Discussion :

[poitou82]

Bonjour,

Je suis débutante dans ce domaine; en effet, je suis en train de développer une application web en Java-Spring-Hibernate; bon voilà à la compilation, je n'ai quasiment des erreurs sauf l'erreur suivante (dans mon fichier log4j.xml) :

ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied

ensuite, à l'exécution, j'ai bien ma page d'acceuil celle de formulaire d'identification et quand je clique sur le bouton valider bien évidemment après avoir rempli mon formulaire j'ai comme erreur à l'affichage :

Authentication Failed: Authentication method not supported: GET
La requête nécessite une authentification HTTP (Authentication Failed: Authentication method not supported: GET).

Je vois clair l'erreur en quoi elle consiste mais sincèrement je n'ai aucune idée comment résoudre ce problème; pourriez-vous m'aider à la résolution de cette erreur svp ?

Si quelqu'un est intéressé, je peux poster mes fichiers de configuration web.xml, applicationContext.xml,hibernate.cfg.xml,...

MERCI

[fabszn]

Hello,

Oui, je pense que les fichiers de configuration suivant pourrait aider pour résoudre ton problème :

• web.xml

• applicationContext.xml

• applicationContext-security.xml (s'il existe)

• leformulaire d'authentification.

• éventuellement ton controleur

Cordialement,

[poitou82]

Merci pour ton soutien;
Je te passe les codes de différents fichiers de configuration comme suit:

• web.xml

<display-name>TestProject</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security.xml
/WEB-INF/applicationContext.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>*.zul</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/j_spring_security_check</url-pattern>
</filter-mapping>

• applicationContext.xml

<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName">
<value>java:comp/env/jdbc/tmd</value>
</property>
</bean>

<!-- Declaration Session Factory -->

<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">

<property name="dataSource">
<ref bean="dataSource"/>
</property>
<property name="hibernateProperties">
<value>
hibernate.dialect=org.hibernate.dialect.MySQLDialect
hibernate.show_sql=false
hibernate.transaction.factory_class=org.hibernate.transaction.JDBCTransactionFactory
hibernate.query.factory_class=org.hibernate.hql.classic.ClassicQueryTranslatorFactory
hibernate.cache.provider_class=org.hibernate.cache.EhCacheProvider
</value>
</property>
<property name="mappingResources">
<list>
<value>/fr/cs/tma/model/User.hbm.xml</value>
</list>
</property>
</bean>

<!-- Declaration Template Hibernate -->

<bean id="hibernateTemplate"
class="org.springframework.orm.hibernate3.HibernateTemplate">
<property name="sessionFactory" ref="sessionFactory"/>
</bean>

<bean id="transactionManager"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory">
<ref local="sessionFactory"/>
</property>
</bean>

<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>

<bean class="org.springframework.transaction.interceptor.TransactionAttributeSourceAdvisor">
<property name="transactionInterceptor" ref="transactionInterceptor"/>
</bean>

<bean id="transactionInterceptor"
class="org.springframework.transaction.interceptor.TransactionInterceptor">
<property name="transactionManager" ref="transactionManager"/>
<property name="transactionAttributeSource">
<bean class="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource"/>
</property>
</bean>


<!-- Un bean abstrait pour mtualiser la configuration -->

<bean id="baseDAO"
class="org.springframework.orm.hibernate3.support.HibernateDaoSupport"
abstract="true">

<!-- Injection de la fabrique de sessions hibernate -->
<property name="hibernateTemplate">
<ref bean="hibernateTemplate"/>
</property>

</bean>

<!-- Le DAO pour les users -->
<bean id="userDao"
class="fr.cs.tma.dao.hibernate.UserDaoHibernate"
scope="singleton"
lazy-init="true"
abstract="false"
parent="baseDAO">

</bean>

</beans>

• applicationContext-security.xml

<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/**"
filters="httpSessionContextIntegrationFilter,
securityContextPersistenceFilter,
authenticationFilter,
securityContextHolderAwareRequestFilter,
anonymousAuthFilter,
exceptionTranslationFilter,
filterSecurityInterceptor"/>
</security:filter-chain-map>
</bean>


<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.web.context.HttpSessionContextIntegrationFilter"/>

<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/>


<bean id="anonymousAuthFilter" class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
<property name="key" value="ANONYMOUS_KEY"/>
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>

<bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
<property name="accessDeniedHandler" ref="accessDeniedHandler"/>
</bean>

<bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login.zul"/>
</bean>

<bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage" value="/login.zul?login_error=true"/>
</bean>

<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<property name="securityContextRepository">
<bean class="org.springframework.security.web.context.HttpSessionSecurityContextRepository">
<property name="allowSessionCreation" value="false"/>
</bean>
</property>
</bean>

<bean id="filterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
<property name="securityMetadataSource">
<security:filter-security-metadata-source>
<security:intercept-url pattern="/login.zul" access="ROLE_ANONYMOUS,TMD_ADMIN,TMD_DEV,TMD_CLIENT"/>
<security:intercept-url pattern="/*.zul" access="TMD_ADMIN,TMD_DEV,TMD_CLIENT"/>
</security:filter-security-metadata-source>
</property>
</bean>

<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<ref local="anonymousAuthenticationProvider"/>

</list>
</property>
</bean>

<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref bean="userService"/>
</property>
</bean>
<bean id="userService" class="fr.cs.tma.service.UserService">
<property name="userDao">
<ref bean="userDao"/>
</property>
</bean>

<bean id="anonymousAuthenticationProvider" class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
<property name="key" value="ANONYMOUS_KEY"/>
</bean>


<bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.access.vote.RoleVoter">
<property name="rolePrefix" value="TMD_"/>
</bean>
<bean class="org.springframework.security.access.vote.RoleVoter">
<property name="rolePrefix" value="ROLE_"/>
</bean>
</list>
</property>
</bean>

<bean id="authenticationFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="filterProcessesUrl" value="/j_spring_security_check"/>
</bean>
</beans>

Pour mon formulaire d'identification, il s'agit d'un fichier zul comme je travaille avec le framework ZK, ça ressemble beaucoup au HTML:

<window id="loginWin" title="Login Window" border="normal" width="400px"
use="fr.cs.tma.ui.LoginViewCtrl">
<grid>
<rows>
<row>
<label value="Username:"/>
<textbox id="username" name="j_username" constraint="no empty"/>
</row>
<row>
<label value="Password:"/>
<textbox type="password" id="password" name="j_password" constraint="no empty"/>
</row>
<row spans="2" align="center"><cell>
<vlayout>
<button id="login" label="login" width="100px" onClick="loginWin.onOK()" />
<label id="msgError" style="color:red; font-weight:italic"/>
</vlayout>
</cell>
</row>
</rows>
</grid>

</window>

Il reste enfin le contrôleur, mon contrôleur est une classe Java:

public class LoginViewCtrl extends Window {

public void onCreate() {
Label msgLbl = (Label)getFellow("loginWin").getFellow("msgError");
String errorCode = Executions.getCurrent().getParameter("login_error");

if("true".equals(errorCode)){
msgLbl.setValue("Bad Username or/and Password. Retry Please.");
}else{
msgLbl.setValue("");
}
}

public void onOK() {
Textbox usernameTxt = (Textbox)getFellow("loginWin").getFellow("username");
Textbox passwordTxt = (Textbox)getFellow("loginWin").getFellow("password");

String username = usernameTxt.getValue();
String password = passwordTxt.getValue();

Executions.sendRedirect("/j_spring_security_check?j_username="+username+"&j_password="+password);
}

}

Des idées, conseils, suggestions,etc... n'hésitez pas svp
Merci