spring-operator
commented
16 years ago robin bajaj commented
I just tested this issue with latest spring security jars (v2.0.3) and its still reproducible. -robin
Closed spring-operator closed 1 day ago
spring-operator
commented
16 years ago robin bajaj commented
I just tested this issue with latest spring security jars (v2.0.3) and its still reproducible. -robin
spring-operator
commented
16 years ago robin bajaj commented
========== HERE's the FULL EXCEPTION TRACE ======
[16/07/08 10:52:08:611 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,611 [WebContainer : 1] DEBUG FilterChainProxy - Converted URL to lowercase, from: '/spring/newbusiness'; to: '/spring/newbusiness' [16/07/08 10:52:08:611 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,611 [WebContainer : 1] DEBUG FilterChainProxy - Candidate is: '/spring/newbusiness'; pattern is /*; matched=true [16/07/08 10:52:08:611 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,611 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain - /spring/newBusiness at position 1 of 6 in additional filter chain; firing Filter: 'org.springframework.security.context.HttpSessionContextIntegrationFilter[ order=200; ]' [16/07/08 10:52:08:621 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,611 [WebContainer : 1] DEBUG HttpSessionContextIntegrationFilter - No HttpSession currently exists [16/07/08 10:52:08:621 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,621 [WebContainer : 1] DEBUG HttpSessionContextIntegrationFilter - New SecurityContext instance will be associated with SecurityContextHolder [16/07/08 10:52:08:621 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,621 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain - /spring/newBusiness at position 2 of 6 in additional filter chain; firing Filter: 'org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter[ order=500; ]' [16/07/08 10:52:08:621 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,621 [WebContainer : 1] DEBUG AbstractPreAuthenticatedProcessingFilter - Checking secure context token: null [16/07/08 10:52:08:621 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,621 [WebContainer : 1] DEBUG AbstractPreAuthenticatedProcessingFilter - preAuthenticatedPrincipal = super, trying to authenticate [16/07/08 10:52:08:631 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,621 [WebContainer : 1] DEBUG ProviderManager - Authentication attempt using org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider [16/07/08 10:52:08:631 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,631 [WebContainer : 1] DEBUG PreAuthenticatedAuthenticationProvider - PreAuthenticated authentication request: org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken@9561: Principal: super; Password: [PROTECTED]; Authenticated: false; Details: org.springframework.security.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities [16/07/08 10:52:08:631 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,631 [WebContainer : 1] DEBUG AbstractPreAuthenticatedProcessingFilter - Authentication success: org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken@ae9d5b10: Principal: org.springframework.security.userdetails.User@1f60800: Username: super; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_SUPERVISOR [16/07/08 10:52:08:631 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,631 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain - /spring/newBusiness at position 3 of 6 in additional filter chain; firing Filter: 'org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter[ order=1100; ]' [16/07/08 10:52:08:631 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,631 [WebContainer : 1] DEBUG SavedRequestAwareWrapper - Wrapper not replaced; no session available for SavedRequest extraction [16/07/08 10:52:08:641 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,631 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain - /spring/newBusiness at position 4 of 6 in additional filter chain; firing Filter: 'org.springframework.security.ui.ExceptionTranslationFilter[ order=1400; ]' [16/07/08 10:52:08:641 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,641 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain - /spring/newBusiness at position 5 of 6 in additional filter chain; firing Filter: 'org.springframework.security.ui.SessionFixationProtectionFilter[ order=1600; ]' [16/07/08 10:52:08:641 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,641 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain - /spring/newBusiness at position 6 of 6 in additional filter chain; firing Filter: 'org.springframework.security.intercept.web.FilterSecurityInterceptor@317a317a' [16/07/08 10:52:08:661 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,641 [WebContainer : 1] DEBUG DefaultFilterInvocationDefinitionSource - Converted URL to lowercase, from: '/spring/newbusiness'; to: '/spring/newbusiness' [16/07/08 10:52:08:671 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,661 [WebContainer : 1] DEBUG DefaultFilterInvocationDefinitionSource - Candidate is: '/spring/newbusiness'; pattern is /secure/extreme/*; matched=false [16/07/08 10:52:08:671 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,671 [WebContainer : 1] DEBUG DefaultFilterInvocationDefinitionSource - Candidate is: '/spring/newbusiness'; pattern is /secure/*; matched=false [16/07/08 10:52:08:671 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,671 [WebContainer : 1] DEBUG DefaultFilterInvocationDefinitionSource - Candidate is: '/spring/newbusiness'; pattern is /faces/policysearch; matched=false [16/07/08 10:52:08:681 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,671 [WebContainer : 1] DEBUG DefaultFilterInvocationDefinitionSource - Candidate is: '/spring/newbusiness'; pattern is /spring/*; matched=true [16/07/08 10:52:08:681 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,681 [WebContainer : 1] DEBUG AbstractSecurityInterceptor - Secure object: FilterInvocation: URL: /spring/newBusiness; ConfigAttributes: [ROLE_SUPERVISOR, ROLE_USER] [16/07/08 10:52:08:681 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,681 [WebContainer : 1] DEBUG AbstractSecurityInterceptor - Previously Authenticated: org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken@ae9d5b10: Principal: org.springframework.security.userdetails.User@1f60800: Username: super; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_SUPERVISOR [16/07/08 10:52:08:681 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,681 [WebContainer : 1] DEBUG AbstractSecurityInterceptor - Authorization successful [16/07/08 10:52:08:691 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,681 [WebContainer : 1] DEBUG AbstractSecurityInterceptor - RunAsManager did not change Authentication object [16/07/08 10:52:08:691 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,691 [WebContainer : 1] DEBUG FilterChainProxy$VirtualFilterChain - /spring/newBusiness reached end of additional filter chain; proceeding with original chain [16/07/08 10:52:08:691 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,691 [WebContainer : 1] DEBUG HttpSessionContextIntegrationFilter - HttpSession being created as SecurityContextHolder contents are non-default [16/07/08 10:52:08:701 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,691 [WebContainer : 1] DEBUG HttpSessionContextIntegrationFilter - SecurityContext stored to HttpSession: 'org.springframework.security.context.SecurityContextImpl@ae9d5b10: Authentication: org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken@ae9d5b10: Principal: org.springframework.security.userdetails.User@1f60800: Username: super; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_SUPERVISOR' [16/07/08 10:52:08:701 EDT] 0000002a WebApp E [Servlet Error]-[Spring MVC Dispatcher Servlet]: com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method is not defined in RFC 2068 and is not supported by the Servlet API at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext.java:538) at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendError(SRTServletResponse.java:968) at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:152) at org.springframework.security.