Grails 2.5 + Spring Security Core 2.0-RC4: NullPointerException at AbstractAuthenticationProcessingFilter

1
votes

Environment: Grails 2.5.0, OSX, Java 7.0_71

I'm trying to upgrade my app from

Grails/Hibernate 2.2.4 + spring-security-core:1.2.7.3

to

Grails 2.5.0 + hibernate4:4.3.8.1 + spring-security-core:2.0-RC4

But when I try to authenticate, I'm getting:

2015-05-20 21:35:55.705 [http-bio-8080-exec-10] grails.plugin.springsecurity.web.filter.DebugFilter
 INFO  

************************************************************

Request received for '/j_spring_security_check':

org.apache.catalina.connector.RequestFacade@2ca7d226

servletPath:/j_spring_security_check
pathInfo:null

Security filter chain: [
  SecurityContextPersistenceFilter
  MutableLogoutFilter
  RequestHolderAuthenticationFilter
  SecurityContextHolderAwareRequestFilter
  GrailsRememberMeAuthenticationFilter
  GrailsAnonymousAuthenticationFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]
************************************************************
2015-05-20 21:35:55.705 [http-bio-8080-exec-10] grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter
 DEBUG Request is to process authentication
2015-05-20 21:35:55.773 [http-bio-8080-exec-10] net.sf.ehcache.store.disk.Segment
...
2015-05-20 21:35:55.805 [http-bio-8080-exec-10] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/foo].[default]
 ERROR Servlet.service() for servlet [default] in context with path [/foo] threw exception
java.lang.NullPointerException
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:216)
    at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    at grails.plugin.springsecurity.web.filter.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:102)
    at grails.plugin.springsecurity.web.filter.DebugFilter.doFilter(DebugFilter.java:69)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:69)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)
2015-05-20 21:35:55.806 [http-bio-8080-exec-10] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost]
 DEBUG Processing ErrorPage[errorCode=500, location=/grails-errorhandler]
2015-05-20 21:35:55.807 [http-bio-8080-exec-10] org.apache.catalina.core.StandardWrapper
 DEBUG Allocating non-STM instance
2015-05-20 21:35:55.808 [http-bio-8080-exec-10] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/foo]
 INFO  Initializing Spring FrameworkServlet 'grails-errorhandler'
2015-05-20 21:35:55.821 [http-bio-8080-exec-10] grails.plugin.springsecurity.web.filter.DebugFilter
 INFO  
...

Investigating the AbstractAuthenticationProcessingFilter source code at 216 we've got:

sessionStrategy.onAuthentication(authResult, request, response);

I suppose that the sessionStrategy might be null.

Thus, what should I do to get sessionStrategy initialised properly?

Here's my Config.groovy:

//######### Spring Security Core plugin:

grails.plugin.springsecurity.userLookup.userDomainClassName = 'br.com.foo.domain.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'br.com.foo.domain.UserRole'
grails.plugin.springsecurity.authority.className = 'br.com.foo.domain.Role'

//maintain the previous encryption
grails.plugin.springsecurity.password.algorithm = 'SHA-256'
grails.plugin.springsecurity.password.hash.iterations = 1

grails.plugin.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.onInteractiveAuthenticationSuccessEvent = { e, appCtx ->
    appCtx.userService.onAuthenticationSuccessEvent()
}
grails.plugin.springsecurity.useHttpSessionEventPublisher = true

grails.plugin.springsecurity.sessionFixationPrevention.alwaysCreateSession = true

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    '/':                              ['permitAll'],
    '/index':                         ['permitAll'],
    '/index.gsp':                     ['permitAll'],
    '/assets/**':                     ['permitAll'],
    '/**/js/**':                      ['permitAll'],
    '/**/css/**':                     ['permitAll'],
    '/**/images/**':                  ['permitAll'],
    '/**/favicon.ico':                ['permitAll']
]

Cheers.

1
grailsspring-security

1 Answers

0
votes

OK, I reckon I found how to initiate the sessionStrategy:

In the file: /conf/resources.groovy I added:

import org.springframework.security.core.session.SessionRegistryImpl
import org.springframework.security.web.session.ConcurrentSessionFilter
import org.springframework.security.web.session.SessionManagementFilter
import org.springframework.security.web.context.HttpSessionSecurityContextRepository
import org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy

// Place your Spring DSL code here
beans = {

    sessionRegistry(SessionRegistryImpl)

    concurrentSessionFilter(ConcurrentSessionFilter) {
        sessionRegistry = ref('sessionRegistry')
        logoutHandlers = [ref("rememberMeServices"), ref("securityContextLogoutHandler")]
        expiredUrl='/login/auth'
    }

    //Spring Security Session Expired Configuration
    simpleRedirectInvalidSessionStrategy(SimpleRedirectInvalidSessionStrategy, "/login/auth")
    securityContextRepository(HttpSessionSecurityContextRepository)
    sessionManagementFilter(SessionManagementFilter, securityContextRepository) {
      invalidSessionStrategy=ref('simpleRedirectInvalidSessionStrategy')
    }
}

And in the file cont/Bootstrap.groovy, I added:

import org.springframework.security.core.context.SecurityContextHolder

class BootStrap {

    def init = { servletContext ->

        SpringSecurityUtils.clientRegisterFilter('concurrentSessionFilter', SecurityFilterPosition.CONCURRENT_SESSION_FILTER)
    SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL)
           } 
}

And now it is all working just fine.

Cheers.