Re: [solved] Problem Spring Security + PrettyFaces

Splash Forums PrettyFaces Users [solved] Problem Spring Security + PrettyFaces Re: [solved] Problem Spring Security + PrettyFaces

#20083

denebj
Participant

Hello Lincoln ^^

For the filter here what I have in the Spring Documentation :

Attribute : filters

The filter list for the path. Currently can be set to “none” to remove a path from having any filters

applied. The full filter stack (consisting of all filters created by the namespace configuration, and any

added using ‘custom-filter’), will be applied to any other paths.

So it is allowing me to access the Login page when I have the pretty faces activated for this page.

So in order to clean a little bit and see where there is something wrong, I removed my custom user details and authentification info from the spring configuration and put a generic one such as :

<authentication-manager alias=”authenticationManager”>

<authentication-provider>

<user-service>

<user name=”jim” password=”jim” authorities=”ROLE_USER” />

<user name=”bob” password=”bob” authorities=”ROLE_USER” />

</user-service>

</authentication-provider>

</authentication-manager>

But nothing changed, I still have the same issue (When I am mapping the pretty face URL to the login page => Bad Credentials), I print the stack of the error :

org.springframework.security.authentication.BadCredentialsException: Bad credentials

at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:127)

at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:130)

at org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:48)

at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:148)

at org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:48)

at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:97)

at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)

at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)

at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)

at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:109)

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)

at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)

at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)

at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)

at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)

at com.beans.login.Login.doLogin(Login.java:106)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at org.apache.el.parser.AstValue.invoke(AstValue.java:172)

at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)

at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)

at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)

at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)

at javax.faces.component.UICommand.broadcast(UICommand.java:394)

at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:329)

at org.ajax4jsf.component.AjaxViewRoot.broadcastEventsForPhase(AjaxViewRoot.java:304)

at org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:261)

at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:474)

at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)

at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)

at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)

at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206)

at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)

at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)

at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at com.ocpsoft.pretty.PrettyFilter.doFilter(PrettyFilter.java:112)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:143)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)

at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)

at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)

at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)

at com.ocpsoft.pretty.PrettyFilter.doFilter(PrettyFilter.java:103)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:143)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:558)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

at java.lang.Thread.run(Thread.java:619)

Unfortunatly I cannot provide code or sample :/

I actually saw tyour article on spring security, this is the first link I went through when this error occured ^^

I posted this issue on the Spring forum too, the lead I am following now :

” You have a stacktrace, so take a look at the the code. (https://fisheye.springsource.org/browse/spring-security/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java?r=85c4c91e0eec566acd97a337f2d9240b484031ee#l127)

The user isn’t being found – the UsernameNotFoundException is hidden by default to avoid leaking information to the client.

Break the problem down – the faces stuff is just adding extra complexity. Write a test case which loads the part of your application context that contains the AuthenticationManager, and call the bean directly (passing a UsernamePasswordAuthenticationToken instance to it). Make sure you can get that working before you add the web stuff.”

Again thanks for you help :)

PS: Should I make an other thread for the context path removal ? Maybe it is better for this other people to see if they are looking for a solution too.