Error with JDBC Security

[zach]

I have been testing the JDBC security methods mentioned in these instructions:
http://wiki.pentaho.org/display/Pent...C+Security+DAO

I tried first with MySQL and couldn't get it to work I then tried with hypersonic in a couple of different scenarios and couldn't get it to work. The userdb is created, open and I'm able to connect to it with other tools (kettle). It looks like the first step of the authentication process is working, but it blows up somewhere. I have attached the server log below. Basically the error I get on the web page is "Access Denied"

08:58:43,800 WARN [LoggerListener] Authentication event AuthenticationSuccessEvent: suzy; details: org.acegisecurity.ui.WebAuthenticationDetails@ffff 6a82: RemoteIpAddress: 127.0.0.1; SessionId: D18388F73B0FBF418D66150059452533
08:58:43,801 WARN [LoggerListener] Authentication event InteractiveAuthenticationSuccessEvent: suzy; details: org.acegisecurity.ui.WebAuthenticationDetails@ffff 6a82: RemoteIpAddress: 127.0.0.1; SessionId: D18388F73B0FBF418D66150059452533
08:58:43,849 INFO [RuntimeContext] 0dfb1aa3-59a8-11dc-8858-fb30e0f56f8f:RUNTIME:context-6043534-1188773923821:session-region-list.xaction Output of "response" was present but output handler was null.

I will test this with RC2 when it gets published.

[mlowery]

Turn on Acegi Security debugging as outlined here. Restart the server. Attempt another login. You should see output in the log showing suzy's roles. What are those roles? For the URL that is returning "access denied" look in the applicationContext-acegi-security.xml to see what roles are allowed to access that particular URL.

[zach]

Thanks Mat,

I have turned on security logging. It is very helpful... but I am getting the same error on the front-end. The system is authenticating the user, but passing them to the "Access Denied" page. The url that I am trying to access is the "home.jsp" and Suzy has access when using the memory version of security (I have also tried with Joe and get the same results).

The roles that suzy has are: "cto, is, Authenticated" I am using the default applicationContext-acegi-security.xml.

I guess I am trying to figure how I can help to continue to debug and maybe fix. It seems when we are using jdbc security, some connection is missing after the user gets authenticated. I have been through the documentation, but I don't know where to go from here.

Zach

Here is the stack trace:

