Jan,
Thanks a lot for the quick response. I will start with the new code
base and the spring config migration you have suggested. In the mean
time, here is stack trace I see in the spring.security.log file. I see
the access denied exception before the entire security chain is
exhausted. Let me know if this means anything. Thanks again.
ntainer:shindig-container.js'; pattern is /**; matched=true
2012-02-26 01:53:32,200 DEBUG
org.springframework.security.intercept.AbstractSecurityInterceptor -
Secure object: FilterInvocation: URL: /gadgets/js/
core:rpc:eurekastreams-container:shindig-container.js?
c=1&container=eureka&debug=0; ConfigAttributes: [ROLE_USER]
2012-02-26 01:53:32,200 DEBUG
org.springframework.security.intercept.AbstractSecurityInterceptor -
Previously Authenticated:
org.springframework.security.providers.anonymous.AnonymousAuthenticationToken@69ec09e9:
Principal: roleAnonymous; Password: [PROTECTED]; Authenticated: true;
Details:
org.springframework.security.ui.WebAuthenticationDetails@957e:
RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities:
ROLE_ANONYMOUS
2012-02-26 01:53:32,200 DEBUG
org.springframework.security.ui.ExceptionTranslationFilter - Access is
denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.AccessDeniedException: Access is denied
at
org.springframework.security.vote.AffirmativeBased.decide(AffirmativeBased.java:
68)
at
org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:
262)
at
org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:
106)
at
org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:
83)
at org.springframework.security.util.FilterChainProxy
$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:
52)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:
53)
at org.springframework.security.util.FilterChainProxy
$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.oauth.provider.OAuthProviderProcessingFilter.doFilter(OAuthProviderProcessingFilter.java:
173)
at org.springframework.security.util.FilterChainProxy
$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.oauth.provider.OAuthProviderProcessingFilter.doFilter(OAuthProviderProcessingFilter.java:
193)
at org.springframework.security.util.FilterChainProxy
$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:
277)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:
53)
at org.springframework.security.util.FilterChainProxy
$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.oauth.provider.OAuthProviderProcessingFilter.doFilter(OAuthProviderProcessingFilter.java:
193)
at org.springframework.security.util.FilterChainProxy
$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:
101)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:
53)
at org.springframework.security.util.FilterChainProxy
$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:
105)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:
53)
at org.springframework.security.util.FilterChainProxy
$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:
109)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:
53)
at org.springframework.security.util.FilterChainProxy
$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:
91)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:
53)
at org.springframework.security.util.FilterChainProxy
$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at .......
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
293)
at
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:
877)
at org.apache.coyote.http11.Http11AprProtocol
$Http11ConnectionHandler.process(Http11AprProtocol.java:594)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:
1675)
at java.lang.Thread.run(Thread.java:662)
2012-02-26 01:53:32,200 DEBUG
org.springframework.security.ui.ExceptionTranslationFilter -
Authentication entry point being called; SavedRequest added to
Session: SavedRequest[
http://localhost:8080/gadgets/js/
core:rpc:eurekastreams-container:shindig-container.js?
c=1&container=eureka&debug=0]
2012-02-26 01:53:32,200 DEBUG
org.springframework.security.context.HttpSessionContextIntegrationFilter
- SecurityContextHolder now cleared, as request processing completed
2012-02-26 01:53:32,215 DEBUG
org.springframework.security.ui.ExceptionTranslationFilter - Chain
processed normally
2012-02-26 01:53:32,215 DEBUG
org.springframework.security.context.HttpSessionContextIntegrationFilter
- HttpSession is null, but SecurityContextHolder has not changed from
default: '
org.springframework.security.context.SecurityContextImpl@ffffffff:
Null authentication'; not creating HttpSession or storing
SecurityContextHolder contents
2012-02-26 01:53:32,215 DEBUG
org.springframework.security.context.HttpSessionContextIntegrationFilter
- SecurityContextHolder now cleared, as request processing completed
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - Converted URL to
lowercase, from: '/no_credentials.html'; to: '/no_credentials.html'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - Candidate is: '/
no_credentials.html'; pattern is /requestaccess.html; matched=false
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - Converted URL to
lowercase, from: '/no_credentials.html'; to: '/no_credentials.html'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - Candidate is: '/
no_credentials.html'; pattern is /requestaccess_connect.html;
matched=false
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - Converted URL to
lowercase, from: '/no_credentials.html'; to: '/no_credentials.html'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - Candidate is: '/
no_credentials.html'; pattern is /**; matched=true
