Getting "org.jasypt.exceptions.EncryptionOperationNotPossibleException" when trying to login - spring

I'm using Jasypt 1.9.0, Spring 3.1.1.RELEASE, and Maven 3.0.3. When I enter a username and password on my login page and submit, I get the following error …
org.jasypt.exceptions.EncryptionOperationNotPossibleException
org.jasypt.digest.StandardByteDigester.matches(StandardByteDigester.java:1107)
org.jasypt.digest.StandardStringDigester.matches(StandardStringDigester.java:1052)
org.jasypt.util.password.ConfigurablePasswordEncryptor.checkPassword(ConfigurablePasswordEncryptor.java:252)
org.jasypt.spring.security3.PasswordEncoder.isPasswordValid(PasswordEncoder.java:207)
org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:64)
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:184)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:155)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
Here is the Spring security I have setup
<beans:bean id="bcProvider" class="org.bouncycastle.jce.provider.BouncyCastleProvider" />
<beans:bean id="jasyptPasswordEncryptor" class="org.jasypt.util.password.ConfigurablePasswordEncryptor">
<beans:property name="algorithm">
<beans:value>SHA-256</beans:value>
</beans:property>
<beans:property name="provider">
<beans:ref bean="bcProvider" />
</beans:property>
</beans:bean>
<!-- This Spring Security-friendly PasswordEncoder implementation will -->
<!-- wrap the PasswordEncryptor instance so that it can be used from -->
<!-- the security framework. -->
<beans:bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder">
<beans:property name="passwordEncryptor">
<beans:ref bean="jasyptPasswordEncryptor" />
</beans:property>
</beans:bean>
<authentication-manager alias="authenticationManager"
id="authenticationManager">
<authentication-provider user-service-ref="sbdUserDetailsService">
<password-encoder ref="passwordEncoder" />
</authentication-provider>
</authentication-manager>
The Jasypt docs aren't very helpful and I don't know what else to check. Grateful for any help here. -

It's probably intentionally impossible to tell the cause of the error from the Jasypt library without debugging into it and finding the underlying exception. My guess would be you have an undigested password in the back end store (the most likely source of failures to compare digested passwords).

Related

How to log request data along with response data in http:outbound-gateway

Using spring integration, I am reading from a queue and then calling a REST service using http:outbound-gateway. The code works fine. But I want to relate the logs such that for a given request key field , so and so response is received. Otherwise, it is very difficult to pinpoint for which request the response is received, when there are thousands of messages flowing through the queue.
My JSON request for the service call is as follows:
{"ID":"123","status":"A"}
my JSON Response from the service call is as follows:
{"transactionStatus":"Success"}
I want to do logging such that "ID:123" has got a reponse transactionStatus as "Success".
Please help me with the code how I can achieve this. Please let me know if you need further details.
Thanks in advance.
<int:object-to-json-transformer input-channel = "gcmRequestChannel" output-channel="RESTSrvcChannel"></int:object-to-json-transformer>
<int:header-enricher id = "restenricher" input-channel = "RESTSrvcChannel" output-channel = "RESTSrvcChannel2">
<int:header name="contentType" value="application/json"/>
<int:header name="SPApikey" value="${throttler.SPApikey}" />
</int:header-enricher>
<http:outbound-gateway id="gcmrestHttpOutboundGateway" request-channel="RESTSrvcChannel2" reply-channel="nullChannel"
extract-request-payload="true"
url="${throttler.url}"
header-mapper="headerMapper"
http-method="POST"
expected-response-type="java.lang.String"
>
</http:outbound-gateway>
<beans:bean id="headerMapper"
class="org.springframework.integration.http.support.DefaultHttpHeaderMapper">
<beans:property name="inboundHeaderNames" value="*" />
<beans:property name="outboundHeaderNames" value="HTTP_REQUEST_HEADERS,SPApikey" />
<beans:property name="userDefinedHeaderPrefix" value="" />
</beans:bean>
Since Spring Integration deals with the Message object in its components and via channels in between, there is a nice solution like supply your important information into the headers and they will be available in the replyMessage for your logging purpose:
<header-enricher>
<header name="originalPayload" expression="payload"/>
</header-enricher>
I have coded as suggested by you. Thanks for your response.
<int:header-enricher id = "gcmrestenricher" input-channel = "gcmRESTSrvcChannel" output-channel = "gcmRESTSrvcChannel2">
<int:header name="contentType" value="application/json"/>
<int:header name="SPApikey" value="${throttler.SPApikey}" />
<int:header name="JSONPayload" expression="payload"/>
</int:header-enricher>
<http:outbound-gateway id="gcmrestHttpOutboundGateway" request-channel="gcmRESTSrvcChannel2" reply-channel="gcmRESTSrvcOutputChannel"
extract-request-payload="true"
url="${throttler.gcmurl}"
header-mapper="gcmheaderMapper"
http-method="POST"
expected-response-type="java.lang.String"
>
</http:outbound-gateway>
<beans:bean id="gcmheaderMapper"
class="org.springframework.integration.http.support.DefaultHttpHeaderMapper">
<beans:property name="inboundHeaderNames" value="*" />
<beans:property name="outboundHeaderNames" value="HTTP_REQUEST_HEADERS,SPApikey,JSONPayload" />
<beans:property name="userDefinedHeaderPrefix" value="" />
</beans:bean>
<beans:bean id="logmsg" class = "com.MLAServiceActivator"></beans:bean>
<int:service-activator requires-reply="false" input-channel="gcmRESTSrvcOutputChannel" ref="logmsg" method="ResponseLogging"></int:service-activator>
#ServiceActivator
public void ResponseLogging(Message<String> message)
{
logger.info("The response message is:"+message.getPayload()+ " for request message:"+message.getHeaders().get("JSONPayload"));
}