07:33:42,153 DEBUG [PathBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '/j_acegi_security_check'; to: '/j_acegi_security_check'
07:33:42,154 DEBUG [PathBasedFilterInvocationDefinitionMap] Candidate is: '/j_acegi_security_check'; pattern is /**; matched=true
07:33:42,154 DEBUG [FilterChainProxy] /j_acegi_security_check at position 1 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAw areRequestFilter@483a3'
07:33:42,155 DEBUG [SavedRequestAwareWrapper] Wrapper not replaced; SavedRequest was: null
07:33:42,155 DEBUG [FilterChainProxy] /j_acegi_security_check at position 2 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextInteg rationFilter@aba4bb'
07:33:42,155 DEBUG [HttpSessionContextIntegrationFilter] HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder
07:33:42,156 DEBUG [FilterChainProxy] /j_acegi_security_check at position 3 of 13 in additional filter chain; firing Filter: 'com.pentaho.security.HttpSessionReuseDetectionFil ter@8d1ce2'
07:33:42,156 DEBUG [HttpSessionReuseDetectionFilter] Request is to process authentication
07:33:42,156 DEBUG [FilterChainProxy] /j_acegi_security_check at position 4 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.ui.logout.LogoutFilter@61f48b'
07:33:42,156 DEBUG [FilterChainProxy] /j_acegi_security_check at position 5 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.ui.webapp.AuthenticationProcess ingFilter@fdf3b9'
07:33:42,156 DEBUG [AuthenticationProcessingFilter] Request is to process authentication
07:33:42,157 DEBUG [ProviderManager] Authentication attempt using org.acegisecurity.providers.dao.DaoAuthenticationP rovider
07:33:42,157 DEBUG [EhCacheBasedUserCache] Cache hit: false; username: suzy
07:33:42,164 DEBUG [EhCacheBasedUserCache] Cache put: suzy
07:33:42,164 WARN [LoggerListener] Authentication event AuthenticationSuccessEvent: suzy; details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 127.0.0.1; SessionId: F91DF4A379E52F1F6C7185C6A10CF4F7
07:33:42,164 DEBUG [AuthenticationProcessingFilter] Authentication success: org.acegisecurity.providers.UsernamePasswordAuthen ticationToken@b2612968: Username: org.acegisecurity.userdetails.User@61277800: Username: suzy; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: cto, is, Authenticated; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 127.0.0.1; SessionId: F91DF4A379E52F1F6C7185C6A10CF4F7; Granted Authorities: cto, is, Authenticated
07:33:42,170 DEBUG [AuthenticationProcessingFilter] Updated SecurityContextHolder to contain the following Authentication: 'org.acegisecurity.providers.UsernamePasswordAuthe nticationToken@b2612968: Username: org.acegisecurity.userdetails.User@61277800: Username: suzy; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: cto, is, Authenticated; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 127.0.0.1; SessionId: F91DF4A379E52F1F6C7185C6A10CF4F7; Granted Authorities: cto, is, Authenticated'
07:33:42,170 DEBUG [AuthenticationProcessingFilter] Redirecting to target URL from HTTP Session (or default): /Home
07:33:42,170 DEBUG [TokenBasedRememberMeServices] Did not send remember-me cookie (principal did not set parameter '_acegi_security_remember_me')
07:33:42,171 WARN [LoggerListener] Authentication event InteractiveAuthenticationSuccessEvent: suzy; details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 127.0.0.1; SessionId: F91DF4A379E52F1F6C7185C6A10CF4F7
07:33:42,172 DEBUG [HttpSessionContextIntegrationFilter] SecurityContext stored to HttpSession: 'org.acegisecurity.context.SecurityContextImpl@b26 12968: Authentication: org.acegisecurity.providers.UsernamePasswordAuthen ticationToken@b2612968: Username: org.acegisecurity.userdetails.User@61277800: Username: suzy; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: cto, is, Authenticated; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 127.0.0.1; SessionId: F91DF4A379E52F1F6C7185C6A10CF4F7; Granted Authorities: cto, is, Authenticated'
07:33:42,172 DEBUG [HttpSessionContextIntegrationFilter] SecurityContextHolder set to new context, as request processing completed
07:33:42,179 DEBUG [PathBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '/home'; to: '/home'
07:33:42,180 DEBUG [PathBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is /**; matched=true
07:33:42,181 DEBUG [FilterChainProxy] /Home at position 1 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAw areRequestFilter@483a3'
07:33:42,181 DEBUG [SavedRequestAwareWrapper] Wrapper not replaced; SavedRequest was: null
07:33:42,182 DEBUG [FilterChainProxy] /Home at position 2 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextInteg rationFilter@aba4bb'
07:33:42,182 DEBUG [HttpSessionContextIntegrationFilter] Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@b26 12968: Authentication: org.acegisecurity.providers.UsernamePasswordAuthen ticationToken@b2612968: Username: org.acegisecurity.userdetails.User@61277800: Username: suzy; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: cto, is, Authenticated; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 127.0.0.1; SessionId: F91DF4A379E52F1F6C7185C6A10CF4F7; Granted Authorities: cto, is, Authenticated'
07:33:42,184 DEBUG [FilterChainProxy] /Home at position 3 of 13 in additional filter chain; firing Filter: 'com.pentaho.security.HttpSessionReuseDetectionFil ter@8d1ce2'
07:33:42,184 DEBUG [FilterChainProxy] /Home at position 4 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.ui.logout.LogoutFilter@61f48b'
07:33:42,184 DEBUG [FilterChainProxy] /Home at position 5 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.ui.webapp.AuthenticationProcess ingFilter@fdf3b9'
07:33:42,184 DEBUG [FilterChainProxy] /Home at position 6 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.ui.basicauth.BasicProcessingFil ter@8c0dc2'
07:33:42,185 DEBUG [BasicProcessingFilter] Authorization header: null
07:33:42,185 DEBUG [FilterChainProxy] /Home at position 7 of 13 in additional filter chain; firing Filter: 'com.pentaho.security.RequestParameterAuthenticati onFilter@db66eb'
07:33:42,185 DEBUG [RequestParameterAuthenticationFilter] Authorization userid: null
07:33:42,186 DEBUG [FilterChainProxy] /Home at position 8 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.ui.rememberme.RememberMeProcess ingFilter@865e2b'
07:33:42,186 DEBUG [RememberMeProcessingFilter] SecurityContextHolder not populated with remember-me token, as it already contained: 'org.acegisecurity.providers.UsernamePasswordAuthe nticationToken@b2612968: Username: org.acegisecurity.userdetails.User@61277800: Username: suzy; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: cto, is, Authenticated; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 127.0.0.1; SessionId: F91DF4A379E52F1F6C7185C6A10CF4F7; Granted Authorities: cto, is, Authenticated'
07:33:42,187 DEBUG [FilterChainProxy] /Home at position 9 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.providers.anonymous.AnonymousPr ocessingFilter@906624'