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - /
no_credentials.html at position 1 of 13 in additional filter chain;
firing Filter:
'org.springframework.security.context.HttpSessionContextIntegrationFilter[ order=200; ]'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.context.HttpSessionContextIntegrationFilter
- HttpSession returned null object for SPRING_SECURITY_CONTEXT
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.context.HttpSessionContextIntegrationFilter
- New SecurityContext instance will be associated with
SecurityContextHolder
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - /
no_credentials.html at position 2 of 13 in additional filter chain;
firing Filter:
'org.springframework.security.ui.logout.LogoutFilter[ order=300; ]'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - /
no_credentials.html at position 3 of 13 in additional filter chain;
firing Filter:
'org.springframework.security.ui.webapp.AuthenticationProcessingFilter[ order=700; ]'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - /
no_credentials.html at position 4 of 13 in additional filter chain;
firing Filter:
'org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter[ order=1100; ]'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.ui.savedrequest.SavedRequest - pathInfo:
both null (property equals)
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.ui.savedrequest.SavedRequest -
queryString: arg1=1330238516902; arg2=null (property not equals)
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.wrapper.SavedRequestAwareWrapper -
Wrapper not replaced; SavedRequest was: SavedRequest[
http://localhost:
8080/eureka.nocache.js?1330238516902]
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - /
no_credentials.html at position 5 of 13 in additional filter chain;
firing Filter:
'org.springframework.security.ui.rememberme.RememberMeProcessingFilter[ order=1200; ]'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - /
no_credentials.html at position 6 of 13 in additional filter chain;
firing Filter:
'org.springframework.security.providers.anonymous.AnonymousProcessingFilter[ order=1300; ]'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.providers.anonymous.AnonymousProcessingFilter
- Populated SecurityContextHolder with anonymous token:
'org.springframework.security.providers.anonymous.AnonymousAuthenticationToken@9611369f:
Principal: roleAnonymous; Password: [PROTECTED]; Authenticated: true;
Details:
org.springframework.security.ui.WebAuthenticationDetails@fffdaa08:
RemoteIpAddress: 127.0.0.1; SessionId:
D3715F9CD33E0A8AC2867B618EBD6DFB; Granted Authorities: ROLE_ANONYMOUS'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - /
no_credentials.html at position 7 of 13 in additional filter chain;
firing Filter:
'org.springframework.security.ui.ExceptionTranslationFilter[ order=1400; ]'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - /
no_credentials.html at position 8 of 13 in additional filter chain;
firing Filter:
'org.springframework.security.oauth.provider.UnauthenticatedRequestTokenProcessingFilter@452d4b9c'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.oauth.provider.UnauthenticatedRequestTokenProcessingFilter
- Request does not require authentication. OAuth processing skipped.
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - /
no_credentials.html at position 9 of 13 in additional filter chain;
firing Filter:
'org.springframework.security.oauth.provider.UserAuthorizationProcessingFilter[ order=1416; ]'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.util.FilterChainProxy - /
no_credentials.html at position 10 of 13 in additional filter chain;
firing Filter:
'org.springframework.security.oauth.provider.AccessTokenProcessingFilter@20bf123f'
2012-02-26 01:53:32,325 DEBUG
org.springframework.security.oauth.provider.AccessTokenProcessingFilter
- Request does not require authentication. OAuth processing skipped.
2012-02-26 01:53:32,32
.....
.....
2012-02-26 01:53:32,512 DEBUG
org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource
- Candidate is: '/no_credentials.html'; pattern is /
no_credentials.html; matched=true
2012-02-26 01:53:32,512 DEBUG
org.springframework.security.intercept.AbstractSecurityInterceptor -
Secure object: FilterInvocation: URL: /no_credentials.html;
ConfigAttributes: [ROLE_ANONYMOUS, ROLE_USER]
2012-02-26 01:53:32,512 DEBUG
org.springframework.security.intercept.AbstractSecurityInterceptor -
Previously Authenticated:
org.springframework.security.providers.anonymous.AnonymousAuthenticationToken@69edb66b:
Principal: roleAnonymous; Password: [PROTECTED]; Authenticated: true;
Details:
org.springframework.security.ui.WebAuthenticationDetails@12afc:
RemoteIpAddress: 127.0.0.1; SessionId:
BC43D8A62DEBAC4D09587C420AB7D7B4; Granted Authorities: ROLE_ANONYMOUS
2012-02-26 01:53:32,512 DEBUG
org.springframework.security.intercept.AbstractSecurityInterceptor -
Authorization successful
2012-02-26 01:53:32,512 DEBUG
org.springframework.security.intercept.AbstractSecurityInterceptor -
RunAsManager did not change Authentication object
2012-02-26 01:53:32,512 DEBUG
org.springframework.security.util.FilterChainProxy - /
no_credentials.html reached end of additional filter chain; proceeding
with original chain
2012-02-26 01:53:32,512 DEBUG
org.springframework.security.ui.ExceptionTranslationFilter - Chain
processed normally
2012-02-26 01:53:32,512 DEBUG
org.springframework.security.context.HttpSessionContextIntegrationFilter
- SecurityContextHolder now cleared, as request processing completed