Spring Security 3 authentication url forward

Splash Forums PrettyFaces Users Spring Security 3 authentication url forward

This topic contains 6 replies, has 2 voices, and was last updated by  antideluk 6 years, 5 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #17909

    antideluk
    Participant

    Hi everyone.

    I am having trouble when forwarding to Spring Security 3 authentication URL. I seems that the UsernamePasswordAuthenticationFilter gets a null value when obtaining the parameter “j_username”. The log says this:

    2011-04-14 19:13:58,043 [DEBUG] (“http-bio-8080″-exec-9): Query returned no results for user ”

    2011-04-14 19:13:58,044 [DEBUG] (“http-bio-8080″-exec-9): User ” not found

    2011-04-14 19:13:58,044 [DEBUG] (“http-bio-8080”-exec-9): Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

    Here is the project so you can see what happens.

    This was not happening until I implemented PrettyFaces, so I guess I am doing something wrong.

    http://www.megaupload.com/?d=MGE83HED

    Please, any help would be wonderful.

    BTW, many things are in spanish, if you need translation just tell me.

    Rgrds

    antideluk

    #20877

    antideluk
    Participant

    LoL I just readed this one: http://ocpsoft.com/support/topic/url-parameters-get-lost-when-switching-to-new-jsf-page#post-419

    Maybe this is like that one.

    Also I have been debugging the app and it seems that the request is wrapped by a myriad of Spring and Prettyfaces RequestWrappers, of which none of them has the parameters “j_username” or “j_password” so…

    #20878

    Without seeing your code, there’s not much we can do to help here. We need to know your versions of libraries, web-server, and please post your web.xml and pretty-config.xml

    Thanks,

    Lincoln

    #20879

    antideluk
    Participant

    Hi Mr. Lincoln, my code was here http://www.megaupload.com/?d=MGE83HED… but as you request here is the stuff:

    Version of Libraries:

    <prime.version>2.2.1</prime.version> <– Primefaces

    <spring.version>3.0.5.RELEASE</spring.version> <– Spring

    <pretty.version>3.2.0</pretty.version> <– PrettyFaces

    <jsfapi.version>2.1.1-b04</jsfapi.version> <– JSF 2 API

    <jsfimpl.version>2.1.0-b11</jsfimpl.version> <– JSF 2 Impl

    Web server: Apache Tomcat 7, latest version

    Web.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app id="WebApp_ID" version="2.5"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <!-- Context Params -->
    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/configs/application-context.xml</param-value>
    </context-param>
    <context-param>
    <param-name>javax.faces.CONFIG_FILES</param-name>
    <param-value>/WEB-INF/configs/faces-config.xml</param-value>
    </context-param>
    <context-param>
    <param-name>com.ocpsoft.pretty.CONFIG_FILES</param-name>
    <param-value>/WEB-INF/configs/pretty-config.xml</param-value>
    </context-param>
    <context-param>
    <param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
    <param-value>true</param-value>
    </context-param>
    <context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
    </context-param>
    <context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>server</param-value>
    </context-param>
    <!-- <context-param> <param-name>primefaces.THEME</param-name> <param-value>none</param-value>
    </context-param> -->

    <!-- Servlets and mappings -->
    <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.xhtml</url-pattern>
    </servlet-mapping>

    <!-- Filters and mappings -->
    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    </filter-mapping>

    <filter>
    <filter-name>prettyFilter</filter-name>
    <filter-class>com.ocpsoft.pretty.PrettyFilter</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>prettyFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>

    <filter>
    <filter-name>PrimeFaces FileUpload Filter</filter-name>
    <filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
    <init-param>
    <param-name>thresholdSize</param-name>
    <param-value>100000</param-value>
    </init-param>
    <init-param>
    <param-name>uploadDirectory</param-name>
    <param-value>/WEB-INF/registros</param-value>
    </init-param>
    </filter>
    <filter-mapping>
    <filter-name>PrimeFaces FileUpload Filter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>

    <!-- Listeners -->
    <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    </web-app>

