Discussion :

[night59]

Bonjour à tous,

Je travaille en ce moment sur une application Spring-Hibernate-GWT et j'utilise Spring Security pour l'authentification.

En mode développement, je n'ai pas de problème : tout fonctionne comme sur des roulettes !

Mais lorsque je génère un war (avec mvn package) et que je le déploie sur mon serveur tomcat, j'accède à la page de login mais je n'arrive pas à m'authentifier ...

j'ai fait de nombreux contôles (base de donées bien connecté, encodage des mots de passe correcte, ...) mais rien n'y fait. quelqu'un aurait-il déjà eu et résolu ce genre de soucis ??

pour info, voici mon layer-sécurity.xml :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 
<global-method-security secured-annotations="enabled">
	</global-method-security>
 
	<http auto-config="true">
		<intercept-url pattern="/**" access="ROLE_BASE_PROD_WRITE,ROLE_BASE_PROD_READ,ROLE_ANALYSE_GRILLES_WRITE,ROLE_ANALYSE_GRILLES_READ,ROLE_SAISIE_GRILLES_READ,ROLE_SAISIE_GRILLES_WRITE" />
		<intercept-url pattern="/jsp/authentification.jsp" filters="none" />
		<form-login login-page="/jsp/authentification.jsp" default-target-url="/monAppli.html" authentication-failure-url="/jsp/authentification.jsp?login_error=1" />
 
	<logout/>
	</http>
 
	<authentication-manager>
		<authentication-provider>
			<password-encoder hash="md5"/>
			<jdbc-user-service data-source-ref="dataSource" users-by-username-query="SELECT id_utilisateur,mot_de_passe,is_admin FROM utilisateur WHERE id_utilisateur=?" authorities-by-username-query="SELECT id_utilisateur,cod_role FROM role_utilisateur WHERE id_utilisateur=?"/>
		</authentication-provider>
	</authentication-manager>

