[Acegi] DispatchActionSupport

**tentos** · 08/08/2008, 09h57

Bonjour, je voudrais sécuriser les méthodes de mes actions. Pour cela je voulais utiliser l'intercepteur aopalliance.MethodSecurityInterceptor
Mais Apparemment cela ne fonctionne pas.

Mes action hérite de la DispatchActionSupport.

ApplicationContext.xml

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
<beans>
	<bean name="/monaction" class="classeAction" />
	<bean id="intercepteur" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
		<property name="authenticationManager" ref="myAuthenticationManager"/>
		<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
		<property name="objectDefinitionSource">
			<value>
				classeAction.create=ROLE_1
				classeAction.modify=ROLE_2
			</value>
		</property>
	</bean>
	<bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
		<property name="interceptorNames">
			<list>
				<value>intercepteur</value>
			</list>
		</property>
		<property name="beanNames">
			<list>
				<value>/monaction</value>
			</list>
		</property>
	</bean>
<beans>

Strut-config.xml

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
 
<action path="/monaction"
	type="org.springframework.web.struts.DelegatingActionProxy"
	parameter="method"
	name="monForm"
	input="page/mapage">
	<forward name="success" 	path="page/mapage" />
	<forward name="retourListe"	path="/monActionListe.do" />
</action>
<plug-in className="org.springframework.web.struts.ContextLoaderPlugIn">
	<set-property property="contextConfigLocation" value="/WEB-INF/
ApplicationContext.xml" />
</plug-in>

**julien.dubois** · 20/08/2008, 20h48

La meilleure solution : virer Struts pour utiliser Spring MVC :-)

Afin de déblayer déjà un peu, est-ce que tu peux :
- Soit mettre les logs de Spring Security pour voir s'il valide bien les accès à ta méthode
- Soit rajouter un deuxième intercepteur de log

-> l'idée est de voir si ton intercepteur fonctionne bien ou non. Si ton intercepteur fonctionne correctement, il faudra aller voir du côté de la conf de Spring Security.

**tentos** · 21/08/2008, 14h07

Bonjour Julien,

voici mes logs donc mon action est "/eventscheduled"
et mon intercepteur est "intercepteur"

