Hitachi Vantara Pentaho Community Forums
Results 1 to 3 of 3

Thread: Infinite Loop using Acegi Channel Processing Filter

  1. #1
    Join Date
    Jun 2009
    Posts
    5

    Question Infinite Loop using Acegi Channel Processing Filter

    I am trying to setup the Acegi Channel Processing Filter to secure the login call to my LDAP but when I make the changes outlined in the documentation for Pentaho and Acegi, I get stuck in an infinte loop and I just get an error in the browser.

    When I check the logs, it appears the Channel Processing Filter takes the request for /Home and redirects it back to /home over and over and over......see error logs below. Does anyone have any advise on how to resolve this problem?


    10:46:37,432 DEBUG [HttpSessionEventPublisher] Publishing event: org.acegisecurity.ui.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@2cf889c8]
    10:46:37,435 DEBUG [PathBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '/home'; to: '/home'
    10:46:37,435 DEBUG [PathBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is /**; matched=true
    10:46:37,436 DEBUG [FilterChainProxy] /Home at position 1 of 14 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter@3b3219ed'
    10:46:37,437 DEBUG [SavedRequestAwareWrapper] Wrapper not replaced; SavedRequest was: null
    10:46:37,437 DEBUG [FilterChainProxy] /Home at position 2 of 14 in additional filter chain; firing Filter: 'org.acegisecurity.securechannel.ChannelProcessingFilter@564434f7'
    10:46:37,441 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '/home'; to: '/home'
    10:46:37,441 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/secure/.*\Z; matched=false
    10:46:37,441 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/acegilogin.jsp.*\Z; matched=false
    10:46:37,441 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/j_acegi_security_check.*\Z; matched=false
    10:46:37,442 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A.*\Z; matched=true
    10:46:37,442 DEBUG [ChannelProcessingFilter] Request: FilterInvocation: URL: /Home; ConfigAttributes: [REQUIRES_INSECURE_CHANNEL]
    10:46:37,442 DEBUG [RetryWithHttpEntryPoint] Redirecting to: http://reporting-dev.xxx.com/pentaho/Home
    10:46:37,463 DEBUG [PathBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '/home'; to: '/home'
    10:46:37,464 DEBUG [PathBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is /**; matched=true
    10:46:37,465 DEBUG [FilterChainProxy] /Home at position 1 of 14 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter@3b3219ed'
    10:46:37,465 DEBUG [SavedRequestAwareWrapper] Wrapper not replaced; SavedRequest was: null
    10:46:37,465 DEBUG [FilterChainProxy] /Home at position 2 of 14 in additional filter chain; firing Filter: 'org.acegisecurity.securechannel.ChannelProcessingFilter@564434f7'
    10:46:37,465 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '/home'; to: '/home'
    10:46:37,466 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/secure/.*\Z; matched=false
    10:46:37,466 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/acegilogin.jsp.*\Z; matched=false
    10:46:37,466 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/j_acegi_security_check.*\Z; matched=false
    10:46:37,466 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A.*\Z; matched=true
    10:46:37,466 DEBUG [ChannelProcessingFilter] Request: FilterInvocation: URL: /Home; ConfigAttributes: [REQUIRES_INSECURE_CHANNEL]
    10:46:37,466 DEBUG [RetryWithHttpEntryPoint] Redirecting to: http://reporting-dev.xxx.com/pentaho/Home
    10:46:37,491 DEBUG [PathBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '/home'; to: '/home'
    10:46:37,491 DEBUG [PathBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is /**; matched=true
    10:46:37,492 DEBUG [FilterChainProxy] /Home at position 1 of 14 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter@3b3219ed'
    10:46:37,492 DEBUG [SavedRequestAwareWrapper] Wrapper not replaced; SavedRequest was: null
    10:46:37,492 DEBUG [FilterChainProxy] /Home at position 2 of 14 in additional filter chain; firing Filter: 'org.acegisecurity.securechannel.ChannelProcessingFilter@564434f7'
    10:46:37,492 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '/home'; to: '/home'
    10:46:37,492 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/secure/.*\Z; matched=false
    10:46:37,492 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/acegilogin.jsp.*\Z; matched=false
    10:46:37,492 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/j_acegi_security_check.*\Z; matched=false
    10:46:37,492 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A.*\Z; matched=true
    10:46:37,492 DEBUG [ChannelProcessingFilter] Request: FilterInvocation: URL: /Home; ConfigAttributes: [REQUIRES_INSECURE_CHANNEL]
    10:46:37,492 DEBUG [RetryWithHttpEntryPoint] Redirecting to: http://reporting-dev.xxx.com/pentaho/Home

  2. #2
    Join Date
    Oct 2007
    Posts
    235

    Default

    Have you tried using an Apache proxy to provide the secure connection? Just make sure you get your address re-writing to look in java script for addresses as well.

    If you don't want to do that you could change the default in the list of addresses it requires secure connections for, in the acegi set up that says it requires an insecure channel to requiring a secure channel. Not sure if that will work (I went with the proxy option to secure my install) but it might be worth a try.

    Good luck and if you get it working let us know what you did so others can get round it in the future.

    Wil
    SQL: as much of a standard as the English language

  3. #3
    Join Date
    Jun 2009
    Posts
    5

    Default

    I already have Apache configured as a proxy. The problem is that when I make my call to the LDAP server for the user authentication and group information, that call sends over the LDAP username/password clear text over the wire and based on the security requirements, I need to send that securely.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.