Les logs lors de la connexion local :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
DEBUG 2010-08-05 17:07:32,099 FilterChainProxy - Converted URL to lowercase, from: '/monappli.html'; to: '/monappli.html'
DEBUG 2010-08-05 17:07:32,099 FilterChainProxy - Candidate is: '/monappli.html'; pattern is /jsp/authentification.jsp; matched=false
DEBUG 2010-08-05 17:07:32,099 FilterChainProxy - Converted URL to lowercase, from: '/monappli.html'; to: '/monappli.html'
DEBUG 2010-08-05 17:08:17,302 FilterChainProxy - Converted URL to lowercase, from: '/jsp/j_spring_security_check'; to: '/jsp/j_spring_security_check'
DEBUG 2010-08-05 17:08:17,302 FilterChainProxy - Candidate is: '/jsp/j_spring_security_check'; pattern is /jsp/authentification.jsp; matched=false
DEBUG 2010-08-05 17:08:17,302 FilterChainProxy - Converted URL to lowercase, from: '/jsp/j_spring_security_check'; to: '/jsp/j_spring_security_check'
DEBUG 2010-08-05 17:08:17,302 FilterChainProxy - Candidate is: '/jsp/j_spring_security_check'; pattern is /**; matched=true
DEBUG 2010-08-05 17:08:17,302 FilterChainProxy - /jsp/j_spring_security_check at position 1 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@f07933'
DEBUG 2010-08-05 17:08:17,302 HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
DEBUG 2010-08-05 17:08:17,302 HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.mortbay.jetty.servlet.HashSessionManager$Session:96bcy2gl0wr5@1914345. A new one will be created.
DEBUG 2010-08-05 17:08:17,302 FilterChainProxy - /jsp/j_spring_security_check at position 2 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@b9a8d8'
DEBUG 2010-08-05 17:08:17,302 FilterChainProxy - /jsp/j_spring_security_check at position 3 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@fc39cd'
DEBUG 2010-08-05 17:08:17,302 UsernamePasswordAuthenticationFilter - Request is to process authentication
DEBUG 2010-08-05 17:08:17,302 ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG 2010-08-05 17:08:17,302 JdbcTemplate - Executing prepared SQL query
DEBUG 2010-08-05 17:08:17,302 JdbcTemplate - Executing prepared SQL statement [select id_utilisateur,mot_de_passe,is_admin from utilisateur where id_utilisateur=?]
DEBUG 2010-08-05 17:08:17,302 DataSourceUtils - Fetching JDBC Connection from DataSource
DEBUG 2010-08-05 17:08:17,302 StatementCreatorUtils - Setting SQL statement parameter value: column index 1, parameter value [admin], value class [java.lang.String], SQL type unknown
DEBUG 2010-08-05 17:08:17,302 DataSourceUtils - Returning JDBC Connection to DataSource
DEBUG 2010-08-05 17:08:17,302 JdbcTemplate - Executing prepared SQL query
DEBUG 2010-08-05 17:08:17,302 JdbcTemplate - Executing prepared SQL statement [select id_utilisateur,cod_role from role_utilisateur where id_utilisateur=?]
DEBUG 2010-08-05 17:08:17,302 DataSourceUtils - Fetching JDBC Connection from DataSource
DEBUG 2010-08-05 17:08:17,302 StatementCreatorUtils - Setting SQL statement parameter value: column index 1, parameter value [admin], value class [java.lang.String], SQL type unknown
DEBUG 2010-08-05 17:08:17,317 DataSourceUtils - Returning JDBC Connection to DataSource
DEBUG 2010-08-05 17:08:17,317 XmlWebApplicationContext - Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationSuccessEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@813d62a5: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ANALYSE_GRILLES_WRITE,ROLE_BASE_PROD_WRITE,ROLE_SAISIE_GRILLES_WRITE; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 96bcy2gl0wr5; Granted Authorities: ROLE_ANALYSE_GRILLES_WRITE, ROLE_BASE_PROD_WRITE, ROLE_SAISIE_GRILLES_WRITE]
DEBUG 2010-08-05 17:08:17,317 SessionFixationProtectionStrategy - Invalidating session with Id '96bcy2gl0wr5' and migrating attributes.
DEBUG 2010-08-05 17:08:17,317 SessionFixationProtectionStrategy - Started new session: oajb5lyjn85z
DEBUG 2010-08-05 17:08:17,317 UsernamePasswordAuthenticationFilter - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@813d62a5: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ANALYSE_GRILLES_WRITE,ROLE_BASE_PROD_WRITE,ROLE_SAISIE_GRILLES_WRITE; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 96bcy2gl0wr5; Granted Authorities: ROLE_ANALYSE_GRILLES_WRITE, ROLE_BASE_PROD_WRITE, ROLE_SAISIE_GRILLES_WRITE
DEBUG 2010-08-05 17:08:17,317 XmlWebApplicationContext - Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@813d62a5: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ANALYSE_GRILLES_WRITE,ROLE_BASE_PROD_WRITE,ROLE_SAISIE_GRILLES_WRITE; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 96bcy2gl0wr5; Granted Authorities: ROLE_ANALYSE_GRILLES_WRITE, ROLE_BASE_PROD_WRITE, ROLE_SAISIE_GRILLES_WRITE]
DEBUG 2010-08-05 17:08:17,317 SavedRequestAwareAuthenticationSuccessHandler - Redirecting to DefaultSavedRequest Url: http://127.0.0.1:8888/monAppli.html