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
210808 12:10:14 INFO  web.context.ContextLoader [@] Root WebApplicationContext: initialization started
210808 12:10:14 INFO  na].[localhost].[/client] [@] Loading Spring root WebApplicationContext
210808 12:10:14 INFO  l.XmlBeanDefinitionReader [@] Loading XML bean definitions from ServletContext resource [/WEB-INF/applicationContext.xml]
210808 12:10:15 INFO  .XmlWebApplicationContext [@] Bean factory for application context [org.springframework.web.context.support.XmlWebApplicationContext;hashCode=17691874]: org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [/eventScheduled,intercepteur,autoProxyCreator,pullServiceSecurityInterceptor,serviceFactory,pullService,pullServiceSecure,filterChainProxy,loggingFilter,httpSessionContextIntegrationFilter,authenticationProcessingFilter,myAuthenticationManager,serviceRegistryFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,httpRequestAccessDecisionManager,roleVoter,authenticationProcessingFilterEntryPoint]; root of BeanFactory hierarchy
210808 12:10:15 INFO  .XmlWebApplicationContext [@] 19 beans defined in application context [org.springframework.web.context.support.XmlWebApplicationContext;hashCode=17691874]
210808 12:10:15 INFO  rk.core.CollectionFactory [@] JDK 1.4+ collections available
210808 12:10:15 INFO  rk.core.CollectionFactory [@] Commons Collections 3.x available
210808 12:10:15 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'autoProxyCreator'
210808 12:10:15 INFO  rk.DefaultAopProxyFactory [@] CGLIB2 available: proxyTargetClass feature enabled
210808 12:10:16 INFO  .XmlWebApplicationContext [@] Unable to locate MessageSource with name 'messageSource': using default [org.springframework.context.support.DelegatingMessageSource@1d1cdf7]
210808 12:10:16 INFO  .XmlWebApplicationContext [@] Unable to locate ApplicationEventMulticaster with name 'applicationEventMulticaster': using default [org.springframework.context.event.SimpleApplicationEventMulticaster@ec835f]
210808 12:10:16 INFO  UiApplicationContextUtils [@] No ThemeSource found for [org.springframework.web.context.support.XmlWebApplicationContext;hashCode=17691874]: using ResourceBundleThemeSource
210808 12:10:16 INFO  efaultListableBeanFactory [@] Pre-instantiating singletons in factory [org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [/eventScheduled,intercepteur,autoProxyCreator,pullServiceSecurityInterceptor,serviceFactory,pullService,pullServiceSecure,filterChainProxy,loggingFilter,httpSessionContextIntegrationFilter,authenticationProcessingFilter,myAuthenticationManager,serviceRegistryFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,httpRequestAccessDecisionManager,roleVoter,authenticationProcessingFilterEntryPoint]; root of BeanFactory hierarchy]
210808 12:10:16 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean '/eventScheduled'
210808 12:10:16 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'intercepteur'
210808 12:10:16 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'myAuthenticationManager'
210808 12:10:16 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'httpRequestAccessDecisionManager'
210808 12:10:16 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'roleVoter'
210808 12:10:16 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public org.apache.struts.action.ActionForward com.axalto.ws.client.reports.scheduled.event.EventScheduledAction.create(org.apache.struts.action.ActionMapping,org.apache.struts.action.ActionForm,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) throws java.lang.Exception] with attributes [[ROLE_41]]
210808 12:10:16 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public org.apache.struts.action.ActionForward com.axalto.ws.client.reports.scheduled.event.EventScheduledAction.create(org.apache.struts.action.ActionMapping,org.apache.struts.action.ActionForm,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) throws java.lang.Exception] with attributes [[ROLE_41]]
210808 12:10:16 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public org.apache.struts.action.ActionForward com.axalto.ws.client.reports.scheduled.event.EventScheduledAction.modify(org.apache.struts.action.ActionMapping,org.apache.struts.action.ActionForm,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) throws java.lang.Exception] with attributes [[ROLE_42]]
210808 12:10:16 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public org.apache.struts.action.ActionForward com.axalto.ws.client.reports.scheduled.event.EventScheduledAction.modify(org.apache.struts.action.ActionMapping,org.apache.struts.action.ActionForm,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) throws java.lang.Exception] with attributes [[ROLE_42]]
210808 12:10:16 INFO  stractSecurityInterceptor [@] Validated configuration attributes
210808 12:10:16 INFO  stractSecurityInterceptor [@] Validated configuration attributes
210808 12:10:16 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'pullServiceSecurityInterceptor'
210808 12:10:16 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public abstract com.axalto.ws.PullType[] com.axalto.ws.PullsService.getPullTypes(int) throws java.rmi.RemoteException] with attributes [[ROLE_1]]
210808 12:10:16 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public abstract com.axalto.ws.PullType[] com.axalto.ws.PullsService.getPullTypes(int) throws java.rmi.RemoteException] with attributes [[ROLE_1]]
210808 12:10:16 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public abstract void com.axalto.ws.PullsService.setPull(com.axalto.ws.Pull) throws java.rmi.RemoteException,com.axalto.ws.PullServiceException] with attributes [[ROLE_35]]
210808 12:10:16 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public abstract void com.axalto.ws.PullsService.setPull(com.axalto.ws.Pull) throws java.rmi.RemoteException,com.axalto.ws.PullServiceException] with attributes [[ROLE_35]]
210808 12:10:16 INFO  stractSecurityInterceptor [@] Validated configuration attributes
210808 12:10:16 INFO  stractSecurityInterceptor [@] Validated configuration attributes
210808 12:10:16 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'serviceFactory'
210808 12:10:16 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'pullServiceSecure'
210808 12:10:16 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'pullService'
210808 12:10:18 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'filterChainProxy'
210808 12:10:18 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'loggingFilter'
210808 12:10:18 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'httpSessionContextIntegrationFilter'
210808 12:10:18 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'authenticationProcessingFilter'
210808 12:10:18 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'serviceRegistryFilter'
210808 12:10:18 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'anonymousProcessingFilter'
210808 12:10:18 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'exceptionTranslationFilter'
210808 12:10:18 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'authenticationProcessingFilterEntryPoint'
210808 12:10:18 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'filterInvocationInterceptor'
210808 12:10:18 INFO  stractSecurityInterceptor [@] Validated configuration attributes
210808 12:10:18 INFO  stractSecurityInterceptor [@] Validated configuration attributes
210808 12:10:18 INFO  web.context.ContextLoader [@] Using context class [org.springframework.web.context.support.XmlWebApplicationContext] for root WebApplicationContext
210808 12:10:18 INFO  web.context.ContextLoader [@] Root WebApplicationContext: initialization completed in 4506 ms
210808 12:10:20 INFO  validator.ValidatorPlugIn [@] Loading validation rules file from '/WEB-INF/validation-rules.xml'
210808 12:10:20 INFO  truts.ContextLoaderPlugIn [@] ContextLoaderPlugIn for Struts ActionServlet 'action, module '': initialization started