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendError(HttpSessionContextIntegrationFilter.java:498) at javax.servlet.http.HttpServlet.service(HttpServlet.java:788) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1068) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1009) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:359) at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109) at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371) at org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:52) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371) at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371) at org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371) at org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter.doFilterHttp(AbstractPreAuthenticatedProcessingFilter.java:60) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371) at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371) at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:174) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130) at com.ing.canada.cl.clfleets.filter.MockAuthFilter.doFilter(MockAuthFilter.java:90) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130) at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:771) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:679) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:539) at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478) at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3357) at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:267) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811) at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1455) at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:115) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:383) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:263) at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214) at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113) at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165) at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136) at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195) at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743) at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)
[16/07/08 10:52:08:992 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,992 [WebContainer : 1] DEBUG ExceptionTranslationFilter - Chain processed normally [16/07/08 10:52:08:992 EDT] 0000002a SystemOut O 2008-07-16 10:52:08,992 [WebContainer : 1] DEBUG HttpSessionContextIntegrationFilter - SecurityContextHolder now cleared, as request processing completed
spring-operator
commented
16 years ago robin bajaj commented
================= Here's how my springSecurityContext.xml looks like ====================
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<global-method-security secured-annotations="enabled">
</global-method-security>
<http
entry-point-ref="preAuthenticatedProcessingFilterEntryPoint">
<intercept-url pattern="/secure/extreme/*"
access="ROLE_SUPERVISOR" />
<intercept-url pattern="/secure/*"
access="ROLE_SUPERVISOR,ROLE_USER" />
<intercept-url pattern="/faces/policysearch*"
access="ROLE_SUPERVISOR,ROLE_USER" />
<intercept-url pattern="/spring/*"
access="ROLE_SUPERVISOR,ROLE_USER" />
</http>
<beans:bean id="preAuthenticatedProcessingFilterEntryPoint"
class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" />
<beans:bean id="preAuthenticatedProcessingFilter"
class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">
<custom-filter position="PRE_AUTH_FILTER" />
<beans:property name="principalRequestHeader" value="iv-user" />
<beans:property name="credentialsRequestHeader"
value="iv-password" />
<beans:property name="authenticationManager"
ref="authenticationManager" />
</beans:bean>
<authentication-manager alias="authenticationManager" />
<beans:bean id="preauthAuthProvider"
class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
<custom-authentication-provider />
<beans:property name="preAuthenticatedUserDetailsService">
<beans:bean id="userDetailsServiceWrapper"
class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
<beans:property name="userDetailsService"
ref="userDetailsService" />
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="userDetailsService"
class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
<beans:property name="userProperties">
<beans:bean
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<beans:property name="location"
value="/WEB-INF/users.properties" />
</beans:bean>
</beans:property>
</beans:bean></beans:beans>
======================== Here's how my webflow-config.xml looks like ======================
\<?xml version="1.0" encoding="UTF-8"?>