Dynamic URL for Custom Http-Client - Spring-XD

We have written a custom Http-client for spring XD and planning to use this custom processor for invoking different APIs. However, We have a situation where we need to invoke two different API based on the payload. Apart from using dynamic-router (which writes to a named channel) is there a way we can set the URL dynamically for the http-client to invoke? Here is the current configuration.
<header-filter input-channel="input" output-channel="inputX"
header-names="x-death" />
<service-activator input-channel="inputX" ref="gw" />
<gateway id="gw" default-request-channel="toHttp"
default-reply-timeout="0" error-channel="errors" />
<beans:bean id="inputfields"
class="com.batch.httpclient.HTTPInputProperties">
<beans:property name="nonRetryErrorCodes" value="${nonRetryErrorCodes}" />
</beans:bean>
<beans:bean id="responseInterceptor"
class="com.batch.httpclient.ResponseInterceptor">
<beans:property name="inputProperties" ref="inputfields" />
</beans:bean>
<chain input-channel="errors" output-channel="output">
<transformer ref="responseInterceptor" />
</chain>
<int-http:outbound-gateway id='batch-http'
header-mapper="headerMapper" request-channel='toHttp' url-expression="${url}"
http-method="${httpMethod}" expected-response-type='java.lang.String'
charset='${charset}' reply-timeout='${replyTimeout}' reply-channel='output'>
</int-http:outbound-gateway>
<beans:bean id="headerMapper"
class="org.springframework.integration.http.support.DefaultHttpHeaderMapper"
factory-method="outboundMapper">
<beans:property name="outboundHeaderNames" value="*" />
<beans:property name="userDefinedHeaderPrefix" value="" />
</beans:bean>
<channel id="output" />
<channel id="input" />
<channel id="inputX" />
<channel id="toHttp" />
If it's based on the payload type, something like this should work...
url-expression="payload.getClass().getSimpleName().equals("Bar") ? 'http://foo/bar' : 'http://foo/baz'"
If it's a property on the payload, then
url-expression="payload.foo.equals("bar") ? 'http://foo/bar' : 'http://foo/baz'"
EDIT
or
url-expression="payload.foo.equals("bar") ? '${url1}' : '${url2}'"
This would need changing the property metadata class to rename url and add url2.