210808 12:10:20 INFO  na].[localhost].[/client] [@] Initializing WebApplicationContext for Struts ActionServlet 'action', module ''
210808 12:10:20 INFO  l.XmlBeanDefinitionReader [@] Loading XML bean definitions from ServletContext resource [/WEB-INF/applicationContext.xml]
210808 12:10:20 INFO  .XmlWebApplicationContext [@] Bean factory for application context [WebApplicationContext for namespace 'action-servlet']: org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [/eventScheduled,intercepteur,autoProxyCreator,pullServiceSecurityInterceptor,serviceFactory,pullService,pullServiceSecure,filterChainProxy,loggingFilter,httpSessionContextIntegrationFilter,authenticationProcessingFilter,myAuthenticationManager,serviceRegistryFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,httpRequestAccessDecisionManager,roleVoter,authenticationProcessingFilterEntryPoint]; parent: org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [/eventScheduled,intercepteur,autoProxyCreator,pullServiceSecurityInterceptor,serviceFactory,pullService,pullServiceSecure,filterChainProxy,loggingFilter,httpSessionContextIntegrationFilter,authenticationProcessingFilter,myAuthenticationManager,serviceRegistryFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,httpRequestAccessDecisionManager,roleVoter,authenticationProcessingFilterEntryPoint]; root of BeanFactory hierarchy
210808 12:10:20 INFO  .XmlWebApplicationContext [@] 19 beans defined in application context [WebApplicationContext for namespace 'action-servlet']
210808 12:10:20 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'autoProxyCreator'
210808 12:10:20 INFO  .XmlWebApplicationContext [@] Unable to locate MessageSource with name 'messageSource': using default [org.springframework.context.support.DelegatingMessageSource@1e9d0cc]
210808 12:10:20 INFO  .XmlWebApplicationContext [@] Unable to locate ApplicationEventMulticaster with name 'applicationEventMulticaster': using default [org.springframework.context.event.SimpleApplicationEventMulticaster@18b0b4a]
210808 12:10:20 INFO  UiApplicationContextUtils [@] No ThemeSource found for [WebApplicationContext for namespace 'action-servlet']: using ResourceBundleThemeSource
210808 12:10:20 INFO  efaultListableBeanFactory [@] Pre-instantiating singletons in factory [org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [/eventScheduled,intercepteur,autoProxyCreator,pullServiceSecurityInterceptor,serviceFactory,pullService,pullServiceSecure,filterChainProxy,loggingFilter,httpSessionContextIntegrationFilter,authenticationProcessingFilter,myAuthenticationManager,serviceRegistryFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,httpRequestAccessDecisionManager,roleVoter,authenticationProcessingFilterEntryPoint]; parent: org.springframework.beans.factory.support.DefaultListableBeanFactory defining beans [/eventScheduled,intercepteur,autoProxyCreator,pullServiceSecurityInterceptor,serviceFactory,pullService,pullServiceSecure,filterChainProxy,loggingFilter,httpSessionContextIntegrationFilter,authenticationProcessingFilter,myAuthenticationManager,serviceRegistryFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,httpRequestAccessDecisionManager,roleVoter,authenticationProcessingFilterEntryPoint]; root of BeanFactory hierarchy]
210808 12:10:20 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean '/eventScheduled'
210808 12:10:20 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'intercepteur'
210808 12:10:20 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'myAuthenticationManager'
210808 12:10:20 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'httpRequestAccessDecisionManager'
210808 12:10:20 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'roleVoter'
210808 12:10:20 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public org.apache.struts.action.ActionForward com.axalto.ws.client.reports.scheduled.event.EventScheduledAction.create(org.apache.struts.action.ActionMapping,org.apache.struts.action.ActionForm,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) throws java.lang.Exception] with attributes [[ROLE_41]]
210808 12:10:20 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public org.apache.struts.action.ActionForward com.axalto.ws.client.reports.scheduled.event.EventScheduledAction.create(org.apache.struts.action.ActionMapping,org.apache.struts.action.ActionForm,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) throws java.lang.Exception] with attributes [[ROLE_41]]
210808 12:10:20 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public org.apache.struts.action.ActionForward com.axalto.ws.client.reports.scheduled.event.EventScheduledAction.modify(org.apache.struts.action.ActionMapping,org.apache.struts.action.ActionForm,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) throws java.lang.Exception] with attributes [[ROLE_42]]
210808 12:10:20 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public org.apache.struts.action.ActionForward com.axalto.ws.client.reports.scheduled.event.EventScheduledAction.modify(org.apache.struts.action.ActionMapping,org.apache.struts.action.ActionForm,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) throws java.lang.Exception] with attributes [[ROLE_42]]
210808 12:10:20 INFO  stractSecurityInterceptor [@] Validated configuration attributes
210808 12:10:20 INFO  stractSecurityInterceptor [@] Validated configuration attributes
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'pullServiceSecurityInterceptor'
210808 12:10:21 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public abstract com.axalto.ws.PullType[] com.axalto.ws.PullsService.getPullTypes(int) throws java.rmi.RemoteException] with attributes [[ROLE_1]]
210808 12:10:21 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public abstract com.axalto.ws.PullType[] com.axalto.ws.PullsService.getPullTypes(int) throws java.rmi.RemoteException] with attributes [[ROLE_1]]
210808 12:10:21 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public abstract void com.axalto.ws.PullsService.setPull(com.axalto.ws.Pull) throws java.rmi.RemoteException,com.axalto.ws.PullServiceException] with attributes [[ROLE_35]]
210808 12:10:21 INFO  ethod.MethodDefinitionMap [@] Adding secure method [public abstract void com.axalto.ws.PullsService.setPull(com.axalto.ws.Pull) throws java.rmi.RemoteException,com.axalto.ws.PullServiceException] with attributes [[ROLE_35]]
210808 12:10:21 INFO  stractSecurityInterceptor [@] Validated configuration attributes
210808 12:10:21 INFO  stractSecurityInterceptor [@] Validated configuration attributes
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'serviceFactory'
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'pullServiceSecure'
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'pullService'
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'filterChainProxy'
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'loggingFilter'
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'httpSessionContextIntegrationFilter'
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'authenticationProcessingFilter'
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'serviceRegistryFilter'
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'anonymousProcessingFilter'
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'exceptionTranslationFilter'
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'authenticationProcessingFilterEntryPoint'
210808 12:10:21 INFO  efaultListableBeanFactory [@] Creating shared instance of singleton bean 'filterInvocationInterceptor'
210808 12:10:21 INFO  stractSecurityInterceptor [@] Validated configuration attributes
210808 12:10:21 INFO  stractSecurityInterceptor [@] Validated configuration attributes
210808 12:10:21 INFO  truts.ContextLoaderPlugIn [@] Using context class 'org.springframework.web.context.support.XmlWebApplicationContext' for servlet 'action'
210808 12:10:21 INFO  truts.ContextLoaderPlugIn [@] ContextLoaderPlugIn for Struts ActionServlet 'action', module '': initialization completed in 321 ms