\<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:webflow="http://www.springframework.org/schema/webflow-config" xmlns:faces="http://www.springframework.org/schema/faces" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/webflow-config http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd http://www.springframework.org/schema/faces http://www.springframework.org/schema/faces/spring-faces-2.0.xsd">
<!-- Executes flows: the central entry point into the Spring Web Flow system -->
<webflow:flow-executor id="flowExecutor">
<webflow:flow-execution-listeners>
<webflow:listener ref="securityFlowExecutionListener" />
<webflow:listener ref="hibernateFlowExecutionListener" />
</webflow:flow-execution-listeners>
</webflow:flow-executor>
<bean id="hibernateFlowExecutionListener"
class="org.springframework.webflow.persistence.HibernateFlowExecutionListener">
<constructor-arg ref="sessionFactory" />
<constructor-arg ref="txManager" />
</bean>
<!-- The registry of executable flow definitions -->
<webflow:flow-registry id="flowRegistry"
flow-builder-services="facesFlowBuilderServices">
<webflow:flow-location path="/WEB-INF/flows/policy/policy.xml" />
<webflow:flow-location path="/WEB-INF/flows/addRisk/addRisk.xml" />
<webflow:flow-location path="/WEB-INF/flows/newBusiness/newBusinessSubFlow.xml" />
</webflow:flow-registry>
<!-- Configures the Spring Web Flow JSF integration -->
<faces:flow-builder-services id="facesFlowBuilderServices" />
<!-- Installs a listener to apply Spring Security authorities -->
<bean id="securityFlowExecutionListener"
class="org.springframework.webflow.security.SecurityFlowExecutionListener" />\
=====================Here's my policy.xml (for my first webflow) ==================================
\<?xml version="1.0" encoding="UTF-8"?>
\<flow xmlns="http://www.springframework.org/schema/webflow" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
<var name="searchCriteria"
class="com.ing.canada.cl.clfleets.service.PolicySearchCriteria" />
<view-state id="policySearch">
<transition on="newBusiness" to="newBusiness"></transition>
</view-state>
<view-state id="viewPolicy" view="policySearch.xhtml">
<on-render>
<evaluate expression="policyManager.findAllPolicies()"
result="viewScope.searchResults" result-type="dataModel" />
</on-render>
<transition on="selectPolicy" to="viewPolicy">
<set name="flowScope.selectedPolicy"
value="searchResults.selectedRow" />
</transition>
<transition on="savePolicy" to="viewPolicy">
<evaluate
expression="policyManager.mergePolicy(flowScope.selectedPolicy)">
</evaluate>
<render fragments="viewPolicy:selectedPolicyFragment" />
</transition>
<transition on="addRisk" to="attachRisk" />
<transition on="newBusiness" to="newBusiness" />
</view-state>
<subflow-state id="newBusiness" subflow="newBusinessSubFlow">
<transition on="newBusinessVisited" to="policySearch" />
<transition on="newBusinessAdded" to="policySearch" />
</subflow-state>
<subflow-state id="attachRisk" subflow="addRisk">
<input name="policy" value="flowScope.selectedPolicy" />
<transition on="riskAdded" to="viewPolicy" />
<transition on="riskAddCancelled" to="viewPolicy" />
</subflow-state>
<global-transitions>
<transition on="search" to="viewPolicy">
<set name="flowScope.selectedPolicy" value="null" />
</transition>
<transition on="reset" to="policySearch">
<evaluate expression="searchCriteria.resetPage()" />
<set name="flowScope.selectedPolicy" value="null" />
</transition>
</global-transitions>\
=====================WEBMVC-CONFIG.XML================================
\<?xml version="1.0" encoding="UTF-8"?>
\<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
<!-- Maps request URIs to controllers -->
<bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<value>
/policy=flowController
</value>
</property>
<property name="defaultHandler">
<!-- Selects view names to render based on the request URI: e.g. /main selects "main" -->
<bean class="org.springframework.web.servlet.mvc.UrlFilenameViewController" />
</property>
</bean>
<!-- Handles requests mapped to the Spring Web Flow system -->
<bean id="flowController" class="org.springframework.webflow.mvc.servlet.FlowController">
<property name="flowExecutor" ref="flowExecutor"/>
</bean>
<!-- Maps logical view names to Facelet templates (e.g. 'search' to '/WEB-INF/search.xhtml' -->
<bean id="faceletsViewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass" value="org.springframework.faces.mvc.JsfView"/>
<property name="prefix" value="/WEB-INF/" />