07:33:42,188 DEBUG [AnonymousProcessingFilter] SecurityContextHolder not populated with anonymous token, as it already contained: 'org.acegisecurity.providers.UsernamePasswordAuthe nticationToken@b2612968: Username: org.acegisecurity.userdetails.User@61277800: Username: suzy; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: cto, is, Authenticated; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 127.0.0.1; SessionId: F91DF4A379E52F1F6C7185C6A10CF4F7; Granted Authorities: cto, is, Authenticated'
07:33:42,188 DEBUG [FilterChainProxy] /Home at position 10 of 13 in additional filter chain; firing Filter: 'com.pentaho.security.SecurityStartupFilter@311da5 '
07:33:42,226 DEBUG [FilterChainProxy] /Home at position 11 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.ui.switchuser.SwitchUserProcess ingFilter@917427'
07:33:42,227 DEBUG [FilterChainProxy] /Home at position 12 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@6 0dae5'
07:33:42,245 DEBUG [FilterChainProxy] /Home at position 13 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInt erceptor@c2f21e'
07:33:42,246 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '/home'; to: '/home'
07:33:42,248 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/login.*\Z; matched=false
07:33:42,248 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/j_acegi_security_check.*\Z; matched=false
07:33:42,248 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/getmondrianmodel.*\Z; matched=false
07:33:42,248 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/getimage.*\Z; matched=false
07:33:42,248 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/getresource.*\Z; matched=false
07:33:42,248 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/admin.*\Z; matched=false
07:33:42,249 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/auditreport.*\Z; matched=false
07:33:42,249 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/auditreportlist.*\Z; matched=false
07:33:42,249 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/versioncontrol.*\Z; matched=false
07:33:42,249 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/propertieseditor.*\Z; matched=false
07:33:42,250 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/propertiespanel.*\Z; matched=false
07:33:42,250 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/subscriptionadmin.*\Z; matched=false
07:33:42,251 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/resetrepository.*\Z; matched=false
07:33:42,251 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/viewaction.*solution.admin.*\Z; matched=false
07:33:42,252 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/scheduleradmin.*\Z; matched=false
07:33:42,252 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/publish.*\Z; matched=false
07:33:42,252 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/logout.*\Z; matched=false
07:33:42,252 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/.*\Z; matched=true
07:33:42,253 DEBUG [AbstractSecurityInterceptor] Secure object: FilterInvocation: URL: /Home; ConfigAttributes: [ROLE_AUTHENTICATED]
07:33:42,253 DEBUG [AbstractSecurityInterceptor] Previously Authenticated: org.acegisecurity.providers.UsernamePasswordAuthen ticationToken@b2612968: Username: org.acegisecurity.userdetails.User@61277800: Username: suzy; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: cto, is, Authenticated; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 127.0.0.1; SessionId: F91DF4A379E52F1F6C7185C6A10CF4F7; Granted Authorities: cto, is, Authenticated
07:33:42,254 DEBUG [ExceptionTranslationFilter] Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.acegisecurity.AccessDeniedException: Access is denied
at org.acegisecurity.vote.AffirmativeBased.decide(Aff irmativeBased.java:68)
at org.acegisecurity.intercept.AbstractSecurityInterc eptor.beforeInvocation(AbstractSecurityInterceptor .java:276)
at org.acegisecurity.intercept.web.FilterSecurityInte rceptor.invoke(FilterSecurityInterceptor.java:104)
at org.acegisecurity.intercept.web.FilterSecurityInte rceptor.doFilter(FilterSecurityInterceptor.java:72 )
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.ui.ExceptionTranslationFilter.do Filter(ExceptionTranslationFilter.java:110)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.ui.switchuser.SwitchUserProcessi ngFilter.doFilter(SwitchUserProcessingFilter.java: 335)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at com.pentaho.security.SecurityStartupFilter.doFilte r(SecurityStartupFilter.java:71)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.providers.anonymous.AnonymousPro cessingFilter.doFilter(AnonymousProcessingFilter.j ava:125)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.ui.rememberme.RememberMeProcessi ngFilter.doFilter(RememberMeProcessingFilter.java: 142)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at com.pentaho.security.RequestParameterAuthenticatio nFilter.doFilter(RequestParameterAuthenticationFil ter.java:160)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.ui.basicauth.BasicProcessingFilt er.doFilter(BasicProcessingFilter.java:178)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.ui.AbstractProcessingFilter.doFi lter(AbstractProcessingFilter.java:217)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.ui.logout.LogoutFilter.doFilter( LogoutFilter.java:108)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at com.pentaho.security.HttpSessionReuseDetectionFilt er.doFilter(HttpSessionReuseDetectionFilter.java:1 42)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.context.HttpSessionContextIntegr ationFilter.doFilter(HttpSessionContextIntegration Filter.java:193)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.wrapper.SecurityContextHolderAwa reRequestFilter.doFilter(SecurityContextHolderAwar eRequestFilter.java:81)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.util.FilterChainProxy.doFilter(F ilterChainProxy.java:148)
at org.acegisecurity.util.FilterToBeanProxy.doFilter( FilterToBeanProxy.java:98)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
at org.pentaho.core.system.SystemStatusFilter.doFilte r(SystemStatusFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
at org.pentaho.ui.servlet.SetCharacterEncodingFilter. doFilter(SetCharacterEncodingFilter.java:112)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doF ilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.SecurityAssociationV alve.invoke(SecurityAssociationValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:432)
at org.jboss.web.tomcat.security.JaccContextValve.inv oke(JaccContextValve.java:74)
at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11 ConnectionHandler.processConnection(Http11BaseProt ocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.process Socket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread .run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:613)
07:33:42,258 DEBUG [HttpSessionContextIntegrationFilter] SecurityContextHolder set to new context, as request processing completed