**julien.dubois** · 21/08/2008, 15h11

OK, ça a l'air correct comme config et comme log de démarrage... Lorsque tu exécutes une des deux méthodes protégées, tu peux mettre ta conf log4j en "debug"? On devrait voir ce que fait Spring Security à ce moment là.

**tentos** · 21/08/2008, 15h18

Je tape l'url : http://localhost:8080/client/eventSc...patcher=create

et j'obtiens la log suivante

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
210808 15:11:27 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [@] Converted URL to lowercase, from: '/eventscheduled.do'; to: '/eventscheduled.do'
210808 15:11:27 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [@] Converted URL to lowercase, from: '/eventscheduled.do'; to: '/eventscheduled.do'
210808 15:11:27 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [@] Candidate is: '/eventscheduled.do'; pattern is /**; matched=true
210808 15:11:27 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [@] Candidate is: '/eventscheduled.do'; pattern is /**; matched=true
210808 15:11:27 DEBUG org.acegisecurity.util.FilterChainProxy [@] /eventScheduled.do?dispatcher=create&id=301 at position 1 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextIntegrationFilter@b29562'
210808 15:11:27 DEBUG org.acegisecurity.util.FilterChainProxy [@] /eventScheduled.do?dispatcher=create&id=301 at position 1 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextIntegrationFilter@b29562'
210808 15:11:27 DEBUG org.acegisecurity.context.HttpSessionContextIntegrationFilter [@] Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@0: Authentication: com.axalto.ws.acegi.WWSAuthentication@0: Username: com.axalto.ws.User@7374bfca; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: B00AAE675459EF24C6E2D66551CDBA57; Granted Authorities: ROLE_0, ROLE_50, ROLE_33, ROLE_20, ROLE_5, ROLE_13, ROLE_24, ROLE_1, ROLE_7, ROLE_4, ROLE_32, ROLE_25, ROLE_40, ROLE_22, ROLE_17, ROLE_21, ROLE_15, ROLE_42, ROLE_12, ROLE_18, ROLE_23, ROLE_6, ROLE_3, ROLE_10, ROLE_31, ROLE_11, ROLE_19, ROLE_16, ROLE_14, ROLE_9, ROLE_2, ROLE_8'
210808 15:11:27 DEBUG org.acegisecurity.context.HttpSessionContextIntegrationFilter [@] Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@0: Authentication: com.axalto.ws.acegi.WWSAuthentication@0: Username: com.axalto.ws.User@7374bfca; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: B00AAE675459EF24C6E2D66551CDBA57; Granted Authorities: ROLE_0, ROLE_50, ROLE_33, ROLE_20, ROLE_5, ROLE_13, ROLE_24, ROLE_1, ROLE_7, ROLE_4, ROLE_32, ROLE_25, ROLE_40, ROLE_22, ROLE_17, ROLE_21, ROLE_15, ROLE_42, ROLE_12, ROLE_18, ROLE_23, ROLE_6, ROLE_3, ROLE_10, ROLE_31, ROLE_11, ROLE_19, ROLE_16, ROLE_14, ROLE_9, ROLE_2, ROLE_8'
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [@] /eventScheduled.do?dispatcher=create&id=301 at position 2 of 7 in additional filter chain; firing Filter: 'com.axalto.ws.acegi.OTPAuthenticationProcessingFilter@5f07e8'
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [@] /eventScheduled.do?dispatcher=create&id=301 at position 2 of 7 in additional filter chain; firing Filter: 'com.axalto.ws.acegi.OTPAuthenticationProcessingFilter@5f07e8'
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [@] /eventScheduled.do?dispatcher=create&id=301 at position 3 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.providers.anonymous.AnonymousProcessingFilter@787ee7'
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [@] /eventScheduled.do?dispatcher=create&id=301 at position 3 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.providers.anonymous.AnonymousProcessingFilter@787ee7'
210808 15:11:28 DEBUG org.acegisecurity.providers.anonymous.AnonymousProcessingFilter [@] SecurityContextHolder not populated with anonymous token, as it already contained: 'com.axalto.ws.acegi.WWSAuthentication@0: Username: com.axalto.ws.User@7374bfca; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: B00AAE675459EF24C6E2D66551CDBA57; Granted Authorities: ROLE_0, ROLE_50, ROLE_33, ROLE_20, ROLE_5, ROLE_13, ROLE_24, ROLE_1, ROLE_7, ROLE_4, ROLE_32, ROLE_25, ROLE_40, ROLE_22, ROLE_17, ROLE_21, ROLE_15, ROLE_42, ROLE_12, ROLE_18, ROLE_23, ROLE_6, ROLE_3, ROLE_10, ROLE_31, ROLE_11, ROLE_19, ROLE_16, ROLE_14, ROLE_9, ROLE_2, ROLE_8'
210808 15:11:28 DEBUG org.acegisecurity.providers.anonymous.AnonymousProcessingFilter [@] SecurityContextHolder not populated with anonymous token, as it already contained: 'com.axalto.ws.acegi.WWSAuthentication@0: Username: com.axalto.ws.User@7374bfca; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: B00AAE675459EF24C6E2D66551CDBA57; Granted Authorities: ROLE_0, ROLE_50, ROLE_33, ROLE_20, ROLE_5, ROLE_13, ROLE_24, ROLE_1, ROLE_7, ROLE_4, ROLE_32, ROLE_25, ROLE_40, ROLE_22, ROLE_17, ROLE_21, ROLE_15, ROLE_42, ROLE_12, ROLE_18, ROLE_23, ROLE_6, ROLE_3, ROLE_10, ROLE_31, ROLE_11, ROLE_19, ROLE_16, ROLE_14, ROLE_9, ROLE_2, ROLE_8'
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [@] /eventScheduled.do?dispatcher=create&id=301 at position 4 of 7 in additional filter chain; firing Filter: 'com.axalto.ws.acegi.LoggingFilter@d37d44'
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [@] /eventScheduled.do?dispatcher=create&id=301 at position 4 of 7 in additional filter chain; firing Filter: 'com.axalto.ws.acegi.LoggingFilter@d37d44'
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [psturc@] /eventScheduled.do?dispatcher=create&id=301 at position 5 of 7 in additional filter chain; firing Filter: 'com.axalto.ws.acegi.ServiceRegistryAcegiIntegrationFilter@c52af8'
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [psturc@] /eventScheduled.do?dispatcher=create&id=301 at position 5 of 7 in additional filter chain; firing Filter: 'com.axalto.ws.acegi.ServiceRegistryAcegiIntegrationFilter@c52af8'
210808 15:11:28 DEBUG com.axalto.ws.acegi.ServiceRegistryAcegiIntegrationFilter [psturc@] Session is org.apache.catalina.session.StandardSessionFacade@882100
210808 15:11:28 DEBUG com.axalto.ws.acegi.ServiceRegistryAcegiIntegrationFilter [psturc@] Session is org.apache.catalina.session.StandardSessionFacade@882100
210808 15:11:28 DEBUG com.axalto.ws.acegi.ServiceRegistryAcegiIntegrationFilter [psturc@] ServiceRegistry stored in session
210808 15:11:28 DEBUG com.axalto.ws.acegi.ServiceRegistryAcegiIntegrationFilter [psturc@] ServiceRegistry stored in session
