Announcement Announcement Module
Collapse
No announcement yet.
Authentication with Spring Security 3.0.5 + JSF 1.2 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authentication with Spring Security 3.0.5 + JSF 1.2

    First of all, sorry for my bad english (a mysterious language for me ... w google translate!!! :mrgreen: )

    I'm doing a web application with the framework in subject (more iBatis for management of persistence in db) and the problem is that......despite a successful implementation of the form Spring Security, the authentication doesn't work :banghead:

    For the accuracy.....after Login, don't enter in the method loadUserByUsername!!!!
    I tried debugging with Eclipse but...nothing.....

    Here's some code:

    web.xml
    Code:
    <context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>
    			/WEB-INF/applicationContext-security.xml
    		</param-value>
     	</context-param>
    
     <context-param>
      <param-name>org.richfaces.SKIN</param-name>
      <param-value>blueSky</param-value>
     </context-param>
     <context-param>
      <param-name>org.richfaces.CONTROL_SKINNING</param-name>
      <param-value>enable</param-value>
     </context-param>
     <context-param>
      <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
      <param-value>client</param-value>
     </context-param>
     <context-param>
      <param-name>org.ajax4jsf.VIEW_HANDLERS</param-name>
      <param-value>com.sun.facelets.FaceletViewHandler</param-value>
     </context-param>
    
    
     <filter>
      <display-name>RichFaces Filter</display-name>
      <filter-name>richfaces</filter-name>
      <filter-class>org.ajax4jsf.Filter</filter-class>
      <init-param>
       <param-name>enable-cache</param-name>
       <param-value>false</param-value>
      </init-param>
     </filter>
     
      <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
    
        <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
          <url-pattern>/*</url-pattern>
          	<dispatcher>FORWARD</dispatcher>
    	<dispatcher>REQUEST</dispatcher>
        </filter-mapping>
     
     
     <filter-mapping>
      <filter-name>richfaces</filter-name>
      <servlet-name>Faces Servlet</servlet-name>
      <dispatcher>REQUEST</dispatcher>
      <dispatcher>FORWARD</dispatcher>
      <dispatcher>INCLUDE</dispatcher>
     </filter-mapping> 
     
     <!--
    	  - Loads the root application context of this web app at startup.
    	  - The application context is then available via
    	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
        -->
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
    
    	<!--
    	  - Publishes events for session creation and destruction through the application
    	  - context. Optional unless concurrent session control is being used.
          -->
        <listener>
          <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
        </listener>
        
        <listener>
            <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
        </listener>
     
     
     <!-- Faces Servlet -->
     <servlet>
      <servlet-name>Faces Servlet</servlet-name>
      <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
     </servlet>
     <!-- Faces Servlet Mapping -->
     <servlet-mapping>
      <servlet-name>Faces Servlet</servlet-name>
      <url-pattern>/faces/*</url-pattern>
     </servlet-mapping>
     
     
     <welcome-file-list>
      <welcome-file>/index.jsp</welcome-file>
     </welcome-file-list>
    applicationContext-security.xml
    Code:
    <beans xmlns="http://www.springframework.org/schema/beans"
    	    xmlns:sec="http://www.springframework.org/schema/security"
    	    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    	      		http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    	      		http://www.springframework.org/schema/security 
    	      		http://www.springframework.org/schema/security/spring-security-3.0.xsd" >
                         
        <sec:http auto-config="true">
            <sec:intercept-url pattern="/login.jsp" filters="none" />
            <sec:intercept-url pattern="/bad-login.html" filters="none" />
            <sec:intercept-url pattern="/index.jsp" filters="none" />
            <sec:intercept-url pattern="/**" access="ROLE_admin,ROLE_user" />
            <sec:form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check"
            	authentication-failure-url="/bad-login.html" />
            <sec:logout logout-url="/logout" logout-success-url="/login.jsp" />
        </sec:http>
    
        <bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" id="passwordEncoder"/>
        
         <bean id="CustomUserServiceDetails" class="it.wave.wpc.fe.service.CustomUserService" />
       	
         <sec:authentication-manager alias="authenticationManager">
        	<sec:authentication-provider user-service-ref="CustomUserServiceDetails">
        		<sec:password-encoder ref="passwordEncoder"/>
        	</sec:authentication-provider>
        </sec:authentication-manager>
        
        
    </beans>
    CustomUserService.java
    Code:
    public class CustomUserService implements UserDetailsService {
    
    	public BLMUsers getBlmUsers() {
    		return (BLMUsers)ServiceProviderLocatorUser.getCurrentInstance().get("BLMUsers");
    	}
    
    	public BLMUserRoles getBlmUserRoles() {
    		return (BLMUserRoles)ServiceProviderLocatorUser.getCurrentInstance().get("BLMUserRoles");
    	}
       
    	
    	public UserDetails loadUserByUsername(String arg0) throws UsernameNotFoundException, DataAccessException {
    			
    		Users utente = new Users();
    		utente = (Users) getBlmUsers().getUserName(arg0);
    		if(utente == null)
    			throw new UsernameNotFoundException(arg0 + " is not found");	
    		    
    		List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    			
    		UserRolesExample example = new UserRolesExample();
    		example.createCriteria().andUserIdEqualTo(arg0);
    		    
    		List<UserRolesKey> lista = (List<UserRolesKey>) getBlmUserRoles().getUserRoles(example);
    		authorities.add(new GrantedAuthorityImpl(lista.get(0).getRoleName()));
    
    		return utente;
    	}
    
    }
    - my Users implements UserDetails
    - I don't use default tables for users e roles but I have custom tables
    - page of login is by manual of Spring Security

    If you need any more information or code, just ask! :thumbup:
    Thank you!!!!!!

  • #2
    nothing?

    This is my login.jsp:
    Code:
    <html xmlns:ui="http://java.sun.com/jsf/facelets"
          xmlns:h="http://java.sun.com/jsf/html"
          xmlns:f="http://java.sun.com/jsf/core"
          xmlns:rich="http://richfaces.org/rich" >
          
    <%@ page import="org.springframework.security.web.authentication.AbstractProcessingFilter" %>
    <%@ page import="org.springframework.security.web.authentication.AuthenticationProcessingFilter" %>
    <%@ page import="org.springframework.security.core.AuthenticationException" %>
    
    <body>
    
    	<f:view>
    		<div align="center">  
    		<font size="5" color="blue">Please Login</font><hr>
    
    		<form action="j_spring_security_check">
    			<label for="j_username">Username</label>
    			<input type="text" name="j_username" id="j_username"/>
    			<br/>
    			<label for="j_password">Password</label>
    			<input type="password" name="j_password" id="j_password"/>
    			<br/>
    			<input type="submit" value="Login"/>
    		</form>
    	
    		</div>  
    	</f:view>
    	
    </body>
    </html>
    I also tried to delete the richFaces' component <f:view> in case of incompatibility between framework but...nothing......

    Comment

    Working...
    X