Acegi wordt gebruikt om een pagina (../filemgmt/downloadPage) te beveiligen. nu is het zo dat indien meerdere gebruikers het zelfde ip adres hebben (2 of meer gebruikers op een lan met hetzelfde externe ip-adres) alle gebruikers na de eerste automatisch de beveiligde pagina te zien krijgen, omdat ACEGI ze authoriseerd als de gebruiker die als eerste inlogde.
Er is geen probleem als een gebruiker een voor de server ander ip-adres heeft, het probleem doet zich enkel voor bij gebruikers vanaf het zelfde ip-adres.
mijn Acegi configuratie is op het moment vrijwel identiek als de configuratie uit de demo/tutorial petclinic applicatie er is enkel een entry toegevoegd om de te beveiligen pagina te beveiligen en om gebruik te maken van een MySQL database.
Het stukje voor Authorisatie voor de pagina "filemgmt/downloadPage wordt enkel voor de eerste pagina uitgevoerd, het komt dus 1 maal in de logfile voor.
Nu ben ik al 2 1/2 dag bezig met uitvogelen/googlen en debuggen van waar het probleem zit en ik heb geen idee...waarom wordt iedere gebruiker na de eerste van hetzelfde domein geauthoriseerd als de eerste ingelogde gebruiker?
Er is geen probleem als een gebruiker een voor de server ander ip-adres heeft, het probleem doet zich enkel voor bij gebruikers vanaf het zelfde ip-adres.
mijn Acegi configuratie is op het moment vrijwel identiek als de configuratie uit de demo/tutorial petclinic applicatie er is enkel een entry toegevoegd om de te beveiligen pagina te beveiligen en om gebruik te maken van een MySQL database.
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
| 15:33:10,703 FilterInvocationDefinitionSourceEditor:setAsText - Detected PATTERN_TYPE_APACHE_ANT directive; using Apache Ant style path expressions
15:33:10,703 FilterInvocationDefinitionSourceEditor:setAsText - Detected CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON directive; Instructing mapper to convert URLs to lowercase before comparison
15:33:10,703 FilterInvocationDefinitionSourceEditor:setAsText - Line 1:
15:33:10,703 FilterInvocationDefinitionSourceEditor:setAsText - Line 2: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
15:33:10,703 FilterInvocationDefinitionSourceEditor:setAsText - Line 3: PATTERN_TYPE_APACHE_ANT
15:33:10,703 FilterInvocationDefinitionSourceEditor:setAsText - Line 4: /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter, anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
15:33:10,703 FilterInvocationDefinitionSourceEditor:setAsText - Line 5:
15:33:10,703 PathBasedFilterInvocationDefinitionMap:addSecureUrl - Added Ant path: /**; attributes: [httpSessionContextIntegrationFilter, logoutFilter, authenticationProcessingFilter, securityContextHolderAwareRequestFilter, anonymousProcessingFilter, exceptionTranslationFilter, filterInvocationInterceptor]
15:33:10,796 RdbmsOperation:compile - RdbmsOperation with SQL [SELECT username,password,enabled FROM users WHERE username = ?] compiled
15:33:10,796 RdbmsOperation:compile - RdbmsOperation with SQL [SELECT username,authority FROM authorities WHERE username = ?] compiled
15:33:10,812 ConfigurationFactory:parseConfiguration - No configuration found. Configuring ehcache from ehcache-failsafe.xml found in the classpath: jar:file:/D:/Webapps/www.semlab.nl/WEB-INF/lib/ehcache-1.2.4.jar!/ehcache-failsafe.xml
15:33:10,968 FilterInvocationDefinitionSourceEditor:setAsText - Detected PATTERN_TYPE_APACHE_ANT directive; using Apache Ant style path expressions
15:33:10,968 FilterInvocationDefinitionSourceEditor:setAsText - Detected CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON directive; Instructing mapper to convert URLs to lowercase before comparison
15:33:10,968 FilterInvocationDefinitionSourceEditor:setAsText - Line 1:
15:33:10,968 FilterInvocationDefinitionSourceEditor:setAsText - Line 2: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
15:33:10,968 FilterInvocationDefinitionSourceEditor:setAsText - Line 3: PATTERN_TYPE_APACHE_ANT
15:33:10,968 FilterInvocationDefinitionSourceEditor:setAsText - Line 4: /filemgmt/login.form=ROLE_USER
15:33:10,968 FilterInvocationDefinitionSourceEditor:setAsText - Line 5: /filemgmt/downloadpage=ROLE_USER
15:33:10,968 FilterInvocationDefinitionSourceEditor:setAsText - Line 6: /acegilogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY
15:33:10,968 FilterInvocationDefinitionSourceEditor:setAsText - Line 7: /images/**=IS_AUTHENTICATED_ANONYMOUSLY
15:33:10,968 FilterInvocationDefinitionSourceEditor:setAsText - Line 8: /**=IS_AUTHENTICATED_ANONYMOUSLY
15:33:10,968 FilterInvocationDefinitionSourceEditor:setAsText - Line 9:
15:33:10,968 PathBasedFilterInvocationDefinitionMap:addSecureUrl - Added Ant path: /filemgmt/login.form; attributes: [ROLE_USER]
15:33:10,968 PathBasedFilterInvocationDefinitionMap:addSecureUrl - Added Ant path: /filemgmt/downloadpage; attributes: [ROLE_USER]
15:33:10,968 PathBasedFilterInvocationDefinitionMap:addSecureUrl - Added Ant path: /acegilogin.jsp; attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
15:33:10,968 PathBasedFilterInvocationDefinitionMap:addSecureUrl - Added Ant path: /images/**; attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
15:33:10,968 PathBasedFilterInvocationDefinitionMap:addSecureUrl - Added Ant path: /**; attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
15:33:10,968 AbstractSecurityInterceptor:afterPropertiesSet - Validated configuration attributes
[...]