et celle sous tomcat (vous remarquerez qu'il ne lance pas la requete SQL en base...) :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
DEBUG 2010-08-05 17:23:49,190 FilterChainProxy - Converted URL to lowercase, from: '/monappli.html'; to: '/monappli.html'
DEBUG 2010-08-05 17:23:49,190 FilterChainProxy - Candidate is: '/monappli.html'; pattern is /jsp/authentification.jsp; matched=false
DEBUG 2010-08-05 17:23:49,190 FilterChainProxy - Converted URL to lowercase, from: '/monappli.html'; to: '/monappli.html'
DEBUG 2010-08-05 17:23:49,190 FilterChainProxy - Candidate is: '/monappli.html'; pattern is /**; matched=true
DEBUG 2010-08-05 17:23:49,206 FilterChainProxy - /monappli.html at position 1 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@6601bb'
DEBUG 2010-08-05 17:23:49,206 HttpSessionSecurityContextRepository - No HttpSession currently exists
DEBUG 2010-08-05 17:23:49,206 HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
DEBUG 2010-08-05 17:23:49,206 FilterChainProxy - /monAppli.html at position 2 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@1e11af'
DEBUG 2010-08-05 17:23:49,206 FilterChainProxy - /monAppli.html at position 3 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1b15f8'
DEBUG 2010-08-05 17:23:49,206 FilterChainProxy - /monAppli.html at position 4 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@3f52fd'
DEBUG 2010-08-05 17:23:49,206 FilterChainProxy - /monAppli.html at position 5 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@1618412'
DEBUG 2010-08-05 17:23:49,206 FilterChainProxy - /monAppli.html at position 6 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@125eec4'
DEBUG 2010-08-05 17:23:49,221 FilterChainProxy - /monAppli.html at position 7 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1a7056c'
DEBUG 2010-08-05 17:23:49,221 AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
DEBUG 2010-08-05 17:23:49,221 FilterChainProxy - /monAppli.html at position 8 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@551306'
DEBUG 2010-08-05 17:23:49,221 FilterChainProxy - /monAppli.html at position 9 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@153f122'
DEBUG 2010-08-05 17:23:49,221 FilterChainProxy - /monAppli.html at position 10 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1fc2741'
DEBUG 2010-08-05 17:23:49,221 DefaultFilterInvocationSecurityMetadataSource - Converted URL to lowercase, from: '/monAppli.html'; to: '/monAppli.html'
DEBUG 2010-08-05 17:23:49,221 DefaultFilterInvocationSecurityMetadataSource - Candidate is: '/monAppli.html'; pattern is /**; matched=true
DEBUG 2010-08-05 17:23:49,221 FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /monAppli.html; Attributes: [ROLE_BASE_PROD_WRITE, ROLE_BASE_PROD_READ, ROLE_ANALYSE_GRILLES_WRITE, ROLE_BASE_PROD_READ, ROLE_SAISIE_GRILLES_READ, ROLE_ANALYSE_GRILLES_READ]
DEBUG 2010-08-05 17:23:49,221 FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
DEBUG 2010-08-05 17:23:49,221 AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@1752dd5, returned: -1
DEBUG 2010-08-05 17:23:49,221 AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@141451, returned: 0
DEBUG 2010-08-05 17:23:49,253 ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
...
...

merci d'avance pour vos retours !
night

[benwit]

Je n'ai pas utilité Spring Security mais j'observe les différences suivantes :

En local :
Jetty utilisé
Tu passes par 2 filtres :
LogoutFilter
UsernamePasswordAuthenticationFilter

En déployé :
Tomcat utilisé
Tu passes par des filtres suppémentaires (5 en tout) :
dont un AnonymousAuthenticationFilter

Ce serait pas lui qui te fouterai le box ?

[night59]

Hello Benwit,

Merci pour ta réponse !
tu y étais presque... ta réponse m'a mis sur la bonne voie !

c'est en effet dû à la différence entre les serveurs Jetty et Tomcat.

en gros le retour du formulaire de log-in n'était pas interprété de la même manière : url relative sur Jetty et url absolue sur tomcat.

Pour les personnes qui tomberais sur le même problème voici le formulaire que j'avais copier sur le site de spring :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

<form name='form' action="/j_spring_security_check" method="POST">

et voici ce qu'il m'a fallu mettre pour que ce soit compatible quelque soit le serveur :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

<form name='form' action="<c:url value="/j_spring_security_check"/>" method="POST">

Bref, un détail... mais un détail important!!!

Merci encore de m'avoir mis sur la voie
(je commençais à ne plus avoir de cheuveux sur le caillou...)