October 16th, 2008 by Derek Hollis

Acegi/Spring Security JSF Integration Project continued

We’ve gotten a good number of comments from Lincoln’s latest post on Spring Security and JSF.  A few comments have asked for further code samples on how to get this example working. We created a runnable project for this example, and it can be downloaded here. All you need to do is extract the project to your workspace (We use Eclipse), and import the project.  Add the project to your server and start it up.  Next open your browser and navigate to: http://localhost:8080/springsecurity/ Note*: You’ll need to change the URL to your server port number if it isn’t set to 8080. Assuming all the steps above worked successfully you should see a page like the one below.

Now click on the Secret link.  This should force you to the login page.  The Secret page requires authentication to view.  Go ahead and type in the User: rod  Password: koala

You should now be redirected to the Secret page (shown below).

Go back to the Home page and try Logout, and Login with bad credentials and see what you get.  I hope this project helps to tie up any loose ends, and helps answer any outstanding questions.

Posted in Java, JSF, Spring

10 Comments

  1. […] can see a working example of this guide here. […]

  2. Tyler says:

    Just a note, the login/secret pages will not work in all of IE (I haven’t tested it extensively). Check out the following post to see what I am referring to:

    http://mail-archives.apache.org/mod_mbox/tomcat-users/200409.mbox/%3C414BC539.1010204@globalmentor.com%3E

  3. Anselmo says:

    In page Login.jspx

    change de omit-xml-declaration = “true”/>

    you need the value to true to work in Internet Explorer

  4. John says:

    Hello, very interesting… But I think if there is any way to customize authorization needs because I want to create some in runtime. the roles in xml file are so hard-coded…

  5. david says:

    Hi,

    Thank for sharing your work.
    I have nonetheless a remark.
    One authenticated, if i browse to the login-page(http://localhost:8090/springsecurity/faces/login.jsf), it allows me to enter my credential still.
    However, i am already logged.
    Not convenience… Logic would expect to be redirected to default-target-url.
    If you have a clean solution for this problem, i am taker…

    1. Lincoln says:

      You could hide the login link, use http://ocpsoft.com/prettyfaces/ to add a page-action that redirects to the home-page, or add logic in the page that displays a message like, “You are already logged in” instead of the login form (rendered=”#{loginBean.loggedIn}”). –loginBean is just an example … you’d have to find or make something that gives you the user’s logged in status.

  6. paomo says:

    Hi,

    Thank for sharing your work.
    but when I use .xhtml which in applicationContext-security.xml a download window pop up after submit login button.please.

    my applicationContext-security.xml

    and web.xml
    To be able to identify .xhtml I slightly changed the web.xml file

    org.springframework.security.web.session.HttpSessionEventPublisher

    springSecurityFilterChain
    org.springframework.web.filter.DelegatingFilterProxy

    springSecurityFilterChain
    *.xhtml
    FORWARD
    REQUEST

    but it still pop up download.How can I do?

  7. Héctor says:

    hola. estoy usando tomcat 6 y me muestra esta

    java.lang.UnsupportedOperationException
    javax.faces.application.Application.getResourceHandler(Application.java:282)
    javax.faces.webapp.FacesServlet.service(FacesServlet.java:303)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:359)
    org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
    org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
    org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
    org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
    org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
    org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:109)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
    org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
    org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:173)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
    org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:271)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
    org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
    org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
    org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:174)
    org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

  8. camilo casadiego says:

    HI there…im having an issue…im using spring integrated with this….when i make the redirect i get this exception

    Jul 7, 2011 2:54:22 PM org.apache.catalina.core.ApplicationDispatcher invoke
    SEVERE: Servlet.service() for servlet default threw exception
    java.lang.StringIndexOutOfBoundsException: String index out of range: -1

    and when im checking the security log…it seams tha it isn’t recieving the credentials

    Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@12ae3: Principal: ; Password: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: BA9ECC1D260355A520AD31AE885E1615; Not granted any authorities]

    except that im using xhtml…and a combo and a second button in the login page, everithing is the same…any ideas???

  9. Sergio says:

    And with PrimeFaces and JSF 2.0?

Reply to Sergio




Please note: In order to submit code or special characters, wrap it in

[code lang="xml"][/code]
(for your language) - or your tags will be eaten.

Please note: Comment moderation is enabled and may delay your comment from appearing. There is no need to resubmit your comment.