Waffle throws AccessDeniedException if non-localhost access

Jan 8, 2013 at 9:53 AM

Hi Folks,

I setup Tomcat 6 with Spring Security and Waffle as described in the help file. When I access my tomcat from the same machine (i.e. via localhost) everything works fine, but, when I try that from another machine, tomcat/spring/waffle throws the following error:

 

10:36:57.489 [http-8080-1] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90550640: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: XXXREMOVEDXXX; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
10:36:57.509 [http-8080-1] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@47098a, returned: 0
10:36:57.519 [http-8080-1] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@1c3432a, returned: -1
10:36:57.529 [http-8080-1] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
	org.springframework.security.access.AccessDeniedException: Access is denied
        at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-
		

 

I started Tomcat via command line (either as admin or default user) or as a Windows Service (user local system). 

Does anyone have an idea what I could try?

Many thanks in advance

John

---

IeHTTPHeaders:

GET /test HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, */*
Accept-Language: de
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; AskTbSTC-SRS/5.13.1.18132)
Accept-Encoding: gzip, deflate
Host: pc-032:8080
Connection: Keep-Alive
Cookie: JSESSIONID=E33691679D8C6A0E5CB9A78607ED3E82

HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Connection: keep-alive
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="BasicSecurityFilterProvider"
Transfer-Encoding: chunked
Date: Tue, 08 Jan 2013 09:51:24 GMT

GET /test HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, */*
Accept-Language: de
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; AskTbSTC-SRS/5.13.1.18132)
Accept-Encoding: gzip, deflate
Host: pc-032:8080
Connection: Keep-Alive
Authorization: Negotiate YIIFJAYGKwYBBQUCo....
Cookie: JSESSIONID=E33691679D8C6A0E5CB9A78607ED3E82

HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate oXsweaADCgEBoQsGCSqGSIL3EgEC....
Connection: keep-alive
Transfer-Encoding: chunked
Date: Tue, 08 Jan 2013 09:51:24 GMT

GET /test HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, */*
Accept-Language: de
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; AskTbSTC-SRS/5.13.1.18132)
Accept-Encoding: gzip, deflate
Host: pc-032:8080
Connection: Keep-Alive
Authorization: Negotiate oYIE8jCCBO6iggTqBIIE...
Cookie: JSESSIONID=E33691679D8C6A0E5CB9A78607ED3E82

HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate oW4wbKADCgEBomUEY2BhBgkqhkiG9....
Connection: keep-alive
Transfer-Encoding: chunked
Date: Tue, 08 Jan 2013 09:51:24 GMT

Coordinator
Jan 9, 2013 at 3:46 PM

 

WAFFLE HAS MOVED TO GITHUB
WAFFLE HAS MOVED TO GITHUB

WAFFLE HAS MOVED TO GITHUB
WAFFLE HAS MOVED TO GITHUB

 

WAFFLE HAS MOVED TO GITHUB
WAFFLE HAS MOVED TO GITHUB

 

WAFFLE HAS MOVED TO GITHUB
WAFFLE HAS MOVED TO GITHUB

DONT POST HERE - GO HERE. The new home is http://dblock.github.com/waffle/.

DONT POST HERE - GO HERE. The new home is http://dblock.github.com/waffle/.

 

DONT POST HERE - GO HERE. The new home is http://dblock.github.com/waffle/.

 

DONT POST HERE - GO HERE. The new home is http://dblock.github.com/waffle/.

 

DONT POST HERE - GO HERE. The new home is http://dblock.github.com/waffle/.

We're going to give up the discussions here and move to THIS GOOGLE GROUP, please subscribe and stop posting questions here.

 

DONT POST HERE - GO HERE. The new home is http://dblock.github.com/waffle/.

DONT POST HERE - GO HERE. The new home is http://dblock.github.com/waffle/.

 

DONT POST HERE - GO HERE. The new home is http://dblock.github.com/waffle/.

 

DONT POST HERE - GO HERE. The new home is http://dblock.github.com/waffle/.

 

DONT POST HERE - GO HERE. The new home is http://dblock.github.com/waffle/.