Spring Hibernate Transaction No Session Lazy Loading

I have a problem with only one controller that has a lazy loaded entity(there is a transaction initiated and commited, see stack trace)
17:56:46,084 DEBUG HibernateTransactionManager:438 - Found thread-bound Session [org.hibernate.impl.SessionImpl#6b204e88] for Hibernate transaction
17:56:46,085 DEBUG HibernateTransactionManager:471 - Participating in existing transaction
17:56:46,085 DEBUG HibernateTransactionManager:438 - Found thread-bound Session [org.hibernate.impl.SessionImpl#6b204e88] for Hibernate transaction
17:56:46,085 DEBUG HibernateTransactionManager:471 - Participating in existing transaction
Hibernate: select preference0_.id as id66_, preference0_.name as name66_, preference0_.value as value66_, preference0_.default_value as default4_66_, preference0_.updated_at as updated5_66_ from preferences preference0_ where preference0_.name='scheduleInterval'
17:56:46,086 DEBUG GooGooStatementCache:457 - cxnStmtMgr.statementSet( com.mysql.jdbc.JDBC4Connection#5ec60ee2 ).size(): 21
17:56:46,086 DEBUG GooGooStatementCache:196 - checkoutStatement: com.mchange.v2.c3p0.stmt.GlobalMaxOnlyStatementCache stats -- total size: 111; checked out: 1; num connections: 10; num keys: 111
17:56:46,087 DEBUG GooGooStatementCache:271 - checkinStatement(): com.mchange.v2.c3p0.stmt.GlobalMaxOnlyStatementCache stats -- total size: 111; checked out: 0; num connections: 10; num keys: 111
17:56:46,089 FATAL app:79 - service
org.hibernate.LazyInitializationException: could not initialize proxy - no Session
at org.hibernate.proxy.AbstractLazyInitializer.initialize(AbstractLazyInitializer.java:167)
at org.hibernate.proxy.AbstractLazyInitializer.getImplementation(AbstractLazyInitializer.java:215)
at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:190)
at com.model.User_$$_javassist_76.getName(User_$$_javassist_76.java)
at com.model.json.ScheduleItemWrapper.wrap(ScheduleItemWrapper.java:55)
at com.web.controllers.ajax.Model.wrap(Model.java:127)
at com.web.controllers.ajax.Model.toJSON(Model.java:165)
at com.web.controllers.ajax.Model.getContent(Model.java:51)
at com.web.controllers.ajax.BasicAction.execute(BasicAction.java:27)
at com.web.HibernateServlet.doService(HibernateServlet.java:113)
at com.web.HibernateServlet.service(HibernateServlet.java:66)
at sun.reflect.GeneratedMethodAccessor200.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:695)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:631)
at com.levitech.web.controllers.schedule.ScheduleList$$EnhancerByCGLIB$$4a7ae33e.service(<generated>)
at com.levitech.web.RequestDispatcher.service(RequestDispatcher.java:63)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)
17:56:46,090 DEBUG HibernateTransactionManager:753 - Initiating transaction commit
17:56:46,090 DEBUG HibernateTransactionManager:653 - Committing Hibernate transaction on Session [org.hibernate.impl.SessionImpl#6b204e88]
17:56:46,091 DEBUG HibernateTransactionManager:735 - Closing Hibernate Session [org.hibernate.impl.SessionImpl#6b204e88] after transaction
17:56:46,091 DEBUG SessionFactoryUtils:800 - Closing Hibernate Session
The model (ScheduleItem and User) and their hibernate mappings
public class ScheduleItem {
private Integer id;
....
private User user;
}
public class User {
private Integer id;
...
private String name;
}
<class
name="ScheduleItem"
table="schedule_item"
>
<cache usage="read-write"/>
<id
name="id"
type="integer"
column="id"
>
<generator class="identity" />
</id>
<many-to-one name="user" column="user_id" lazy="proxy"></many-to-one>
</class>
<class
name="ScheduleItem"
table="schedule_item"
>
<cache usage="read-write"/>
<id
name="id"
type="integer"
column="id"
>
<generator class="identity" />
</id>
<property name="name" column="name" type="string" />
</class>
I found the culprit. OpenSessionViewFilter is using a different session or sessionfactory.
Here is my Spring config and web.xml (What am I doing wrong?):
Part of web.xml:
<filter>
<filter-name>hibernateFilter</filter-name>
<filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
<init-param>
<param-name>sessionFactoryBeanName</param-name>
<param-value>sessionFactory</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>hibernateFilter</filter-name>
<url-pattern>/app/s/*</url-pattern>
</filter-mapping>
Part of Spring Config:
<bean id="myDataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close">
<property name="driverClass" value="${db.driver}"/>
<property name="jdbcUrl" value="${db.url}"/>
<property name="user" value="${db.user}"/>
<property name="password" value="${db.pass}"/>
<!-- Pool properties -->
<property name="minPoolSize" value="5" />
<property name="maxPoolSize" value="100" />
<property name="acquireIncrement" value="5" />
<property name="maxStatements" value="200" />
<property name="idleConnectionTestPeriod" value="120" />
<property name="maxIdleTime" value="1800" />
</bean>
<bean id="sessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
<property name="dataSource" ref="myDataSource"></property>
<property name="mappingLocations" value="classpath*:com/model/hbm/**/*.hbm.xml" />
<property name="hibernateProperties">
<value>
hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
hibernate.show_sql=true
hibernate.cache.region.factory_class=net.sf.ehcache.hibernate.SingletonEhCacheRegionFactory
hibernate.cache.use_query_cache=true
hibernate.cache.use_second_level_cache=true
</value>
</property>
</bean>
<bean id="transactionManager"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory"/>
</bean>
From the log it looks like the session is still open when you get this exception. The other scenario in which you would get such an exception is if the row doesn't exist in the database.
User user = session.load(User.class, 1000); // Create a proxy
user.getName(); // This would throw lazy initialization exception if row doesn't exist
One more scenario that can lead to this is working with detached objects. If you fetched and stored the ScheduleItem as a HTTPSession variable. Retrieve it in another request and then try to access the proxy - it will result in the same exception. The session that was used to load the object has been closed. If that is the case you need to first reattach the object to the new session (merge, update or lock) before using it.
There are multiple solutions for your problem:
The easiest one is using Spring's OpenSessionInViewFilter. Just add this filter to your web.xml and configure it to filter your request.
This filter opens and closes Hibernate session in a filter, so during page rendering session will be open.
Some people believe that OpenSessionInViewFilter is against good design, and it mixes business logic into presentation tier. If you think so, fetch the referenced object in your query (for example by using join fetch in your HQLs).
You could try to:
Eagerly load the collection.
initialize the collection before leaving the collection by calling the respective getter method Hibernate.initialize(rtn.getUserRoles());
Thats basically two times the same approach depending on what works best in your setup. You are making sure to load the complete entity before leaving the session that way the entity can be detached from the old and then reatached to a new session without problems. What you are doing is initializing the proxy before leaving the session so that the collection is available for sure when you are out of a session context.

