spring security 3.0 - Access is denied

Java

02/02/2012

Boa tarde pessoal!

Estou com o seguinte problema:

Tenho uma aplica��o que esta utilizando spring security 3.0, fiz toda a parte de configura��o com xml e etc.
No applicationContext-security.xml fiz a configura��o para dois tipos de usu�rio ROLE_ADMINISTRADOR e ROLE_USUARIO conforme segue a baixo

<http>

		<intercept-url pattern=/admin/** access=ROLE_ADMINISTRADOR />
		<intercept-url pattern=/restrito/** access=ROLE_USUARIO />
		<form-login login-page=/publico/login.jsf
			always-use-default-target=true 
			default-target-url=/restrito/principal.jsf
			authentication-failure-url=/publico/login.jsf?login_error=1 />
		<logout/>
		<remember-me />
	</http>

S� que ao rodar a aplica��o quando eu tento entra como administrador ele da o seguinte erro:


16:28:26.095 [http-apr-8080-exec-2] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@79bf496b, returned: 0
16:28:26.096 [http-apr-8080-exec-2] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205) ~[spring-security-core-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114) ~[spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) ~[spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) ~[spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:146) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) [spring-security-web-3.1.0.RELEASE.jar:3.1.0.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) [spring-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) [spring-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.23]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.23]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) [catalina.jar:7.0.23]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) [catalina.jar:7.0.23]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) [catalina.jar:7.0.23]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) [catalina.jar:7.0.23]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) [catalina.jar:7.0.23]
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928) [catalina.jar:7.0.23]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) [catalina.jar:7.0.23]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) [catalina.jar:7.0.23]
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987) [tomcat-coyote.jar:7.0.23]
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:539) [tomcat-coyote.jar:7.0.23]
	at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1815) [tomcat-coyote.jar:7.0.23]
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) [na:1.6.0_27]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.6.0_27]
	at java.lang.Thread.run(Unknown Source) [na:1.6.0_27]
16:28:26.097 [http-apr-8080-exec-2] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

J� quando eu entro como usu�rio normal ele aceita normalmente. Dando uma pesquisada entrei no site do springresource encontrei a seguinte resposta:

Esta � uma mensagem n�vel de depura��o que ocorre a primeira vez que um usu�rio an�nimo tenta acessar um recurso protegido.

� normal e n�o deve ser nada para se preocupar.

S� que n�o conseguir entender.
Ser� que esqueci alguma coisa?

Obrigado pela aten��o.

Ismael Oliveira

Curtidas 0

Respostas

Dyego Carmo

02/02/2012

Eles querem dizer :

� apenas uma msg que ocorre quando vc esta debugando... nada para voce se preocupar, ignore-a

GOSTEI 0

POSTAR