[mlowery]

Open applicationContext-acegi-security.xml. Find the bean with id of filterInvocationInterceptor. Find the objectDefinitionSource property. For each line (after CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON), there is an equation. The left hand side is a regular expression specifying URLs to match. The right hand side lists the roles that are allowed to access the matching URL. For all roles except ROLE_ANONYMOUS, remove the ROLE_ prefix and modify the case of the role such that the result looks like this:

Code:

<property name="objectDefinitionSource">

<value>

<![CDATA[

CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/login.*\Z=ROLE_ANONYMOUS,Authenticated
\A/j_acegi_security_check.*\Z=ROLE_ANONYMOUS,Authenticated
\A/getmondrianmodel.*\Z=ROLE_ANONYMOUS,Authenticated
\A/getimage.*\Z=ROLE_ANONYMOUS,Authenticated
\A/getresource.*\Z=ROLE_ANONYMOUS,Authenticated
\A/admin.*\Z=Admin
\A/auditreport.*\Z=Admin
\A/auditreportlist.*\Z=Admin
\A/versioncontrol.*\Z=Admin
\A/propertieseditor.*\Z=Admin
\A/propertiespanel.*\Z=Admin
\A/subscriptionadmin.*\Z=Admin
\A/resetrepository.*\Z=Admin
\A/viewaction.*solution.admin.*\Z=Admin
\A/scheduleradmin.*\Z=Admin
\A/publish.*\Z=Admin
\A/logout.*\Z=ROLE_ANONYMOUS
\A/.*\Z=Authenticated
]]>

</value>

</property>

I will modify the default settings so that this step is not necessary in the future.

[zach]

I have attempted this several times and I'm getting new errors. See below:

15:38:27,327 ERROR [ContextLoader] Context initialization failed
org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'filterInvocationInterceptor' defined in ServletContext resource [/WEB-INF/applicationContext-acegi-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [Admin, Authenticated]
Caused by:
java.lang.IllegalArgumentException: Unsupported configuration attributes: [Admin, Authenticated]

I have tried this with 1.6 rc1 and 1.6 rc2 and get the same results.

Zach

[mlowery]

In applicationContext-common-authorization.xml, make roleVoter look like this:

Code:

<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
  <property name="rolePrefix" value="" />
</bean>

The default rolePrefix is "ROLE_" which means that a roleVoter configured with the default will not "support" any roles that don't begin with "ROLE_". And since Admin and Authenticated don't begin with "ROLE_", you get the exception.

By the way, all of these fixes have been made in the trunk.

[zach]

Thanks Matt!

I have validated against both a Hyerpsonic and MySQL database with the changes you have outlined. I will pull from source and see that the trunk changes work over the next several days!

Zach