TechPitcher » Acegi http://www.techpitcher.com Mon, 20 Dec 2010 10:28:24 +0000 http://wordpress.org/?v=2.9.1 en hourly 1 Access is denied (user is not anonymous) http://www.techpitcher.com/access-is-denied-user-is-not-anonymous.html http://www.techpitcher.com/access-is-denied-user-is-not-anonymous.html#comments Tue, 04 Nov 2008 18:32:15 +0000 Amit http://techpitcher.com/?p=85 DEBUG org.acegisecurity.ui.ExceptionTranslationFilter - Access is denied (user is not anonymous); delegating to AccessDeniedHandlerorg.acegisecurity.AccessDeniedException: Access is denied at org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68) at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:292) at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:104) at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:72) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:110) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:81) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:229) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.ui.logout.LogoutFilter.doFilter(LogoutFilter.java:106) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:286) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149) at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

As exception itself says that “Access is denied (user is not anonymous)” i.e. authorities are granted to Authentication object and the value of this authority is not anonymous. The authorities granted to Authentication object doesn’t have permission to access the required resource.
It can be corrected by granting access to the required resource. The application must be having roles mapping on different resources e.g.

<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/images/**=ROLE_ANONYMOUS,ROLE_OWNER,ROLE_ADMINISTRATOR,ROLE_OTHER
/css/**=ROLE_ANONYMOUS,ROLE_OWNER,ROLE_ADMINISTRATOR,ROLE_OTHER
/js/**=ROLE_ANONYMOUS,ROLE_ADMINISTRATOR,ROLE_OTHER
/ws/**=ROLE_ANONYMOUS,ROLE_OWNER,ROLE_ADMINISTRATOR,ROLE_OTHER
</value>
</property>

If you look carefully in above configuration then js folder doesn’t allow access to files inside js for ROLE_OWNER. If a user having role ROLE_OWNER logs into the system and tries to access resource inside js folder then he’ll get above exception as user is not anonymous and is not allowed to access this resource.
To fix this problem allow js accessible to ROLE_OWNER.

]]> http://www.techpitcher.com/access-is-denied-user-is-not-anonymous.html/feed 0