Acegi/Spring Security JSF Integration Project continued
We’ve gotten a good number of comments from Lincoln’s latest post on Spring Security and JSF. A few comments have asked for further code samples on how to get this example working.
We created a runnable project for this example, and it can be downloaded here.
All you need to do is extract the project to your workspace (We use Eclipse), and import the project. Add the project to your server and start it up. Next open your browser and navigate to:
http://localhost:8080/springsecurity/
Note*: You’ll need to change the URL to your server port number if it isn’t set to 8080.
Assuming all the steps above worked successfully you should see a page like the one below.
Now click on the Secret link. This should force you to the login page. The Secret page requires authentication to view. Go ahead and type in the User: rod Password: koala
You should now be redirected to the Secret page (shown below).
Go back to the Home page and try Logout, and Login with bad credentials and see what you get. I hope this project helps to tie up any loose ends, and helps answer any outstanding questions.
[…] can see a working example of this guide here. […]
Just a note, the login/secret pages will not work in all of IE (I haven’t tested it extensively). Check out the following post to see what I am referring to:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200409.mbox/%3C414BC539.1010204@globalmentor.com%3E
In page Login.jspx
change de omit-xml-declaration = “true”/>
you need the value to true to work in Internet Explorer
Hello, very interesting… But I think if there is any way to customize authorization needs because I want to create some in runtime. the roles in xml file are so hard-coded…
Hi,
Thank for sharing your work.
I have nonetheless a remark.
One authenticated, if i browse to the login-page(http://localhost:8090/springsecurity/faces/login.jsf), it allows me to enter my credential still.
However, i am already logged.
Not convenience… Logic would expect to be redirected to default-target-url.
If you have a clean solution for this problem, i am taker…
You could hide the login link, use http://ocpsoft.com/prettyfaces/ to add a page-action that redirects to the home-page, or add logic in the page that displays a message like, “You are already logged in” instead of the login form (rendered=”#{loginBean.loggedIn}”). –loginBean is just an example … you’d have to find or make something that gives you the user’s logged in status.
Hi,
Thank for sharing your work.
but when I use .xhtml which in applicationContext-security.xml a download window pop up after submit login button.please.
my applicationContext-security.xml
and web.xml
To be able to identify .xhtml I slightly changed the web.xml file
org.springframework.security.web.session.HttpSessionEventPublisher
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
*.xhtml
FORWARD
REQUEST
but it still pop up download.How can I do?
hola. estoy usando tomcat 6 y me muestra esta
java.lang.UnsupportedOperationException
javax.faces.application.Application.getResourceHandler(Application.java:282)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:303)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:359)
org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:109)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:173)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:271)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:174)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
HI there…im having an issue…im using spring integrated with this….when i make the redirect i get this exception
Jul 7, 2011 2:54:22 PM org.apache.catalina.core.ApplicationDispatcher invoke
SEVERE: Servlet.service() for servlet default threw exception
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
and when im checking the security log…it seams tha it isn’t recieving the credentials
Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@12ae3: Principal: ; Password: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: BA9ECC1D260355A520AD31AE885E1615; Not granted any authorities]
except that im using xhtml…and a combo and a second button in the login page, everithing is the same…any ideas???
And with PrimeFaces and JSF 2.0?