    Pretty config

    <?xml version="1.0" encoding="UTF-8"?>
    <pretty-config xmlns="http://ocpsoft.com/prettyfaces/3.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://ocpsoft.com/prettyfaces/3.2.0
    http://ocpsoft.com/xml/ns/prettyfaces/ocpsoft-pretty-faces-3.2.0.xsd">

    <url-mapping id="home">
    <pattern value="/" />
    <view-id value="/WEB-INF/pages/home.xhtml" />
    </url-mapping>

    <url-mapping id="login">
    <pattern value="/login" />
    <view-id value="/WEB-INF/pages/login.xhtml" />
    </url-mapping>

    </pretty-config>

    LoginBean

    ExternalContext context = FacesContext.getCurrentInstance()
    .getExternalContext();

    StringBuilder url = new StringBuilder(
    Constantes.SPRING_LOGIN_PROCESS_URL).append("?")
    .append(Constantes.SPRING_LOGIN_USERNAME_PARAMETER).append("=")
    .append(this.userName).append("&")
    .append(Constantes.SPRING_LOGIN_PASSWORD_PARAMETER).append("=")
    .append(this.password);

    log.debug("Forwarding to authentication url '{}'", url.toString());

    RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
    .getRequestDispatcher(url.toString());

    dispatcher.forward((ServletRequest) context.getRequest(),
    (ServletResponse) context.getResponse());

    FacesContext.getCurrentInstance().responseComplete();
    return null;

    #20880

    antideluk
    Participant

    Also, here is the spring configs if you need them:

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sec="http://www.springframework.org/schema/security" xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">

    <sec:http auto-config="true">
    <sec:intercept-url pattern="/**" />
    <!-- Mapeos a recursos de la aplicacion, sin filtros de seguridad para optimizar -->
    <!-- No filtrar los recursos de JSF -->
    <sec:intercept-url pattern="/javax.faces.resource/**" filters="none" />
    <!-- No filtrar las paginas a las que redirige el pretty filter, es redundante -->
    <sec:intercept-url pattern="/WEB-INF/pages/**" filters="none" />
    <!-- No filtrar los recursos estaticos agregados manualmente -->
    <sec:intercept-url pattern="/static/**" filters="none" />

    <sec:form-login login-processing-url="/j_spring_security_check" login-page="/login"
    authentication-failure-url="/login?error=true" />

    </sec:http>

    <sec:authentication-manager>
    <sec:authentication-provider>
    <sec:jdbc-user-service data-source-ref="dataSource" />
    </sec:authentication-provider>
    </sec:authentication-manager>

    </beans>

    #20881

    antideluk
    Participant

    I just somehow made a “hack” for this problem. As i was debugging it come out that the parameters of the redirect request where the same parameters that the login page was sending.

    Somehow the RequestDispatcher is oblivious of any parameter passed in the url rewriting that I made like this:

    RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
    .getRequestDispatcher(url.toString());

    Where url was resolved to “/j_spring_security_check?j_username=user&j_password=password”. As you see, those parameters got lost when doing the forward BUT not the parameters send by the login page, I mean the components id that JSF generates.

    So, I decided to put the Ids of the user name and password fields and set the prependId of the form to false. This way the parameters are send in the original request that the PrettyFilter and the Spring Security Filter Chain somehow Wrapps and the UsernamePasswordAuthenticationFilter can get the “j_username” and “j_password” from the request.

    Here is what I have done with the page:

    <h:form prependId="false">
    <div align="center">
    <h:panelGrid columns="2">
    <h:outputLabel
    value="#{msg['com.hospital.web.login.userNameLabel']}" />
    <p:inputText id="j_username" value="#{loginBean.userName}" />
    <h:outputLabel
    value="#{msg['com.hospital.web.login.passwordLabel']}" />
    <h:inputSecret id="j_password" value="#{loginBean.password}" />

    <p:commandButton ajax="false"
    value="#{msg['com.hospital.web.login.doLoginLabel']}"
    action="#{loginBean.doLogin}" />
    </h:panelGrid>
    </div>
    </h:form>

    And that makes my authentication work… Do you guys have any idea of what was happening? At this moment I do not know if it was a bug made by me or any of the filters.

    #20882

    antideluk
    Participant
Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

Comments are closed.