Hi,
Currently our grails app runs on version 2.0.1 with spring security plugin v 1.2.7.3 for security. We have role based access set up for app. And the user info is stored in mongodb for which we use grails mongodb plugin v 1.0.0.RC5.
I have upgraded the app to grails v 2.2.3 which led to upgrade of mongodb plugin to v 1.3.0.GA.
After the upgrade, when I try to login into the application through the UI using an existing user information, it seems to authenticate the login information but the page that shows up after says that user is not authorized to view the page(denied page).
In the log, there is Access denied exception that shows up. I ran Spring Security logging in debug mode and found that the roles are not being fetch from the db as I see ROLE_NO_ROLES being assigned as role for the user even though it seems like the authentication is successful.
I am not sure why the roles are being fetched from mongodb as the collections for user, user roles are there in the db. and the config.groovy file has these set up for spring secuirty from before(the upgrade):
grails.plugins.springsecurity.userLookup.userDomai nClassName = 'com.paydiant.domain.adminportal.user.SecurityUser '
grails.plugins.springsecurity.userLookup.authority JoinClassName = 'com.paydiant.domain.adminportal.user.SecurityUser SecurityRole'
grails.plugins.springsecurity.authority.className = 'com.paydiant.domain.adminportal.user.SecurityRole '
Could someone please help me with this!
Here is a part of the log in springsecurity log in debug mode:
29 Aug 2013 16:15:15,523 DEBUG org.springframework.security.web.access.intercept. FilterSecurityInterceptor Previously Authenticated: org.springframework.security.authentication.Userna mePasswordAuthenticationToken@88b707d4: Principal: org.codehaus.groovy.grails.plugins.springsecurity. GrailsUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_NO_ROLES; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.We bAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 3AE55CB76226E3BE4E510AC8ACA78313; Granted Authorities: ROLE_NO_ROLES
29 Aug 2013 16:15:15,523 DEBUG org.springframework.security.access.hierarchicalro les.RoleHierarchyImpl getReachableGrantedAuthorities() - From the roles [ROLE_NO_ROLES] one can reach [ROLE_NO_ROLES] in zero or more steps.
29 Aug 2013 16:15:15,534 ERROR StackTrace Full Stack Trace:
org.springframework.security.access.AccessDeniedEx ception: Access is denied
at org.codehaus.groovy.grails.plugins.springsecurity. AuthenticatedVetoableDecisionManager.deny(Authenti catedVetoableDecisionManager.java:111)
at org.codehaus.groovy.grails.plugins.springsecurity. AuthenticatedVetoableDecisionManager.checkOtherVot ers(AuthenticatedVetoableDecisionManager.java:103)
at org.codehaus.groovy.grails.plugins.springsecurity. AuthenticatedVetoableDecisionManager.decide(Authen ticatedVetoableDecisionManager.java:44)
at org.springframework.security.access.intercept.Abst ractSecurityInterceptor.beforeInvocation(AbstractS ecurityInterceptor.java:204)
at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.invoke(FilterSecurityInt erceptor.java:106)
at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.doFilter(FilterSecurityI nterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.access.ExceptionT ranslationFilter.doFilter(ExceptionTranslationFilt er.java:97)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.authentication.An onymousAuthenticationFilter.doFilter(AnonymousAuth enticationFilter.java:78)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.authentication.re memberme.RememberMeAuthenticationFilter.doFilter(R ememberMeAuthenticationFilter.java:119)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.servletapi.Securi tyContextHolderAwareRequestFilter.doFilter(Securit yContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.authentication.Ab stractAuthenticationProcessingFilter.doFilter(Abst ractAuthenticationProcessingFilter.java:187)
at org.codehaus.groovy.grails.plugins.springsecurity. RequestHolderAuthenticationFilter.doFilter(Request HolderAuthenticationFilter.java:40)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.codehaus.groovy.grails.plugins.springsecurity. MutableLogoutFilter.doFilter(MutableLogoutFilter.j ava:79)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.context.SecurityC ontextPersistenceFilter.doFilter(SecurityContextPe rsistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.FilterChainProxy. doFilter(FilterChainProxy.java:168)
at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
at org.codehaus.groovy.grails.web.servlet.mvc.GrailsW ebRequestFilter.doFilterInternal(GrailsWebRequestF ilter.java:69)
at org.springframework.web.filter.OncePerRequestFilte r.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
at org.codehaus.groovy.grails.web.filters.HiddenHttpM ethodFilter.doFilterInternal(HiddenHttpMethodFilte r.java:66)
at org.springframework.web.filter.OncePerRequestFilte r.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
at org.springframework.web.filter.CharacterEncodingFi lter.doFilterInternal(CharacterEncodingFilter.java :88)
at org.springframework.web.filter.OncePerRequestFilte r.doFilter(OncePerRequestFilter.java:76)
at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:123)
at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:99)
at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.p rocess(AbstractHttp11Processor.java:1009)
at org.apache.coyote.AbstractProtocol$AbstractConnect ionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProce ssor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
Thank you,
Mayuri.