Spring Security remember-me re login fails

I'm trying to create remember-me based on persistent token approach feature. as my dataSource I have mongoDB. In order to store tokens in as collection I override PersistentTokenRepository class and it seems to be ok, but I can't login when I reopen my browser. I'm using mongoDB to store tokens, but it shouldn't be a problem all db layer functions work as expected.
My spring security configuration looks like this:
<security:global-method-security secured-annotations="enabled" />
<security:http pattern="/login.html" security="none"/>
<security:http pattern="/signup.html" security="none"/>
<security:http auto-config="true" access-denied-page="/accessDenied.jsp">
<security:form-login login-page="/login.html" login-processing-url="/login" authentication-failure-url="/login.html?login_error=1" default-target-url="/"/>
<security:http-basic/>
<security:intercept-url pattern='/**' access='ROLE_USER' />
<security:logout logout-url="/logout" logout-success-url="/"/>
<security:remember-me services-ref="rememberMeServices"/>
</security:http>
<bean id="userPassAuthFilterBeanPostProcessor"
class="com.mytwitter.web.security.UserPassAuthFilterBeanPostProcessor">
<property name="usernameParameter" value="username" />
<property name="passwordParameter" value="password" />
</bean>
<bean id="LoginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login" />
</bean>
<bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
</list>
</property>
</bean>
<security:authentication-manager alias="authManager">
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder hash="md5"/>
</security:authentication-provider>
</security:authentication-manager>
<bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
<property name="tokenRepository" ref="myTokenRepository" />
<property name="userDetailsService" ref="userDetailsService" />
<property name="key" value="myRememberMeKey" />
<property name="alwaysRemember" value="true" />
</bean>
<bean id="myTokenRepository" class="com.mytwitter.web.security.MyTokenRepository">
</bean>
When I login correctly my token inserted into Database. I can see it clearly.
After I close the browser and trying re-login authentication fails.
There is no problem with mongoDB all queries executed successfully.
When I turn on debuging I see the following behavior:
2012-02-05 00:33:54,374 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.FilterChainProxy - /index.jsp at position 7 of 11 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' - 287265
2012-02-05 00:33:59,801 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie detected - 292692
getting Token
2012-02-05 00:34:04,829 DEBUG [http-bio-8080-exec-7] org.springframework.data.mongodb.core.MongoTemplate - findOne using query: { "series" : "qhvYe8ZsDX+72ZbeNxSGzQ=="} in db.collection: xxx.rememberMeTokens - 297720
2012-02-05 00:34:21,471 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Refreshing persistent login token for user 'aaaa', series 'qhvYe8ZsDX+72ZbeNxSGzQ==' - 314362
Updating Token
2012-02-05 00:34:23,043 DEBUG [http-bio-8080-exec-7] org.springframework.data.mongodb.core.MongoTemplate - calling update using query: { "series" : "qhvYe8ZsDX+72ZbeNxSGzQ=="} and update: { "$set" : { "token" : "LVBRYo/vjEARdm262UA07g==" , "last_used" : { "$date" : "2012-02-04T22:34:22.333Z"}}} in collection: persistentRememberMeToken - 315934
2012-02-05 00:34:26,427 DEBUG [http-bio-8080-exec-7] org.springframework.data.mongodb.core.MongoTemplate - findOne using query: { "nickname" : "aaaa"} in db.collection: xxxx.users - 319318
2012-02-05 00:34:45,623 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie accepted - 338514
2012-02-05 00:36:24,438 DEBUG [http-bio-8080-exec-7] org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.RememberMeAuthenticationProvider - 437329
2012-02-05 00:36:45,543 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as AuthenticationManager rejected Authentication returned by RememberMeServices: 'org.springframework.security.authentication.RememberMeAuthenticationToken#7609e07a: Principal: com.mytwitter.web.security.AuthUser#3214512e; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'; invalidating remember-me token - 458434
org.springframework.security.authentication.BadCredentialsException: The presented RememberMeAuthenticationToken does not contain the expected key
at org.springframework.security.authentication.RememberMeAuthenticationProvider.authenticate(RememberMeAuthenticationProvider.java:64)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:102)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:679)
What am I missing?
Today after I reboot my laptop and started tomcat + eclipse it works ok and no error occurs. I'm quite confused with this behavior, but god gave me courage to accept things that I can't understand,but I believe that it has something to do with the old cookies for this site. Now when all of them expired it works fine.

