Welcome to the Java Programming Forums


The professional, friendly Java community. 21,500 members and growing!


The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.


>> REGISTER NOW TO START POSTING


Members have full access to the forums. Advertisements are removed for registered users.

Results 1 to 2 of 2

Thread: Secure JSF Facelets application with Spring Security

  1. #1
    Member
    Join Date
    Sep 2011
    Posts
    63
    My Mood
    Confused
    Thanks
    7
    Thanked 0 Times in 0 Posts

    Default Secure JSF Facelets application with Spring Security

    Im having a real problem configuring JSF facelets to work with Spring Security. At the moment my custom login page just seems to resolve back to itself and doesn't actually perform any authentication checks. When I don't specify a custom login page it all works fine, furthermore if I setup the whole application without JSF and just use JSP it all works fine... but when I try to set it up using JSF Facelets I can't seem to get the custom login page to submit the credentials to the authentication process. I have spent 2 days trying to figure this one out and I've gone right back to basics to find the problem.

    Here is the basic project file structure:
    project-file-tree.jpg

    Here is the web.xml:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/applicationContext.xml</param-value>
        </context-param>
        <context-param>
            <param-name>javax.faces.PROJECT_STAGE</param-name>
            <param-value>Development</param-value>
        </context-param>
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
            <dispatcher>REQUEST</dispatcher>
            <dispatcher>FORWARD</dispatcher>
            <dispatcher>INCLUDE</dispatcher>
            <dispatcher>ERROR</dispatcher>
        </filter-mapping>
        <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>
        <servlet>
            <servlet-name>dispatcher</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <load-on-startup>2</load-on-startup>
        </servlet>
        <servlet>
            <servlet-name>Faces Servlet</servlet-name>
            <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
            <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
            <servlet-name>dispatcher</servlet-name>
            <url-pattern>*.htm</url-pattern>
        </servlet-mapping>
        <servlet-mapping>
            <servlet-name>Faces Servlet</servlet-name>
            <url-pattern>/faces/*</url-pattern>
        </servlet-mapping>
        <session-config>
            <session-timeout>
                30
            </session-timeout>
        </session-config>
        <welcome-file-list>
            <welcome-file>faces/index.xhtml</welcome-file>
        </welcome-file-list>
    </web-app>

    Here is the applicationContext.xml:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
                 xmlns:beans="http://www.springframework.org/schema/beans"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xmlns:p="http://www.springframework.org/schema/p"
                 xmlns:aop="http://www.springframework.org/schema/aop"
                 xmlns:tx="http://www.springframework.org/schema/tx"
                 xsi:schemaLocation="http://www.springframework.org/schema/beans 
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/aop 
           http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
           http://www.springframework.org/schema/tx 
           http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.1.xsd">
     
        <http auto-config='true'>
            <intercept-url pattern="/faces/account/**" access="ROLE_USER" />
            <intercept-url pattern="/account/**" access="ROLE_USER" />
            <form-login login-page='/faces/authentication/login.xhtml' 
                        default-target-url='/faces/account/dashboard.xhtml'
                        login-processing-url='/j_spring_security_check' />
            <logout logout-url="/faces/authentication/logout.xhtml"
                    logout-success-url="/" />
        </http>    
     
        <authentication-manager>
            <authentication-provider>
                <user-service>
                    <user name="admin" password="111111" authorities="ROLE_USER, ROLE_ADMIN" />
                    <user name="user" password="222222" authorities="ROLE_USER" />
                </user-service>
            </authentication-provider>
        </authentication-manager>
     
        <!--bean id="propertyConfigurer"
              class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
              p:location="/WEB-INF/jdbc.properties" />
     
        <bean id="dataSource"
              class="org.springframework.jdbc.datasource.DriverManagerDataSource"
              p:driverClassName="${jdbc.driverClassName}"
              p:url="${jdbc.url}"
              p:username="${jdbc.username}"
              p:password="${jdbc.password}" /-->
     
        <!-- ADD PERSISTENCE SUPPORT HERE (jpa, hibernate, etc) -->
     
    </beans:beans>
    Last edited by tarkal; March 7th, 2012 at 05:04 PM.


  2. #2
    Member
    Join Date
    Sep 2011
    Posts
    63
    My Mood
    Confused
    Thanks
    7
    Thanked 0 Times in 0 Posts

    Default Re: Secure JSF Facelets application with Spring Security

    For anybody else interested the problem was from the web.xml faces config. This is what it should have looked like:

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    	version="3.0">
     
    	<!-- CONTEXT PARAMETERS -->
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>
                /WEB-INF/applicationContext.xml
            </param-value>
    	</context-param>
    	<context-param>
    		<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
    		<param-value>.xhtml</param-value>
    	</context-param>
    	<context-param>
    		<param-name>log4jConfigLocation</param-name>
    		<param-value>/WEB-INF/log4j.xml</param-value>
    	</context-param>
     
     
     
     
    	<!-- LISTENER DECLARATION -->
    	<listener>
    		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
    	</listener>
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
     
     
     
    	<!-- FILTER DECLARATION -->
    	<filter>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    	</filter>
    	<filter-mapping>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<url-pattern>/*</url-pattern>
    		<dispatcher>FORWARD</dispatcher>
    		<dispatcher>REQUEST</dispatcher>
    	</filter-mapping>
     
     
     
    	<!-- SERVLET DECLARATION -->
    	<servlet>
    		<servlet-name>Faces Servlet</servlet-name>
    		<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    		<load-on-startup>1</load-on-startup>
    	</servlet>
    	<servlet-mapping>
    		<servlet-name>Faces Servlet</servlet-name>
    		<url-pattern>*.jsf</url-pattern>
    	</servlet-mapping>
    	<servlet-mapping>
    		<servlet-name>Faces Servlet</servlet-name>
    		<url-pattern>*.xhtml</url-pattern>
    	</servlet-mapping>
     
     
    	<!-- WELCOME PAGES -->
    	<welcome-file-list>
    		<welcome-file>/index.html</welcome-file>
    	</welcome-file-list>
     
     
    </web-app>

Similar Threads

  1. spring remember me
    By mr.miku in forum Web Frameworks
    Replies: 0
    Last Post: November 19th, 2011, 01:17 PM
  2. Java ClassLoader: How to make it secure and stable
    By GavinL in forum Java Theory & Questions
    Replies: 0
    Last Post: November 2nd, 2011, 05:15 AM
  3. struts2 is better or spring?
    By the light in forum Web Frameworks
    Replies: 0
    Last Post: June 26th, 2011, 11:10 AM
  4. Sometimes users see other's secure data over ssl on jsp struts and glassfish
    By amirali1982 in forum JavaServer Pages: JSP & JSTL
    Replies: 0
    Last Post: December 30th, 2010, 05:40 AM
  5. Spring Mvc 404 error
    By jadeite100 in forum Web Frameworks
    Replies: 2
    Last Post: January 5th, 2010, 07:47 PM