You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Giovanni Cocco <gi...@gmail.com> on 2010/06/10 16:55:39 UTC
Struts2 and Spring Security problem
Hi,
I'm experiencing some problems in a project based on jAPS (
http://www.japsportal.org). The jAPS backend is based on Struts2.
For integration with a IDM System we introduced SpringSecurity on the
application. The problem is that when Struts2 is executing a result of type
"chain" or of type "redirectAction" there is some problem with result.
In the case of result of type chain the value (mykey) of a Spring Bean of
name privateKey is used as namespace. But there is no explicit reference
from action bean to privateKey bean. I suppose a problem with autowiring...
The log sais:
16:22:53,056 DEBUG DefaultWorkflowInterceptor,http-8080-6:57 - Invoking
validate() on action
it.prova.aps.internalservlet.domande.DomandaAction@3f348a
16:22:53,057 DEBUG PrefixMethodInvocationUtil,http-8080-6:57 - cannot find
method [validateSaveStep1] in action
[it.prova.aps.internalservlet.domande.DomandaAction@3f348a]
16:22:53,058 DEBUG PrefixMethodInvocationUtil,http-8080-6:57 - cannot find
method [validateDoSaveStep1] in action
[it.prova.aps.internalservlet.domande.DomandaAction@3f348a]
16:22:53,059 DEBUG DefaultActionInvocation,http-8080-6:57 - Executing action
method = saveStep1
16:22:53,074 DEBUG DefaultListableBeanFactory,http-8080-6:214 - Returning
cached instance of singleton bean 'privateKey'
16:22:53,076 DEBUG DefaultListableBeanFactory,http-8080-6:214 - Returning
cached instance of singleton bean 'privateKey'
16:22:53,078 DEBUG DefaultListableBeanFactory,http-8080-6:214 - Returning
cached instance of singleton bean 'privateKey'
16:22:53,079 DEBUG DefaultListableBeanFactory,http-8080-6:214 - Returning
cached instance of singleton bean 'privateKey'
16:22:53,080 DEBUG DefaultListableBeanFactory,http-8080-6:601 - Autowiring
by type from bean name 'com.opensymphony.xwork2.ActionChainResult' via
constructor to bean named 'privateKey'
16:22:53,085 DEBUG ActionChainResult,http-8080-6:57 - Chaining to action
introStep2
16:22:53,086 DEBUG DefaultActionProxy,http-8080-6:57 - Creating an
DefaultActionProxy for namespace mykey and action name introStep2
16:22:53,102 WARN Dispatcher,http-8080-6:49 - Could not find action or
result
There is no Action mapped for namespace mykey and action name introStep2. -
[unknown location]
at
com.opensymphony.xwork2.DefaultActionProxy.prepare(DefaultActionProxy.java:177)
at
org.apache.struts2.impl.StrutsActionProxy.prepare(StrutsActionProxy.java:61)
at
org.apache.struts2.impl.StrutsActionProxyFactory.createActionProxy(StrutsActionProxyFactory.java:39)
at
com.opensymphony.xwork2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:47)
at
com.opensymphony.xwork2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:36)
at
com.opensymphony.xwork2.ActionChainResult.execute(ActionChainResult.java:221)
at
com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:361)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:265)
at
com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:163)
at
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:249)
at
org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
at
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:122)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:195)
at
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:148)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
com.agiletec.apsadmin.system.ApsActionParamsInterceptor.intercept(ApsActionParamsInterceptor.java:63)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:93)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:267)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:126)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:148)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:138)
at
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:128)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:176)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
