceptor:191 - Secure object: FilterInvocation: URL: /registered/home.html; Attributes: [ROLE_USER]
20:51:23,067 DEBUG FilterSecurityInterceptor:291 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@2ba823d0: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffdaa08: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 1808E4A5E551B6643C4DA801CBD94C21; Granted Authorities: ROLE_ANONYMOUS
20:51:23,067 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.RoleVoter@e49f9fa, returned: -1
20:51:23,067 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@3aa09a08, returned: 0
20:51:23,068 DEBUG ExceptionTranslationFilter:151 - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
      at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71)
Screen-shot-2011-03-24-at-9.00.0.png
0
 
LVL 92

Expert Comment

by:objects
ID: 35219637
looks to have authenticated you as an anonymous user
check further up the log where the authentication takes place
0
 

Author Comment

by:cgray1223
ID: 35220450
below is my entire log from when I click the signup button on signup.html that maps to my backing bean method (request scope) that has the code to store a UsernamePasswordAuthenticationToken in the SecurityContext and then sends the user to registered/home.html.  I have Authentication auth = SecurityContextHolder.getContext().getAuthentication(); right before I send the user to registered/home.html and it has a user principal and a valid user role.  You see anything?  



18:48:59,063 DEBUG ProviderManager:130 - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
18:48:59,063 DEBUG SharedEntityManagerCreator$SharedEntityManagerInvocationHandler:231 - Creating new EntityManager for shared EntityManager invocation
18:48:59,064 DEBUG DriverManagerDataSource:162 - Creating new JDBC DriverManager Connection to [jdbc:mysql://localhost:3306/dreamcatcher]
Hibernate: select users0_.ID as ID3_, users0_.BEGIN_EFFECTIVE_DATE as BEGIN2_3_, users0_.BIRTH_YEAR as BIRTH3_3_, users0_.BOOKMARKLET_LAST_USED_DATE as BOOKMARK4_3_, users0_.CITY as CITY3_, users0_.CREATION_DATE as CREATION6_3_, users0_.EMAIL as EMAIL3_, users0_.EMAIL_NOTIFICATION as EMAIL8_3_, users0_.END_EFFECTIVE_DATE as END9_3_, users0_.FAILED_LOGIN_ATTEMPTS as FAILED10_3_, users0_.FIRST_NAME as FIRST11_3_, users0_.GENDER as GENDER3_, users0_.GROUP_EMAIL_NOTIFICATION as GROUP13_3_, users0_.LAST_LOGIN_DATE as LAST14_3_, users0_.LAST_NAME as LAST15_3_, users0_.MOBILE_LAST_USED_DATE as MOBILE16_3_, users0_.PASSWORD as PASSWORD3_, users0_.SCREENSAVER_LAST_USED_DATE as SCREENS18_3_, users0_.STATE as STATE3_, users0_.STATUS as STATUS3_, users0_.STREET_ADDRESS as STREET21_3_, users0_.TYPE as TYPE3_, users0_.SITE_USAGE as SITE23_3_, users0_.USER_NAME as USER24_3_, users0_.ZIPCODE as ZIPCODE3_ from USER users0_ where users0_.USER_NAME=upper(?)
18:48:59,080 DEBUG EntityManagerFactoryUtils:328 - Closing JPA EntityManager
18:48:59,082 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'eventDispatcher'
18:49:00,874 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/javax.faces.resource/**'
18:49:00,874 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/services/rest-api/1.0/**'
18:49:00,875 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/preregistered/*'
18:49:00,875 DEBUG FilterChainProxy:263 - /registered/home.html at position 1 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@6db17b38'
18:49:00,875 DEBUG HttpSessionSecurityContextRepository:138 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
18:49:00,875 DEBUG HttpSessionSecurityContextRepository:84 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@222596c1. A new one will be created.
18:49:00,876 DEBUG FilterChainProxy:263 - /registered/home.html at position 2 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@5ce904c4'
18:49:00,876 DEBUG FilterChainProxy:263 - /registered/home.html at position 3 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@46380f83'
18:49:00,876 DEBUG FilterChainProxy:263 - /registered/home.html at position 4 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@a828579'
18:49:00,876 DEBUG DefaultSavedRequest:316 - pathInfo: both null (property equals)
18:49:00,877 DEBUG DefaultSavedRequest:316 - queryString: both null (property equals)
18:49:00,877 DEBUG DefaultSavedRequest:338 - requestURI: arg1=/dreamcatcher/registered/modify.html; arg2=/dreamcatcher/registered/home.html (property not equals)
18:49:00,877 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
18:49:00,877 DEBUG FilterChainProxy:263 - /registered/home.html at position 5 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@15a8cf03'
18:49:00,878 DEBUG FilterChainProxy:263 - /registered/home.html at position 6 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@72b02d64'
18:49:00,878 DEBUG FilterChainProxy:263 - /registered/home.html at position 7 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@c743b0f'
18:49:00,878 DEBUG AnonymousAuthenticationFilter:68 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@d455fe40: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 5077C62B29BDFA7654F7FFB00CB9B1C8; Granted Authorities: ROLE_ANONYMOUS'
18:49:00,879 DEBUG FilterChainProxy:263 - /registered/home.html at position 8 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@7562f00'
18:49:00,879 DEBUG FilterChainProxy:263 - /registered/home.html at position 9 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@2b27acc3'
18:49:00,879 DEBUG FilterChainProxy:263 - /registered/home.html at position 10 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@39bf4c57'
18:49:00,879 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/**/*.xhtml'
18:49:00,880 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/auth/**'
18:49:00,880 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/auth/*'
18:49:00,880 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/registered/*'
18:49:00,886 DEBUG FilterSecurityInterceptor:191 - Secure object: FilterInvocation: URL: /registered/home.html; Attributes: [ROLE_USER]
18:49:00,893 DEBUG FilterSecurityInterceptor:291 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@d455fe40: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 5077C62B29BDFA7654F7FFB00CB9B1C8; Granted Authorities: ROLE_ANONYMOUS
18:49:00,895 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.RoleVoter@2d52912f, returned: -1
18:49:00,896 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@5845807a, returned: 0
18:49:00,907 DEBUG ExceptionTranslationFilter:151 - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
      at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71)
      at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203)
      at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114)
      at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:95)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:79)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:112)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
      at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:121)
      at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
      at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:244)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:550)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:380)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:288)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
      at java.lang.Thread.run(Thread.java:680)
18:49:00,909 DEBUG HttpSessionRequestCache:41 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/dreamcatcher/registered/home.html]