Using the Struts2-Rest-Plugin with Spring

I'm starting to use the Struts2 Rest Plugin in our Spring application.
Let's start with our struts.xml:
<struts>
<constant name="struts.devMode" value="true" />
<constant name="struts.custom.i18n.resources" value="lang/messages" />
<constant name="struts.ognl.allowStaticMethodAccess" value="true" />
<constant name="struts.mapper.class" value="rest" />
<package name="default">
<action name="document" class="DocumentRestaction" />
</package>
</struts>
Then in Spring, I'm doing the following (to see if the String is injected):
<bean name="DocumentRestaction" class="be.example.actions.DocumentRestaction">
<property name="injected" value="Oh Hai" />
</bean>
I do a POST request to the URL /documents and end up in the create() method, great! In debug, my injected variable is injected. But when I let the debug continue, I get following exception:
4129 [http-8080-2] ERROR org.apache.struts2.rest.RestActionInvocation - Exception processing the result.
java.lang.RuntimeException: Invalid action class configuration that references an unknown class named [DocumentRestaction]
at org.apache.struts2.convention.ConventionsServiceImpl.determineResultPath(ConventionsServiceImpl.java:100)
at org.apache.struts2.convention.ConventionUnknownHandler.determinePath(ConventionUnknownHandler.java:379)
at org.apache.struts2.convention.ConventionUnknownHandler.handleUnknownResult(ConventionUnknownHandler.java:268)
at com.opensymphony.xwork2.DefaultUnknownHandlerManager.handleUnknownResult(DefaultUnknownHandlerManager.java:87)
at com.opensymphony.xwork2.DefaultActionInvocation.createResult(DefaultActionInvocation.java:227)
at org.apache.struts2.rest.RestActionInvocation.executeResult(RestActionInvocation.java:221)
at org.apache.struts2.rest.RestActionInvocation.processResult(RestActionInvocation.java:198)
at org.apache.struts2.rest.RestActionInvocation.invoke(RestActionInvocation.java:146)
at com.opensymphony.xwork2.DefaultActionProxy.execute(DefaultActionProxy.java:147)
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77)
at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:91)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:291)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:679)
Caused by: java.lang.ClassNotFoundException: DocumentRestaction
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1680)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1526)
at org.apache.struts2.util.ClassLoaderUtils.loadClass(ClassLoaderUtils.java:111)
at org.apache.struts2.convention.ConventionsServiceImpl.determineResultPath(ConventionsServiceImpl.java:98)
... 27 more
But the class has been found .. (I ended up in create), why is it saying this? And most importantly, what am I doing wrong?
I'm using Spring v3.0.5, struts2-rest-plugin v2.3.1, struts2-core v2.3.1 and struts2-spring-plugin 2.3.1
In case anyone is looking for a solution to this, this article might help.
There's an omission in the sample code given though - in your applicationContext.xml, make sure you define the "id" and "class" to be the fully qualified class name of your controller:
<bean id="com.mersoft.web.controller.TestController" class="com.mersoft.web.controller.TestController">
<constructor-arg ref="testManager" />
</bean>
Hope that helps. Oh, and to be clear, you don't have to remove the convention plugin as suggested in an earlier comment.

Resources