Currently our grails app runs on version 2.0.1 with spring security plugin v 1.2.7.3 for security. We have role based access set up for app. And the user info is stored in mongodb for which we use grails mongodb plugin v 1.0.0.RC5.
I have upgraded the app to grails v 2.2.3 which led to upgrade of mongodb plugin to v 1.3.0.GA.
After the upgrade, when I try to login into the application through the UI using an existing user information, it seems to authenticate the login information but the page that shows up after says that user is not authorized to view the page(denied page).
In the log, there is Access denied exception that shows up. I ran Spring Security logging in debug mode and found that the roles are not being fetch from the db as I see ROLE_NO_ROLES being assigned as role for the user even though it seems like the authentication is successful.
I am not sure why the roles are being fetched from mongodb as the collections for user, user roles are there in the db. and the config.groovy file has these set up for spring secuirty from before(the upgrade):
grails.plugins.springsecurity.userLookup.userDomai nClassName = 'com.paydiant.domain.adminportal.user.SecurityUser '
grails.plugins.springsecurity.userLookup.authority JoinClassName = 'com.paydiant.domain.adminportal.user.SecurityUser SecurityRole'
grails.plugins.springsecurity.authority.className = 'com.paydiant.domain.adminportal.user.SecurityRole '
Could someone please help me with this!
Here is a part of the log in springsecurity log in debug mode:
29 Aug 2013 16:15:15,523 DEBUG org.springframework.security.web.access.intercept. FilterSecurityInterceptor Previously Authenticated: org.springframework.security.authentication.Userna mePasswordAuthenticationToken@88b707d4: Principal: org.codehaus.groovy.grails.plugins.springsecurity. GrailsUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_NO_ROLES; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.We bAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 3AE55CB76226E3BE4E510AC8ACA78313; Granted Authorities: ROLE_NO_ROLES
29 Aug 2013 16:15:15,523 DEBUG org.springframework.security.access.hierarchicalro les.RoleHierarchyImpl getReachableGrantedAuthorities() - From the roles [ROLE_NO_ROLES] one can reach [ROLE_NO_ROLES] in zero or more steps.
29 Aug 2013 16:15:15,534 ERROR StackTrace Full Stack Trace:
org.springframework.security.access.AccessDeniedEx ception: Access is denied
at org.codehaus.groovy.grails.plugins.springsecurity. AuthenticatedVetoableDecisionManager.deny(Authenti catedVetoableDecisionManager.java:111)
at org.codehaus.groovy.grails.plugins.springsecurity. AuthenticatedVetoableDecisionManager.checkOtherVot ers(AuthenticatedVetoableDecisionManager.java:103)
at org.codehaus.groovy.grails.plugins.springsecurity. AuthenticatedVetoableDecisionManager.decide(Authen ticatedVetoableDecisionManager.java:44)
at org.springframework.security.access.intercept.Abst ractSecurityInterceptor.beforeInvocation(AbstractS ecurityInterceptor.java:204)
at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.invoke(FilterSecurityInt erceptor.java:106)
at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.doFilter(FilterSecurityI nterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.access.ExceptionT ranslationFilter.doFilter(ExceptionTranslationFilt er.java:97)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.authentication.An onymousAuthenticationFilter.doFilter(AnonymousAuth enticationFilter.java:78)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.authentication.re memberme.RememberMeAuthenticationFilter.doFilter(R ememberMeAuthenticationFilter.java:119)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.servletapi.Securi tyContextHolderAwareRequestFilter.doFilter(Securit yContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.authentication.Ab stractAuthenticationProcessingFilter.doFilter(Abst ractAuthenticationProcessingFilter.java:187)
at org.codehaus.groovy.grails.plugins.springsecurity. RequestHolderAuthenticationFilter.doFilter(Request HolderAuthenticationFilter.java:40)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.codehaus.groovy.grails.plugins.springsecurity. MutableLogoutFilter.doFilter(MutableLogoutFilter.j ava:79)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.context.SecurityC ontextPersistenceFilter.doFilter(SecurityContextPe rsistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 381)
at org.springframework.security.web.FilterChainProxy. doFilter(FilterChainProxy.java:168)
at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
at org.codehaus.groovy.grails.web.servlet.mvc.GrailsW ebRequestFilter.doFilterInternal(GrailsWebRequestF ilter.java:69)
at org.springframework.web.filter.OncePerRequestFilte r.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
at org.codehaus.groovy.grails.web.filters.HiddenHttpM ethodFilter.doFilterInternal(HiddenHttpMethodFilte r.java:66)
at org.springframework.web.filter.OncePerRequestFilte r.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
at org.springframework.web.filter.CharacterEncodingFi lter.doFilterInternal(CharacterEncodingFilter.java :88)
at org.springframework.web.filter.OncePerRequestFilte r.doFilter(OncePerRequestFilter.java:76)
at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:123)
at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:99)
at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.p rocess(AbstractHttp11Processor.java:1009)
at org.apache.coyote.AbstractProtocol$AbstractConnect ionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProce ssor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
Thank you,
Mayuri.