18:49:00,909 DEBUG ExceptionTranslationFilter:175 - Calling Authentication entry point.
18:49:00,910 DEBUG DefaultRedirectStrategy:36 - Redirecting to 'http://localhost:8080/dreamcatcher/auth/login.html'
18:49:00,912 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed
18:49:00,944 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/javax.faces.resource/**'
18:49:00,944 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/services/rest-api/1.0/**'
18:49:00,944 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/preregistered/*'
18:49:00,945 DEBUG FilterChainProxy:263 - /auth/login.html at position 1 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@6db17b38'
18:49:00,945 DEBUG HttpSessionSecurityContextRepository:138 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
18:49:00,945 DEBUG HttpSessionSecurityContextRepository:84 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@222596c1. A new one will be created.
18:49:00,946 DEBUG FilterChainProxy:263 - /auth/login.html at position 2 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@5ce904c4'
18:49:00,946 DEBUG FilterChainProxy:263 - /auth/login.html at position 3 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@46380f83'
18:49:00,946 DEBUG FilterChainProxy:263 - /auth/login.html at position 4 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@a828579'
18:49:00,946 DEBUG DefaultSavedRequest:316 - pathInfo: both null (property equals)
18:49:00,947 DEBUG DefaultSavedRequest:316 - queryString: both null (property equals)
18:49:00,947 DEBUG DefaultSavedRequest:338 - requestURI: arg1=/dreamcatcher/registered/home.html; arg2=/dreamcatcher/auth/login.html (property not equals)
18:49:00,947 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
18:49:00,948 DEBUG FilterChainProxy:263 - /auth/login.html at position 5 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@15a8cf03'
18:49:00,948 DEBUG FilterChainProxy:263 - /auth/login.html at position 6 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@72b02d64'
18:49:00,948 DEBUG FilterChainProxy:263 - /auth/login.html at position 7 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@c743b0f'
18:49:00,949 DEBUG AnonymousAuthenticationFilter:68 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@d455fe40: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 5077C62B29BDFA7654F7FFB00CB9B1C8; Granted Authorities: ROLE_ANONYMOUS'
18:49:00,949 DEBUG FilterChainProxy:263 - /auth/login.html at position 8 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@7562f00'
18:49:00,949 DEBUG FilterChainProxy:263 - /auth/login.html at position 9 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@2b27acc3'
18:49:00,949 DEBUG FilterChainProxy:263 - /auth/login.html at position 10 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@39bf4c57'
18:49:00,950 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/**/*.xhtml'
18:49:00,950 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/auth/**'
18:49:00,950 DEBUG FilterSecurityInterceptor:191 - Secure object: FilterInvocation: URL: /auth/login.html; Attributes: [ROLE_ANONYMOUS, ROLE_USER]
18:49:00,951 DEBUG FilterSecurityInterceptor:291 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@d455fe40: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 5077C62B29BDFA7654F7FFB00CB9B1C8; Granted Authorities: ROLE_ANONYMOUS
18:49:00,951 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.RoleVoter@2d52912f, returned: 1
18:49:00,952 DEBUG FilterSecurityInterceptor:212 - Authorization successful
18:49:00,952 DEBUG FilterSecurityInterceptor:222 - RunAsManager did not change Authentication object
18:49:00,952 DEBUG FilterChainProxy:252 - /auth/login.html reached end of additional filter chain; proceeding with original chain
18:49:00,966 DEBUG DefaultListableBeanFactory:430 - Creating instance of bean 'authentication'
18:49:00,967 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.web.beans.LayoutBean com.dc.web.actions.BaseAction.layoutBean
18:49:00,968 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.web.beans.AuthenticationBean com.dc.web.actions.Authentication.authenticationBean
18:49:00,968 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.api.service.UserManager com.dc.web.actions.Authentication.userManager
18:49:00,969 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'userManager'
18:49:00,969 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.api.service.Utilities com.dc.web.actions.Authentication.utilities
18:49:00,970 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'utilities'
18:49:00,970 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.web.util.PasswordMailContentHelper com.dc.web.actions.Authentication.passwordMailContentHelper
18:49:00,971 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'passwordMailContentHelper'
18:49:00,971 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.web.util.UsernameMailContentHelper com.dc.web.actions.Authentication.usernameMailContentHelper
18:49:00,971 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'usernameMailContentHelper'
18:49:00,972 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for org.springframework.security.authentication.encoding.PasswordEncoder com.dc.web.actions.Authentication.passwordEncoder
18:49:00,972 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'passwordEncoder'
18:49:00,972 DEBUG DefaultListableBeanFactory:458 - Finished creating instance of bean 'authentication'
18:49:00,977 DEBUG DefaultListableBeanFactory:430 - Creating instance of bean 'signUpDetail'
18:49:00,978 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for com.dc.web.beans.LayoutBean com.dc.web.actions.BaseAction.layoutBean
18:49:00,979 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for private com.dc.web.beans.SignUpDetailBean com.dc.web.actions.SignUpDetail.signUpDetailBean
18:49:00,979 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for private com.dc.api.service.UserManager com.dc.web.actions.SignUpDetail.userManager
18:49:00,980 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'userManager'
18:49:00,980 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for protected org.springframework.security.authentication.AuthenticationManager com.dc.web.actions.SignUpDetail.authenticationManager
18:49:00,981 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
18:49:00,981 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for com.dc.api.service.Utilities com.dc.web.actions.SignUpDetail.utilities
18:49:00,982 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'utilities'
18:49:00,982 DEBUG DefaultListableBeanFactory:458 - Finished creating instance of bean 'signUpDetail'
18:49:01,002 DEBUG DefaultListableBeanFactory:430 - Creating instance of bean 'layout'
18:49:01,003 DEBUG InjectionMetadata:82 - Processing injected method of bean 'layout': AutowiredFieldElement for com.dc.web.beans.LayoutBean com.dc.web.actions.BaseAction.layoutBean
18:49:01,004 DEBUG InjectionMetadata:82 - Processing injected method of bean 'layout': AutowiredFieldElement for private com.dc.web.beans.LayoutBean com.dc.web.actions.Layout.layoutBean
18:49:01,004 DEBUG DefaultListableBeanFactory:458 - Finished creating instance of bean 'layout'
18:49:01,024 DEBUG ExceptionTranslationFilter:98 - Chain processed normally
18:49:01,025 DEBUG HttpSessionSecurityContextRepository:271 - SecurityContext contents are anonymous - context will not be stored in HttpSession.
18:49:01,025 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed
0
 
