I’m struggling with a strange problem that logs me out suddenly when using Spring Security 3.1 + Pretty Faces 3.3.3 for JSF 1.2. Without Pretty Faces everything works smoothly (login, logout & authorization); with PF enabled, the problem occurs in pages that have mapped in pretty-config.xml, I lost the authentication and I’ve been redirected to the login page, without any reason.
Another problem is that if I have a pretty URL (e.g. http://localhost:8080/app/showDetails?id=1) and I’m not authenticated, the login form is shown but when I authenticate correctly I’m not redirected to the original request and also the relative action is not executed.
Attached you can find web.xml, security-context.xml and pretty-config.xml.
As a side note, I’m doing an upgrade from Spring Security 2.0.4 to 3.1. Before the upgrade everything works.
For some reason the other posts on this topic disappeared. I’m summing up the solution here so that others running into the problem can fix it.
The problem was that the Spring Security Filter was placed before the PrettyFilter with dispatcher settings for REQUEST and FORWARD. Therefore the Spring Security filter was executed twice, once for the incoming pretty URL and another time after PrettyFaces forwarded the request. The solution for the problem is to remove the dispatcher settings from the Spring Security filter so that it only applies to incoming request and not to forwarded ones.
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic.
Comments are closed.
Get updates from OCPSoft
If you find our tools useful, please consider making a donation to help us stay online and building software!