it.prova.aps.internalservlet.system.I18nFrontInterceptor.intercept(I18nFrontInterceptor.java:26)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
it.prova.aps.internalservlet.system.CheckFrontUserInterceptor.intercept(CheckFrontUserInterceptor.java:19)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
it.prova.aps.internalservlet.domande.BoolFieldManagInterceptor.intercept(BoolFieldManagInterceptor.java:28)
at
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at
org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:52)
at
org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:468)
at
com.agiletec.apsadmin.system.dispatcher.Struts2ServletDispatcher.service(Struts2ServletDispatcher.java:99)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:630)
at
org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:535)
at
org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:472)
at
com.agiletec.aps.tags.InternalServletTag.includeShowlet(InternalServletTag.java:160)
at
com.agiletec.aps.tags.InternalServletTag.buildShowletOutput(InternalServletTag.java:134)
at
com.agiletec.aps.tags.InternalServletTag.doEndTag(InternalServletTag.java:112)
at
org.apache.jsp.WEB_002dINF.aps.jsp.showlets.formAction_jsp._jspx_meth_wp_005finternalServlet_005f0(formAction_jsp.java:85)
at
org.apache.jsp.WEB_002dINF.aps.jsp.showlets.formAction_jsp._jspService(formAction_jsp.java:62)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:630)
at
org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:535)
at
org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:472)
at
org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:968)
at
org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:611)
at
com.agiletec.aps.tags.ExecShowletTag.includeShowlet(ExecShowletTag.java:107)
at
com.agiletec.aps.tags.ExecShowletTag.buildShowletOutput(ExecShowletTag.java:84)
at com.agiletec.aps.tags.ExecShowletTag.doEndTag(ExecShowletTag.java:58)
at
org.apache.jsp.WEB_002dINF.aps.jsp.system.main_jsp._jspx_meth_wp_005fexecShowlet_005f0(main_jsp.java:116)
at
org.apache.jsp.WEB_002dINF.aps.jsp.system.main_jsp._jspService(main_jsp.java:70)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:630)
at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
at
com.agiletec.aps.system.services.controller.control.Executor.service(Executor.java:57)
at
com.agiletec.aps.system.services.controller.ControllerManager.service(ControllerManager.java:73)
at
com.agiletec.aps.servlet.ControllerServlet.service(ControllerServlet.java:56)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
at
org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
at
org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
at
com.agiletec.plugins.jprasidm.aps.system.services.controller.control.MySAMLProcessingFilter.doFilterHttp(MySAMLProcessingFilter.java:37)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.saml.metadata.MetadataDisplayFilter.doFilterHttp(MetadataDisplayFilter.java:90)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.saml.SAMLEntryPoint.doFilterHttp(SAMLEntryPoint.java:102)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
com.prova.springframework.security.saml.SAMLLogoutFilter.doFilterHttp(SAMLLogoutFilter.java:162)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
com.prova.springframework.security.saml.SAMLLogoutProcessingFilter.doFilterHttp(SAMLLogoutProcessingFilter.java:163)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.concurrent.ConcurrentSessionFilter.doFilterHttp(ConcurrentSessionFilter.java:99)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
In the case of result of type ServletRedirectResult the value (mykey) of a
Spring Bean of name privateKey is used as method name (I suppose for syntax
actionName!methodName). But there is no explicit reference from action bean
to privateKey bean. I suppose, also here, a problem with autowiring...
