users@glassfish.java.net

Re: tough exception to crack...

From: Jan Luehe <Jan.Luehe_at_Sun.COM>
Date: Mon, 06 Feb 2006 16:09:32 -0800

Vince.Kraemer_at_Sun.COM wrote On 02/06/06 15:55,:
>
> ----- Original Message -----
> From: vince.kraemer_at_Sun.COM
> Date: Monday, February 6, 2006 1:48 pm
> Subject: Re: tough exception to crack...
>
>
>>Okay.
>>
>>I will give that a shot.
>>
>>Hopefully, I will be able to find out what is causing the problem.
>>
>>Stay tuned for more info.
>
>
> Going to 'Fine' exposed the problem...
>
> Caused by: java.lang.ClassCastException: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
> at com.sun.web.server.J2EEInstanceListener.handleBeforeEvent(J2EEInstanceListener.java:152)
> at com.sun.web.server.J2EEInstanceListener.instanceEvent(J2EEInstanceListener.java:90)
> at org.apache.catalina.util.InstanceSupport.fireInstanceEvent(InstanceSupport.java:195)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:198)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:61)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:167)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163)
> at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:292)
> at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:108)
> at org.acegisecurity.intercept.web.SecurityEnforcementFilter.doFilter(SecurityEnforcementFilter.java:197)
>
>
> It appears that this has been around for a while...
>
> See: http://www.jroller.com/page/agrebnev?entry=acegi_does_not_work_at
>
> This affects AtLeap. I have run into this using 'AppFuse' as my "starter".

OK, this is the same issue as

  https://glassfish.dev.java.net/issues/show_bug.cgi?id=221

Can someone from security check how this was fixed in AS 7.x, and
see if the fix can be safely ported to GF?


Jan


>
> Thanks,
> vbk
>
>
>>vbk
>>
>>----- Original Message -----
>>From: Jan Luehe <Jan.Luehe_at_Sun.COM>
>>[snip]
>>
>>>There could be 2 reasone why the stack is empty in your case: either
>>>preInvoke() was not called, or postInvoke() was called twice in a
>>>row.
>>>
>>>Fortunately, J2EEInstanceListener prints out the events it receives
>>>(which trigger a preInvoke() or a postInvoke()):
>>>
>>> public void instanceEvent(InstanceEvent event) {
>>> String eventType = event.getType();
>>> if(_logger.isLoggable(Level.FINEST)) {
>>> _logger.log(Level.FINEST,"*** InstanceEvent: " +
>>>eventType); }
>>>
>>>Can you set your web-container logging to FINEST and grep for
>>>InstanceEvent in your log?
>>
>>Will do.
>>
>>
>>--------------------------------------------------------------------
>>-
>>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>