<property name="suffix" value=".xhtml" />
</bean>\ ============================my HOME PAGE (only unsecured page in the application) ================================== \ \
Welcome to Home Page. Everyone has Access to this page. \\Secure page\ \
\<a href="spring/policy"">Policy WorkFlow Page\ \ \ ================================ My first page for the Policy flow ====================== \<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> \<ui:composition xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:sf="http://www.springframework.org/tags/faces" template="/WEB-INF/layouts/standard.xhtml">
<ui:define name="sidebar">
<ui:fragment id="sidbarFragment">
<h:form id="sidebarForm">
<div id="navcontainer">
<ul id="navlist">
<li><a href="#">Search Policy</a></li>
<li><a href="#">Transactions</a></li>
<li><h:commandLink id="newBusinessLink" value="New Business" action="newBusiness" /></li>
</ul>
</div>
</h:form>
</ui:fragment>
</ui:define>
<ui:define name="content">
<ui:fragment id="policySearchFragment">
<div id="policySearch" class="section">
<span class="errors"><h:messages globalOnly="true" /> </span>
<span style="background-color: #3E69FF"><h2>Search Policies</h2></span>
<h:form id="mainForm">
<fieldset>
<div class="field">
<div class="label"><h:outputLabel for="searchString">Policy Number:</h:outputLabel>
</div>
<div class="input"><sf:clientTextValidator
promptMessage="Enter Policy Number">
<h:inputText id="searchString"
value="#{searchCriteria.policyNumber}" />
</sf:clientTextValidator></div>
</div>
<div class="field">
<div class="label"><h:outputLabel for="pageSize">Eeffective Date:</h:outputLabel>
</div>
<sf:clientDateValidator required="true">
<h:inputText id="effectiveDate"
value="#{searchCriteria.effectiveDate}" required="true">
<f:convertDateTime pattern="yyyy-MM-dd" timeZone="EST" />
</h:inputText>
</sf:clientDateValidator></div>
<div class="buttonGroup"><sf:validateAllOnClick>
<sf:commandButton id="search" action="search" processIds="*"
value="Search" />
</sf:validateAllOnClick>   <sf:commandButton id="reset" value="Reset" action="reset" />
</div>
</fieldset>
</h:form></div>
</ui:fragment>
<ui:fragment id="resultsFragment">
<div id="resultsSection" class="section"><h:form
id="searchResultsForm">
<h:outputText value="No Policies Found"
rendered="#{searchResults.rowCount == 0}" />
<h:dataTable id="policies" styleClass="summary"
value="#{searchResults}" var="policy"
rendered="#{searchResults.rowCount > 0}">
<h:column>
<f:facet name="header">x</f:facet>
<h:commandLink id="viewPolicyLink" value="Details"
action="selectPolicy" />
</h:column>
<h:column>
<f:facet name="header">Expiry Date</f:facet>
<h:outputText id="textExpiryDate" value="#{policy.expiryDate}"
styleClass="outputText">
<f:convertDateTime pattern="yyyy-MM-dd" timeZone="EST" />
</h:outputText>
</h:column>
<h:column>
<f:facet name="header">opcf211</f:facet>
<h:selectBooleanCheckbox id="opcf211" disabled="true"
value="#{policy.OPCF21}">
</h:selectBooleanCheckbox>
</h:column>
<h:column>
<f:facet name="header">SEF</f:facet>
<h:selectBooleanCheckbox id="opcf211" disabled="true"
value="#{policy.SEF}" styleClass="selectBooleanCheckbox">
</h:selectBooleanCheckbox>
</h:column>
<h:column>
<f:facet name="header">Effective Date</f:facet>
#{policy.effectiveDate}
</h:column>
<h:column>
<f:facet name="header">Broker Commision</f:facet>
#{policy.brokerCommision}
</h:column>
</h:dataTable>
</h:form></div>
</ui:fragment>
<ui:fragment id="selectedPolicyFragment">
<div id="selectedPolicyDiv" class="section"><h:form
id="selectedPolicyForm">
<h:outputText id="textExpiryDate" value="Here it is: !!!"
rendered="#{not empty selectedPolicy}" styleClass="outputText" />
<h:panelGrid id="policyInfo" columns="3">
<h:panelGrid id="policyDetail" columns="3"
rendered="#{not empty selectedPolicy}">
<h:outputLabel styleClass="outputLabel" id="label1"
for="expiryDate">
<h:outputText id="text1" value="expiryDate"></h:outputText>
</h:outputLabel>
<sf:clientDateValidator required="true">
<h:inputText id="expiryDate" value="#{selectedPolicy.expiryDate}"
required="true">
<f:convertDateTime pattern="yyyy-MM-dd" timeZone="EST" />
</h:inputText>
</sf:clientDateValidator>
<h:message for="expiryDate" />
<h:outputLabel styleClass="outputLabel" id="label2" for="opcf211">
<h:outputText id="text17" value="OPCF21"></h:outputText>
</h:outputLabel>
<h:selectBooleanCheckbox id="opcf211"