The log for this is:
16:46:34,322 DEBUG DefaultActionProxy,http-8080-6:57 - Creating an
DefaultActionProxy for namespace /do and action name main
16:46:34,324 DEBUG DefaultListableBeanFactory,http-8080-6:383 - Creating
instance of bean 'dispatchAction'
16:46:34,326 DEBUG DefaultListableBeanFactory,http-8080-6:214 - Returning
cached instance of singleton bean 'LangManager'
16:46:34,346 DEBUG DefaultListableBeanFactory,http-8080-6:214 - Returning
cached instance of singleton bean 'AuthorizationManager'
16:46:34,347 DEBUG DefaultListableBeanFactory,http-8080-6:214 - Returning
cached instance of singleton bean 'AuthenticationProviderManager'
16:46:34,348 DEBUG DefaultListableBeanFactory,http-8080-6:411 - Finished
creating instance of bean 'dispatchAction'
16:46:34,351 DEBUG DefaultListableBeanFactory,http-8080-6:214 - Returning
cached instance of singleton bean 'AuthorizationManager'
16:46:34,357 DEBUG DefaultListableBeanFactory,http-8080-6:214 - Returning
cached instance of singleton bean 'privateKey'
16:46:34,361 DEBUG DefaultListableBeanFactory,http-8080-6:214 - Returning
cached instance of singleton bean 'privateKey'
16:46:34,370 DEBUG DefaultListableBeanFactory,http-8080-6:214 - Returning
cached instance of singleton bean 'privateKey'
16:46:34,371 DEBUG DefaultListableBeanFactory,http-8080-6:601 - Autowiring
by type from bean name
'org.apache.struts2.dispatcher.ServletActionRedirectResult' via constructor
to bean named 'privateKey'
16:46:34,397 DEBUG ServletRedirectResult,http-8080-6:57 - Redirecting to
finalLocation /axan/do/login!mykey.action
16:46:34,403 DEBUG InstantiatingNullHandler,http-8080-6:57 - Entering
nullPropertyValue
[target=[com.opensymphony.xwork2.DefaultTextProvider@1e6661],
property=struts]
16:46:34,403 DEBUG DefaultActionProxy,http-8080-6:57 - Creating an
DefaultActionProxy for namespace /do and action name login
16:46:34,405 DEBUG I18nInterceptor,http-8080-6:57 - intercept '/do/login' {
16:46:34,407 DEBUG I18nInterceptor,http-8080-6:57 - before Locale=en_EN
16:46:34,439 DEBUG InstantiatingNullHandler,http-8080-6:57 - Entering
nullPropertyValue [target=[com.opensymphony.xwork2.ActionSupport@d861b7,
com.opensymphony.xwork2.DefaultTextProvider@1e6661], property=struts]
16:46:34,445 DEBUG FileUploadInterceptor,http-8080-6:57 - Bypassing
/do/login
16:46:34,446 DEBUG StaticParametersInterceptor,http-8080-6:57 - Setting
static parameters {}
16:46:34,446 DEBUG ParametersInterceptor,http-8080-6:57 - Setting params
NONE
16:46:34,446 DEBUG ParametersInterceptor,http-8080-6:57 - Setting params
16:46:34,550 DEBUG DefaultListableBeanFactory,http-8080-6:214 - Returning
cached instance of singleton bean 'BaseConfigManager'
Any suggestion will be appreciated, I don't understand why bean privateKey
is autowired and why only it.
The bean definition is:
<!-- Alias of the key used for SAML signing and encryption/decryption -->
<beans:bean name="privateKey" class="java.lang.String">
<beans:constructor-arg value="mykey" />
</beans:bean>
Thank you.
Re: Struts2 and Spring Security problem
Posted by Giovanni Cocco <gi...@gmail.com>.
2010/6/10 Giovanni Cocco <gi...@gmail.com>
> Hi,
> I'm experiencing some problems in a project based on jAPS (
> http://www.japsportal.org). The jAPS backend is based on Struts2.
> For integration with a IDM System we introduced SpringSecurity on the
> application. The problem is that when Struts2 is executing a result of type
> "chain" or of type "redirectAction" there is some problem with result.
> In the case of result of type chain the value (mykey) of a Spring Bean of
> name privateKey is used as namespace. But there is no explicit reference
> from action bean to privateKey bean. I suppose a problem with autowiring...
>
>
[....]
> Any suggestion will be appreciated, I don't understand why bean privateKey
> is autowired and why only it.
>
> The bean definition is:
>
> <!-- Alias of the key used for SAML signing and encryption/decryption
> -->
> <beans:bean name="privateKey" class="java.lang.String">
> <beans:constructor-arg value="mykey" />
> </beans:bean>
>
>
>
I found a solution to the problem, the String defined into the bean
"privateKey" is passed to other bean via a property-placeholder. So there
isn't the definition for bean "privateKey" and struts2 code that manage
"chain" and "redirectAction" result types
doesn't try to use the value of String in bean "privateKey.
Regards,
GC