Spring security problem when using Pretty Faces

Splash Forums PrettyFaces Users Spring security problem when using Pretty Faces

This topic contains 2 replies, has 2 voices, and was last updated by  Christian Kaltepoth 9 years, 5 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #18648


    Hi all,

    I’m struggling with a strange problem that logs me out suddenly when using Spring Security 3.1 + Pretty Faces 3.3.3 for JSF 1.2. Without Pretty Faces everything works smoothly (login, logout & authorization); with PF enabled, the problem occurs in pages that have mapped in pretty-config.xml, I lost the authentication and I’ve been redirected to the login page, without any reason.

    Another problem is that if I have a pretty URL (e.g. http://localhost:8080/app/showDetails?id=1) and I’m not authenticated, the login form is shown but when I authenticate correctly I’m not redirected to the original request and also the relative action is not executed.

    Attached you can find web.xml, security-context.xml and pretty-config.xml.

    As a side note, I’m doing an upgrade from Spring Security 2.0.4 to 3.1. Before the upgrade everything works.



    I solved the problem related to the redirect, it was a Spring Security config thing. I’m only fighting with the sudden logout :D


    For some reason the other posts on this topic disappeared. I’m summing up the solution here so that others running into the problem can fix it.

    The problem was that the Spring Security Filter was placed before the PrettyFilter with dispatcher settings for REQUEST and FORWARD. Therefore the Spring Security filter was executed twice, once for the incoming pretty URL and another time after PrettyFaces forwarded the request. The solution for the problem is to remove the dispatcher settings from the Spring Security filter so that it only applies to incoming request and not to forwarded ones.

Viewing 3 posts - 1 through 3 (of 3 total)

The forum ‘PrettyFaces Users’ is closed to new topics and replies.

Comments are closed.