value="#{selectedPolicy.OPCF21}"
styleClass="selectBooleanCheckbox">
</h:selectBooleanCheckbox>
<h:message for="opcf211"></h:message>
<h:outputLabel styleClass="outputLabel" id="label3" for="sef1">
<h:outputText id="text18" value="SEF"></h:outputText>
</h:outputLabel>
<h:selectBooleanCheckbox id="sef1" value="#{selectedPolicy.SEF}"
styleClass="selectBooleanCheckbox">
</h:selectBooleanCheckbox>
<h:message for="sef1"></h:message>
<h:outputLabel styleClass="outputLabel" id="label5"
for="brokerCommision1">
<h:outputText id="text20" value="brokerCommision"></h:outputText>
</h:outputLabel>
<h:inputText id="brokerCommision1"
value="#{selectedPolicy.brokerCommision}" styleClass="inputText">
</h:inputText>
<h:message for="brokerCommision1"></h:message>
<h:outputLabel styleClass="outputLabel" id="label6"
for="policyNumber1">
<h:outputText id="text21" value="policyNumber"></h:outputText>
</h:outputLabel>
<h:inputText id="policyNumber1"
value="#{selectedPolicy.policyNumber}" styleClass="inputText">
</h:inputText>
<h:message for="policyNumber1"></h:message>
<h:outputLabel styleClass="outputLabel" id="label7"
for="inceptionDate1">
<h:outputText id="text22" value="inceptionDate"></h:outputText>
</h:outputLabel>
<sf:clientDateValidator required="true">
<h:inputText id="inceptionDate"
value="#{selectedPolicy.inceptionDate}" styleClass="inputText"
required="true">
<f:convertDateTime pattern="yyyy-MM-dd" timeZone="EST" />
</h:inputText>
</sf:clientDateValidator>
<h:message for="inceptionDate"></h:message>
<h:outputLabel styleClass="outputLabel" id="label8"
for="policyId1">
<h:outputText id="text23" value="policyId"></h:outputText>
</h:outputLabel>
<h:inputText id="policyId1" readonly="true"
value="#{selectedPolicy.policyId}" styleClass="inputText">
</h:inputText>
<h:message for="policyId1"></h:message>
<h:outputLabel styleClass="outputLabel" id="label9"
for="liabilityLimit">
<h:outputText id="text24" value="liabilityLimit"></h:outputText>
</h:outputLabel>
<h:inputText id="liabilityLimit"
value="#{selectedPolicy.liabilityLimit}" styleClass="inputText">
<f:convertNumber integerOnly="true" type="number" />
</h:inputText>
<h:message for="liabilityLimit"></h:message>
<h:outputLabel styleClass="outputLabel" id="label11"
for="clientName1">
<h:outputText id="text26" value="clientName"></h:outputText>
</h:outputLabel>
<h:inputText id="clientName1" readonly="true"
value="#{selectedPolicy.client.clientName}"
styleClass="inputText">
</h:inputText>
<h:message for="clientName1"></h:message>
<h:outputLabel styleClass="outputLabel" id="label12"
for="country">
<h:outputText id="text27" value="Country"></h:outputText>
</h:outputLabel>
<h:inputText id="country"
value="#{selectedPolicy.ratingProvince.country}"
styleClass="inputText">
</h:inputText>
<h:message for="countryCode1"></h:message>
<h:outputLabel styleClass="outputLabel" id="label13"
for="provinceName1">
<h:outputText id="text28" value="Province Code"></h:outputText>
</h:outputLabel>
<h:selectOneMenu id="menuProvinces"
value="#{selectedPolicy.ratingProvince}"
converter="#{domainModelConverter}"
validator="#{domainModelConverter.validate}"
styleClass="selectOneMenu" required="true">
<f:selectItems
value="#{selectitems.lookupsFacade.provinces.provinceCode.this.toArray}" />
</h:selectOneMenu>
<h:message for="menuProvinces"></h:message>
<h:outputLabel styleClass="outputLabel" id="label13"
for="provinceName1">
<h:outputText id="text28" value="provinceName"></h:outputText>
</h:outputLabel>
<h:inputText id="provinceName1" styleClass="inputText"
value="#{selectedPolicy.ratingProvince.provinceName}"
disabled="true" readonly="true">
</h:inputText>
<h:message for="provinceName1"></h:message>
</h:panelGrid>
</h:panelGrid>
<div class="buttonGroup"><sf:commandButton id="addRisk"
rendered="#{not empty selectedPolicy}" value="Add Risk"
action="addRisk" /> <h:commandButton
rendered="#{not empty selectedPolicy}" id="savePolicy"
value="Save Policy" action="savePolicy" /></div>
</h:form></div>
</ui:fragment>
</ui:define></ui:composition>
robin bajaj opened SWF-794 and commented
I am using Spring 2.5, Spring Webflow 2.0.2 and Spring Security 2.0.1 versions I think I have hit upon a bug involving preAuthentication+ spring Security+ Spring Webflow and its related to Spring Webflow since Spring Security+preAuthentication is working fine for non spring-webflow related pages.
