Re: Spring Security 3 authentication url forward

Splash Forums PrettyFaces Users Spring Security 3 authentication url forward Re: Spring Security 3 authentication url forward

#20881

antideluk
Participant

I just somehow made a “hack” for this problem. As i was debugging it come out that the parameters of the redirect request where the same parameters that the login page was sending.

Somehow the RequestDispatcher is oblivious of any parameter passed in the url rewriting that I made like this:

RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
.getRequestDispatcher(url.toString());

Where url was resolved to “/j_spring_security_check?j_username=user&j_password=password”. As you see, those parameters got lost when doing the forward BUT not the parameters send by the login page, I mean the components id that JSF generates.

So, I decided to put the Ids of the user name and password fields and set the prependId of the form to false. This way the parameters are send in the original request that the PrettyFilter and the Spring Security Filter Chain somehow Wrapps and the UsernamePasswordAuthenticationFilter can get the “j_username” and “j_password” from the request.

Here is what I have done with the page:

<h:form prependId="false">
<div align="center">
<h:panelGrid columns="2">
<h:outputLabel
value="#{msg['com.hospital.web.login.userNameLabel']}" />
<p:inputText id="j_username" value="#{loginBean.userName}" />
<h:outputLabel
value="#{msg['com.hospital.web.login.passwordLabel']}" />
<h:inputSecret id="j_password" value="#{loginBean.password}" />

<p:commandButton ajax="false"
value="#{msg['com.hospital.web.login.doLoginLabel']}"
action="#{loginBean.doLogin}" />
</h:panelGrid>
</div>
</h:form>

And that makes my authentication work… Do you guys have any idea of what was happening? At this moment I do not know if it was a bug made by me or any of the filters.