Announcement Announcement Module
Collapse
No announcement yet.
Spring Security 3.0.5, login problem with JSF Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security 3.0.5, login problem with JSF

    My login.xhtml:

    HTML Code:
    <html>
         <h:head></h:head>
         <h:form id="frm" prependId="false">
    	<h:panelGrid columns="1" style="margin-left:auto; margin-right:auto;">
    				
    				<h:panelGrid columns="2" style="margin-left:auto; margin-right:auto;">
    					<h:outputText value="User:" />
    					<h:inputText id="j_username" />
    					
    					<h:outputText value="Password:" />
    					<h:inputSecret id="j_password" />
    				</h:panelGrid>
    				
    				<h:panelGrid columns="1" style="margin-left:auto; margin-right:auto;">
    					<h:commandButton type="submit" value="Submit" />
    				</h:panelGrid>
    			</h:panelGrid>
    		</h:form>
    	</body>
    </html>
    This JSF generates for h:form tag the following HTML code:

    HTML Code:
    <form id="frm" name="frm" action="views/login.xhtml">
    So the action as I can not change my Spring Security configuration is as follows:

    HTML Code:
        <security:http auto-config="true" >	
    		<security:intercept-url pattern="/views/login.xhtml"  access="IS_AUTHENTICATED_ANONYMOUSLY" />
    	    
    		<security:form-login login-processing-url="/views/login.xhtml"
    							 login-page="/views/login.xhtml" 
    							 default-target-url="/views/blog.xhtml"
    							 authentication-failure-url="/views/login.xhtml?error=1"
    							  />
    							 
    		<security:logout logout-url="/views/logout.xhtml" />
    		
    		<security:access-denied-handler error-page="/views/accessDenied.xhtml" />
    	</security:http>
    
    
    	<security:authentication-manager>	
    		<security:authentication-provider user-service-ref="ValidacionUsuariosService" />
    	</security:authentication-manager>
    My processing-url is the same than authentication-failure-url and login-page, as validation using a customized service.

    If the login is correct it works fine, but if not, it gives an error in the browser "This webpage have a redirect loop."

    If I use the HTML form tag, and the action and the login-processing-url put another URL works well.

    How I can fix this problem if I want use h: form?

  • #2
    Please add the following under, because your config making redirecting to login n login page.

    <http use-expressions="true">
    <intercept-url pattern="/views/login.xhtml" filters="none" />
    </http>

    Comment

    Working...
    X