I started with sample webapp from Spring web flow. Then added form-login based security using "tutorial" sample application from Spring Security. It was all working fine. Then I changed my spring security setup to accommodate the requirement for preAuthentication (since we are using Tivoli Access Manager/Web Seal infrastructure for authentication and will continue to use Spring Security for authorization). After a lot of struggle, I have Spring Security working such that I can navigate from my unsecured home page to a secured (non SWF) page and I notice (from DEBUG log output) that Spring security filter chain is doing its job correctly.
But when I click on the other secured link on my home page that starts my (spring webflow based) web-flow, I get the error in the browser
Code:
Error 501: Method is not defined in RFC 2068 and is not supported by the Servlet API
Here's the exception trace, I get from Websphere 6.1.0.15 server - Code:
[09/07/08 16:16:46:046 EDT] 00000027 WebApp E [Servlet Error]-[Spring MVC Dispatcher Servlet]: com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method is not defined in RFC 2068 and is not supported by the Servlet API at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext.java:538) at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendError(SRTServletResponse.java:968) at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:152) at org.springframework.security.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendError(HttpSessionContextIntegrationFilter.java:498) at javax.servlet.http.HttpServlet.service(HttpServlet.java:788) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1068) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1009) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:359)
Last edited by robinbajaj; Yesterday at 03:53 PM. Reason: mentioned the versions of spring, swf, security frameworks Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message robinbajaj View Public Profile Send a private message to robinbajaj Find all posts by robinbajaj Add robinbajaj to Your Contacts
2 Report Post
Old Yesterday, 11:45 AM robinbajaj robinbajaj is online now Junior Member
Join Date: Jun 2007 Posts: 16 Default (continued from the above post.. with more details.) I have put the full exception trace here http://rafb.net/p/Np6u4461.html (because of the character limit in spring forums)
Just to confirm if its a Websphere related issue I created a war file and deployed on Apache tomcat 5.5.26, I get the same behaviour - non SWF secured page can be visited without problems, but the SWF related webflow page cannot be visited, and I get the same message in the browser.
Here's how my springSecurityContext.xml looks like URL: http://rafb.net/p/wBURCg22.html
Here's how my webflow-config.xml looks like URL: http://rafb.net/p/ap30Xo16.html
Here's my policy.xml (for my first webflow) URL: http://rafb.net/p/DDsQ8g62.html
Here's my home page (unsecured) URL: http://rafb.net/p/EKMPU732.html
Here's my first page from the policy webflow URL: http://rafb.net/p/1fnShV36.html Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message robinbajaj View Public Profile Send a private message to robinbajaj Find all posts by robinbajaj Add robinbajaj to Your Contacts
3 Report Post
Old Yesterday, 03:06 PM robinbajaj robinbajaj is online now Junior Member
Join Date: Jun 2007 Posts: 16 Default Its worth mentioning that Spring webflow page could be visited without problems when I had form-login based authentication setup in spring security.
So before , it was like CASE-1: Spring Security (form-login) + spring Webflow --> working fine for secured (both SWF and non-SWF) pages.
my securityContext.xml from CASE_1 is : Code:
\
\
\
CASE-2: Now, after I changed my authentication setup from form-login to preauthentication --> only my non-SWF, secured pages can be visited. And I get the above mentioned error when I try to visit the SWF controlled web pages. my (current, non-working) securityContext.xml from CASE_2 is : Code:
I even turned on the DEBUG output for org.springframework.webflow, org.springframework.js, org.springframework.binding, org.springframework.faces packages but no additional output was spit out in the log file, I just got the same exception trace as mentioned above.
At this time, I would even appreciate any tips to further debug this situation as to how I could get more detailed errors from SWF or Spring security in this case, robin
Affects: 2.0.2