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [psturc@] /eventScheduled.do?dispatcher=create&id=301 at position 6 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@12eb04e'
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [psturc@] /eventScheduled.do?dispatcher=create&id=301 at position 6 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@12eb04e'
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [psturc@] /eventScheduled.do?dispatcher=create&id=301 at position 7 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@38ddcc'
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [psturc@] /eventScheduled.do?dispatcher=create&id=301 at position 7 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@38ddcc'
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Converted URL to lowercase, from: '/eventscheduled.do'; to: '/eventscheduled.do'
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Converted URL to lowercase, from: '/eventscheduled.do'; to: '/eventscheduled.do'
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /login.vm*; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /login.vm*; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /welcomepage.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /welcomepage.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /secured*; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /secured*; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /welcome.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /welcome.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /getservices.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /updateuser.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /updateuser.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /edituser.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /edituser.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /deleteuser.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /deleteuser.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /createuser.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /createuser.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /listroles.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /listroles.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /userpreferences.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /userpreferences.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /listreturnedmails.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /listreturnedmails.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /listreturnedmailbasket.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /listreturnedmailbasket.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /listreturnedmailinfo.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /listreturnedmailinfo.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /searchcustomeraddress.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /searchcustomeraddress.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /createcustomeraddress.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /createcustomeraddress.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /deletecustomeraddress.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /deletecustomeraddress.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /addtoreturnedmail.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /addtoreturnedmail.do; matched=false
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /eventscheduled.do; matched=true
210808 15:11:28 DEBUG org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap [psturc@] Candidate is: '/eventscheduled.do'; pattern is /eventscheduled.do; matched=true
210808 15:11:28 DEBUG org.acegisecurity.intercept.AbstractSecurityInterceptor [psturc@] Secure object: FilterInvocation: URL: /eventScheduled.do?dispatcher=create&id=301; ConfigAttributes: [ROLE_41, ROLE_42, ROLE_43]
210808 15:11:28 DEBUG org.acegisecurity.intercept.AbstractSecurityInterceptor [psturc@] Secure object: FilterInvocation: URL: /eventScheduled.do?dispatcher=create&id=301; ConfigAttributes: [ROLE_41, ROLE_42, ROLE_43]
210808 15:11:28 DEBUG org.acegisecurity.intercept.AbstractSecurityInterceptor [psturc@] Previously Authenticated: com.axalto.ws.acegi.WWSAuthentication@0: Username: com.axalto.ws.User@7374bfca; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: B00AAE675459EF24C6E2D66551CDBA57; Granted Authorities: ROLE_0, ROLE_50, ROLE_33, ROLE_20, ROLE_5, ROLE_13, ROLE_24, ROLE_1, ROLE_7, ROLE_4, ROLE_32, ROLE_25, ROLE_40, ROLE_22, ROLE_17, ROLE_21, ROLE_15, ROLE_42, ROLE_12, ROLE_18, ROLE_23, ROLE_6, ROLE_3, ROLE_10, ROLE_31, ROLE_11, ROLE_19, ROLE_16, ROLE_14, ROLE_9, ROLE_2, ROLE_8
210808 15:11:28 DEBUG org.acegisecurity.intercept.AbstractSecurityInterceptor [psturc@] Previously Authenticated: com.axalto.ws.acegi.WWSAuthentication@0: Username: com.axalto.ws.User@7374bfca; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: B00AAE675459EF24C6E2D66551CDBA57; Granted Authorities: ROLE_0, ROLE_50, ROLE_33, ROLE_20, ROLE_5, ROLE_13, ROLE_24, ROLE_1, ROLE_7, ROLE_4, ROLE_32, ROLE_25, ROLE_40, ROLE_22, ROLE_17, ROLE_21, ROLE_15, ROLE_42, ROLE_12, ROLE_18, ROLE_23, ROLE_6, ROLE_3, ROLE_10, ROLE_31, ROLE_11, ROLE_19, ROLE_16, ROLE_14, ROLE_9, ROLE_2, ROLE_8
210808 15:11:28 DEBUG org.acegisecurity.intercept.AbstractSecurityInterceptor [psturc@] Authorization successful
210808 15:11:28 DEBUG org.acegisecurity.intercept.AbstractSecurityInterceptor [psturc@] Authorization successful
210808 15:11:28 DEBUG org.acegisecurity.intercept.AbstractSecurityInterceptor [psturc@] RunAsManager did not change Authentication object
210808 15:11:28 DEBUG org.acegisecurity.intercept.AbstractSecurityInterceptor [psturc@] RunAsManager did not change Authentication object
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [psturc@] /eventScheduled.do?dispatcher=create&id=301 reached end of additional filter chain; proceeding with original chain
210808 15:11:28 DEBUG org.acegisecurity.util.FilterChainProxy [psturc@] /eventScheduled.do?dispatcher=create&id=301 reached end of additional filter chain; proceeding with original chain
210808 15:11:28 DEBUG org.acegisecurity.intercept.AbstractSecurityInterceptor [psturc@] Public object - authentication not attempted
210808 15:11:28 DEBUG org.acegisecurity.intercept.AbstractSecurityInterceptor [psturc@] Public object - authentication not attempted