[Authorisatie voor de pagina "filemgmt/downloadPage]
[...]
15:33:44,593 PathBasedFilterInvocationDefinitionMap:lookupAttributes - Converted URL to lowercase, from: '/filemgmt/downloadpage'; to: '/filemgmt/downloadpage'
15:33:44,593 PathBasedFilterInvocationDefinitionMap:lookupAttributes - Candidate is: '/filemgmt/downloadpage'; pattern is /**; matched=true
15:33:44,593 FilterChainProxy$VirtualFilterChain:doFilter - /filemgmt/downloadPage at position 1 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextIntegrationFilter@15ca232'
15:33:44,593 HttpSessionContextIntegrationFilter:doFilter - Obtained a valid SecurityContext from ACEGI_SECURITY_CONTEXT to associate with SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@b87944c6: Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@b87944c6: Username: org.acegisecurity.userdetails.User@fc52b100: Username: chris; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@b364: RemoteIpAddress: 193.141.117.242; SessionId: E109D32E19AAD535F2AC550E2CD329E7; Granted Authorities: ROLE_USER'
15:33:44,609 FilterChainProxy$VirtualFilterChain:doFilter - /filemgmt/downloadPage at position 2 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.logout.LogoutFilter@7dac02'
15:33:44,609 FilterChainProxy$VirtualFilterChain:doFilter - /filemgmt/downloadPage at position 3 of 7 in additional filter chain; firing Filter: 'nl.semlab.web.support.core.AuthenticationProcessingFilter@a7d968'
15:33:44,609 FilterChainProxy$VirtualFilterChain:doFilter - /filemgmt/downloadPage at position 4 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter@1b2601c'
15:33:44,609 SavedRequestAwareWrapper:<init> - Wrapper not replaced; SavedRequest was: null
15:33:44,609 FilterChainProxy$VirtualFilterChain:doFilter - /filemgmt/downloadPage at position 5 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.providers.anonymous.AnonymousProcessingFilter@1c3d029'
15:33:44,609 AnonymousProcessingFilter:doFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@b87944c6: Username: org.acegisecurity.userdetails.User@fc52b100: Username: chris; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@b364: RemoteIpAddress: 193.141.117.242; SessionId: E109D32E19AAD535F2AC550E2CD329E7; Granted Authorities: ROLE_USER'
15:33:44,609 FilterChainProxy$VirtualFilterChain:doFilter - /filemgmt/downloadPage at position 6 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@974e4b'
15:33:44,609 FilterChainProxy$VirtualFilterChain:doFilter - /filemgmt/downloadPage at position 7 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@1955dd4'
15:33:44,609 PathBasedFilterInvocationDefinitionMap:lookupAttributes - Converted URL to lowercase, from: '/filemgmt/downloadpage'; to: '/filemgmt/downloadpage'
15:33:44,609 PathBasedFilterInvocationDefinitionMap:lookupAttributes - Candidate is: '/filemgmt/downloadpage'; pattern is /filemgmt/login.form; matched=false
15:33:44,609 PathBasedFilterInvocationDefinitionMap:lookupAttributes - Candidate is: '/filemgmt/downloadpage'; pattern is /filemgmt/downloadpage; matched=true
15:33:44,609 AbstractSecurityInterceptor:beforeInvocation - Secure object: FilterInvocation: URL: /filemgmt/downloadPage; ConfigAttributes: [ROLE_USER]
15:33:44,609 AbstractSecurityInterceptor:beforeInvocation - Previously Authenticated: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@b87944c6: Username: org.acegisecurity.userdetails.User@fc52b100: Username: chris; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@b364: RemoteIpAddress: 193.141.117.242; SessionId: E109D32E19AAD535F2AC550E2CD329E7; Granted Authorities: ROLE_USER
15:33:44,609 AbstractSecurityInterceptor:beforeInvocation - Authorization successful
15:33:44,609 AbstractSecurityInterceptor:beforeInvocation - RunAsManager did not change Authentication object
15:33:44,609 FilterChainProxy$VirtualFilterChain:doFilter - /filemgmt/downloadPage reached end of additional filter chain; proceeding with original chain
15:33:45,375 ExportViewFactory:<init> - Initializing ExportViewFactory with type={csv,excel,xml,pdf}
15:33:45,390 TableProperties:getLocaleResolverInstance - No LocaleResolver configured.
15:33:46,718 ExceptionTranslationFilter:doFilter - Chain processed normally
15:33:46,718 HttpSessionContextIntegrationFilter:doFilter - SecurityContextHolder now cleared, as request processing completed
[...] |
Het stukje voor Authorisatie voor de pagina "filemgmt/downloadPage wordt enkel voor de eerste pagina uitgevoerd, het komt dus 1 maal in de logfile voor.
Nu ben ik al 2 1/2 dag bezig met uitvogelen/googlen en debuggen van waar het probleem zit en ik heb geen idee...waarom wordt iedere gebruiker na de eerste van hetzelfde domein geauthoriseerd als de eerste ingelogde gebruiker?
:strip_exif()/u/4086/avatar3.gif?f=community){kind=avatar}