LVL 92

Accepted Solution

by:
objects earned 500 total points
ID: 35220500
try instead using a RememberMeAuthenticationToken
0
 

Author Comment

by:cgray1223
ID: 35220610
so I tried the below and got the below exception...I think your suggestion is correct.  thanks for helping with this!

exception:
SEVERE: org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.RememberMeAuthenticationToken
javax.faces.el.EvaluationException: org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.RememberMeAuthenticationToken
    at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)


public class SignUpDetail{
    @Inject @Named("am")
    protected AuthenticationManager authenticationManager;

    public String login(){
        if(signUpDetailBean.getEmail() != null){
            Users currentUser = userManager.getUser(signUpDetailBean.getEmail());
            authenticateUserAndSetSession(currentUser, (HttpServletRequest) FacesUtils.getExternalContext().getRequest());
            clearForm();
            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
            return "/registered/home.html";
        }else{
            clearForm();
            return "/auth/login.html";
        }

    }

    private void authenticateUserAndSetSession(Users user,
                HttpServletRequest request)
            {
         RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("matching config key value", user, user.getAuthorities());

         Authentication authenticatedUser = authenticationManager
            .authenticate(token);

          SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
}


}

Open in new window

0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 36935156
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
array11 challenge 16 52
json format text only 4 65
firstChar challenge 13 86
Non-recursive backtracking, using a stack 1 52
By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
Are you developing a Java application and want to create Excel Spreadsheets? You have come to the right place, this article will describe how you can create Excel Spreadsheets from a Java Application. For the purposes of this article, I will be u…
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now