210808 15:11:28 INFO  com.axalto.ws.client.ServiceHandler [psturc@] Calling Web Service; Class= ReportsService, End Point=http://localhost:8080/server/services/ReportsService
210808 15:11:28 INFO  com.axalto.ws.client.ServiceHandler [psturc@] Getting Qualified Name: {http://axalto.com/ns/wws/2/0}ReportsService
210808 15:11:28 INFO  com.axalto.ws.client.ServiceHandler [psturc@] Adding user in Service Handler: psturc
210808 15:11:28 INFO  com.axalto.ws.client.ServiceHandler [psturc@] Calling Web Service; Class= EventScheduledService, End Point=http://localhost:8080/server/services/EventScheduledService
210808 15:11:28 INFO  com.axalto.ws.client.ServiceHandler [psturc@] Getting Qualified Name: {http://axalto.com/ns/wws/2/0}EventScheduledService
210808 15:11:28 INFO  com.axalto.ws.client.ServiceHandler [psturc@] Adding user in Service Handler: psturc
210808 15:11:28 INFO  com.axalto.ws.velocity.ServiceHookTool [psturc@] ServiceHookTool initialized. Registry = com.axalto.ws.services.ServiceRegistry@1e01885
210808 15:11:28 INFO  com.axalto.ws.velocity.ExtensionPointTool [psturc@] ServiceHookTool initialized. Registry = com.axalto.ws.services.ServiceRegistry@1e01885
210808 15:11:28 INFO  com.axalto.ws.velocity.AcegiSecurityTool [psturc@] AcegiSecurityTool initialized.
210808 15:11:28 INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/client] [psturc@]  Velocity   [info] ResourceManager : found /page/event/eventScheduled.vm with loader org.apache.velocity.tools.view.servlet.WebappLoader
210808 15:11:28 INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/client] [psturc@]  Velocity  [error] Left side ($eventform.eventParamId) of '==' operation has null value. If a reference, it may not be in the context. Operation not possible. /page/event/eventScheduled.vm [line 172, column 148]
210808 15:11:28 INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/client] [psturc@]  Velocity  [error] Left side ($eventform.eventParamId) of '==' operation has null value. If a reference, it may not be in the context. Operation not possible. /page/event/eventScheduled.vm [line 172, column 148]
210808 15:11:28 INFO  com.axalto.ws.velocity.ServiceHookTool [psturc@] ServiceHookTool initialized. Registry = com.axalto.ws.services.ServiceRegistry@1e01885
210808 15:11:28 INFO  com.axalto.ws.velocity.ExtensionPointTool [psturc@] ServiceHookTool initialized. Registry = com.axalto.ws.services.ServiceRegistry@1e01885
210808 15:11:28 INFO  com.axalto.ws.velocity.AcegiSecurityTool [psturc@] AcegiSecurityTool initialized.
210808 15:11:28 INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/client] [psturc@]  Velocity   [info] ResourceManager : found /decorators/velocity.vm with loader org.apache.velocity.tools.view.servlet.WebappLoader
210808 15:11:28 INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/client] [psturc@]  Velocity   [info] ResourceManager : found css/main.css with loader org.apache.velocity.tools.view.servlet.WebappLoader
210808 15:11:28 INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/client] [psturc@]  Velocity   [info] ResourceManager : found css/main_print.css with loader org.apache.velocity.tools.view.servlet.WebappLoader
210808 15:11:28 INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/client] [psturc@]  Velocity   [info] ResourceManager : found loginbar.vm with loader org.apache.velocity.tools.view.servlet.WebappLoader
210808 15:11:28 INFO  com.axalto.ws.services.ServiceRegistry [psturc@] Invoking hook 'Menu' on service'com.axalto.ws.client.OrderServiceUI@1b766c1' with parameter '[Ljava.lang.String;@129650b'
210808 15:11:28 INFO  com.axalto.ws.services.ServiceRegistry [psturc@] Invoking hook 'Menu' on service'com.axalto.ws.client.CardServiceUI@1bb0ff0' with parameter '[Ljava.lang.String;@129650b'
210808 15:11:28 INFO  com.axalto.ws.services.ServiceRegistry [psturc@] Invoking hook 'Menu' on service'com.axalto.ws.client.PullServiceUI@135779' with parameter '[Ljava.lang.String;@129650b'
210808 15:11:28 INFO  com.axalto.ws.services.ServiceRegistry [psturc@] Invoking hook 'Menu' on service'com.axalto.ws.client.PullReportServiceUI@1d40164' with parameter '[Ljava.lang.String;@129650b'
210808 15:11:28 INFO  com.axalto.ws.services.ServiceRegistry [psturc@] Invoking hook 'Menu' on service'com.axalto.ws.client.ReturnedMailServiceUI@1a768de' with parameter '[Ljava.lang.String;@129650b'
210808 15:11:28 INFO  com.axalto.ws.services.ServiceRegistry [psturc@] Invoking hook 'Menu' on service'com.axalto.ws.client.ReturnedMailReportServiceUI@1d5e778' with parameter '[Ljava.lang.String;@129650b'
210808 15:11:28 INFO  com.axalto.ws.services.ServiceRegistry [psturc@] Invoking hook 'Menu' on service'com.axalto.ws.client.reports.ReportServiceUI@4f7b4c' with parameter '[Ljava.lang.String;@129650b'
210808 15:11:28 INFO  com.axalto.ws.services.ServiceRegistry [psturc@] Invoking hook 'Menu' on service'com.axalto.ws.client.UserAdminServiceUI@27f221' with parameter '[Ljava.lang.String;@129650b'
210808 15:11:28 INFO  com.axalto.ws.services.ServiceRegistry [psturc@] Invoking hook 'Menu' on service'com.axalto.ws.client.UserPreferencesUI@8980b7' with parameter '[Ljava.lang.String;@129650b'
210808 15:11:28 INFO  com.axalto.ws.services.ServiceRegistry [psturc@] Invoking hook 'Menu' on service'com.axalto.ws.client.AdminRolesServiceUI@1619bca' with parameter '[Ljava.lang.String;@129650b'
210808 15:11:28 INFO  com.axalto.ws.services.ServiceRegistry [psturc@] Invoking hook 'Menu' on service'com.axalto.ws.client.reports.scheduled.event.EventScheduledServiceUI@13b0106' with parameter '[Ljava.lang.String;@129650b'
210808 15:11:28 INFO  com.axalto.ws.services.ServiceRegistry [psturc@] Invoking hook 'Menu' on service'com.axalto.ws.client.reports.scheduled.report.ReportScheduledServiceUI@c03bcd' with parameter '[Ljava.lang.String;@129650b'
210808 15:11:28 DEBUG org.acegisecurity.ui.ExceptionTranslationFilter [psturc@] Chain processed normally
210808 15:11:28 DEBUG org.acegisecurity.ui.ExceptionTranslationFilter [psturc@] Chain processed normally
210808 15:11:28 DEBUG org.acegisecurity.context.HttpSessionContextIntegrationFilter [@] SecurityContextHolder set to new context, as request processing completed
210808 15:11:28 DEBUG org.acegisecurity.context.HttpSessionContextIntegrationFilter [@] SecurityContextHolder set to new context, as request processing completed

**julien.dubois** · 21/08/2008, 17h22

De ce que je lis :
- Les utilisateurs ayant le role "ROLE_42" ont le droit d'éxecuter la méthode "create"
- Ton utilisateur possède ce role (voir la partie "Granted Authorities")

Donc c'est normal que tu puisses accéder à cette page.

Je me trompe quelque part?

**julien.dubois** · 22/08/2008, 09h07

Je suis d'accord avec ce que tu dis à propos de ta configuration, mais dans ton log on voit également :

210808 15:11:28 DEBUG org.acegisecurity.intercept.AbstractSecurityInterceptor [psturc@] Secure object: FilterInvocation: URL: /eventScheduled.do?dispatcher=create&id=301; ConfigAttributes: [ROLE_41, ROLE_42, ROLE_43]

Etant donné que c'est le seul endroit où l'on voit le "ROLE_43", est-ce que tu as bien posté toute ta conf?

**tentos** · 22/08/2008, 09h35

En effet j'ai également rajouté un filtre sur mes url

voici tout mon appication context

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
 
<beans>
 
	<bean name="/eventScheduled" class="com.axalto.ws.client.reports.scheduled.event.EventScheduledAction" />
	<bean id="intercepteur" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
		<property name="validateConfigAttributes">
			<value>true</value>
		</property>
		<property name="authenticationManager" ref="myAuthenticationManager"/>
		<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
		<property name="objectDefinitionSource">
			<value>
				com.axalto.ws.client.reports.scheduled.event.EventScheduledAction.create*=ROLE_41
				com.axalto.ws.client.reports.scheduled.event.EventScheduledAction.modify*=ROLE_42
			</value>
		</property>
	</bean>
	<bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
		<property name="interceptorNames">
			<list>
				<value>intercepteur</value>
			</list>
		</property>
		<property name="beanNames">
			<list>
				<value>/eventScheduled</value>
			</list>
		</property>
	</bean>   
 
    <bean id="pullServiceSecurityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
        <property name="authenticationManager" ref="myAuthenticationManager"/>
        <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
        <property name="objectDefinitionSource">
            <value>
                com.axalto.ws.PullsService.getPullTypes=ROLE_1
                com.axalto.ws.PullsService.setPull=ROLE_35
            </value>
        </property>
    </bean> 
 
    <bean id="serviceFactory" class="com.axalto.ws.client.ServiceHandler"/>
 
    <bean id="pullService" factory-bean="serviceFactory" factory-method="createService">
        <constructor-arg index="0" type="java.lang.String">
            <value>com.axalto.ws.PullsService</value>
         </constructor-arg> 
         <constructor-arg index="1" type="java.lang.String">
            <value>http://localhost:8080/server/services/PullsService</value>
         </constructor-arg> 
    </bean>
 
    <!-- ================================================================== -->
    <!--   Secured proxy to the Pull Service.                               -->
    <!--   Access controled by Acegi via the security interceptor           -->
    <!--   Get always this bean to accees the service                       -->
    <!--           ServiceHandler.getService("pullServiceSecure")           -->
    <bean id="pullServiceSecure" class="org.springframework.aop.framework.ProxyFactoryBean">
        <property name="target" ref="pullService"/>
        <property name="interceptorNames">
            <idref local="pullServiceSecurityInterceptor" />
        </property>
    </bean>
 
   <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
      <property name="filterInvocationDefinitionSource">
         <value>
	    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
	    PATTERN_TYPE_APACHE_ANT
	    /**=httpSessionContextIntegrationFilter, authenticationProcessingFilter, anonymousProcessingFilter, loggingFilter,serviceRegistryFilter, exceptionTranslationFilter, filterInvocationInterceptor
         </value>
      </property>
    </bean>
 
  
  <bean id="loggingFilter" class="com.axalto.ws.acegi.LoggingFilter">      
  </bean>
  
  <!-- The first item in the Chain: httpSessionContextIntegrationFilter -->
  <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
      <property name="context">
	      <value>org.acegisecurity.context.SecurityContextImpl</value>
      </property>
  </bean>
 
  
  <!-- the second item in the chain: authenticationProcessingFilter -->
  <!-- PS: 30/11/2006  OTPAuthenticationProcessingFilter uses separated field for OTP -->
  <!-- <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> -->
   <bean id="authenticationProcessingFilter" class="com.axalto.ws.acegi.OTPAuthenticationProcessingFilter">
      <property name="authenticationManager"><ref bean="myAuthenticationManager"/></property>
      <property name="authenticationFailureUrl"><value>/login.vm?login_error=1</value></property>
      <property name="defaultTargetUrl"><value>/welcomePage.do</value></property>
      <property name="alwaysUseDefaultTargetUrl"><value>false</value></property>
      <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
   </bean>
 
 
   <bean id="myAuthenticationManager" class="com.axalto.ws.acegi.WWSAuthenticationManager"/>
 
   <bean id="serviceRegistryFilter" class="com.axalto.ws.acegi.ServiceRegistryAcegiIntegrationFilter"/>
 
   <!-- the third item in the chain: anonymousProcessingFilter -->   
   <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
      <property name="key"><value>foobar</value></property>
      <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
   </bean>
 
   <!-- the fourth item in the chain: securityEnforcementFilter -->  
   <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
      <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
   </bean>
 
 
   <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
      <property name="authenticationManager"><ref bean="myAuthenticationManager"/></property>
      <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
      <property name="objectDefinitionSource">
         <value>
			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
			    PATTERN_TYPE_APACHE_ANT
			    /login.vm*=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMIN,ROLE_0
                	    /welcomepage.do=ROLE_0
			    /secured*=ROLE_ADMIN
                	    /welcome.do=ROLE_0
			    /listorders.do=ROLE_1
			    /listcards.do=ROLE_2
			    /addtopull.do=ROLE_3
			    /listpulltypes.do=ROLE_3
			    /setpulltype.do=ROLE_3
			    /listpullbasket.do=ROLE_3
			    /sendpulls.do=ROLE_3
			    /listpulls.do=ROLE_4
                	    /cancelpulls.do=ROLE_21
			    /uploadpullbasket.do=ROLE_22
			    /exportcsv.do=ROLE_5
			    /listreports.do=ROLE_6
			    /viewreport.do=ROLE_6
			    /showparams.do=ROLE_6
			    /execreport.do=ROLE_6
			    /execreport_params.do=ROLE_6
			    /deletereport.do=ROLE_12
			    /newreport.do=ROLE_10
			    /newreport_session.do=ROLE_10
                            /createreport.do=ROLE_10
			    /editreport.do=ROLE_11	
			    /updatereport.do=ROLE_11
			    /showimage.do=ROLE_6
			    /listusers.do=ROLE_7
			    /getservices.do=ROLE_7
			    /updateuser.do=ROLE_7
			    /edituser.do=ROLE_7
			    /deleteuser.do=ROLE_7
			    /createuser.do=ROLE_7
                            /listroles.do=ROLE_13
			    /userpreferences.do=ROLE_9
			    /listreturnedmails.do=ROLE_19
			    /listreturnedmailbasket.do=ROLE_19
			     /listreturnedmailinfo.do=ROLE_19
			    /searchcustomeraddress.do=ROLE_31
			    /createcustomeraddress.do=ROLE_32
			    /deletecustomeraddress.do=ROLE_33
 			    /addtoreturnedmail.do=ROLE_19
 			    /eventscheduled.do=ROLE_41,ROLE_42,ROLE_43
				/listeventscheduled.do=ROLE_40
				/listreportscheduled.do=ROLE_50
			    /reportscheduled.do*=ROLE_51,ROLE_52,ROLE_53,ROLE_54
				/schedule.do*=ROLE_40,ROLE_50
			    /*.do*=ROLE_999
         </value>
      </property>
   </bean>
 
   <!-- authenticationManager defined above -->
 
   <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
      <property name="allowIfAllAbstainDecisions"><value>false</value></property>
      <property name="decisionVoters">
         <list>
            <ref bean="roleVoter"/>
         </list>
      </property>
   </bean>
 
   <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>
 
  <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
      <property name="loginFormUrl"><value>/login.vm</value></property>
      <property name="forceHttps"><value>false</value></property>
  </bean>
 
</beans>

[Acegi] DispatchActionSupport

Spring Web Java

Vue hybride

Discussions similaires

Partager

Partager