Announcement Announcement Module
No announcement yet.
Spring Security 3.0.5, login problem with JSF Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security 3.0.5, login problem with JSF

    My login.xhtml:

    HTML Code:
         <h:form id="frm" prependId="false">
    	<h:panelGrid columns="1" style="margin-left:auto; margin-right:auto;">
    				<h:panelGrid columns="2" style="margin-left:auto; margin-right:auto;">
    					<h:outputText value="User:" />
    					<h:inputText id="j_username" />
    					<h:outputText value="Password:" />
    					<h:inputSecret id="j_password" />
    				<h:panelGrid columns="1" style="margin-left:auto; margin-right:auto;">
    					<h:commandButton type="submit" value="Submit" />
    This JSF generates for h:form tag the following HTML code:

    HTML Code:
    <form id="frm" name="frm" action="views/login.xhtml">
    So the action as I can not change my Spring Security configuration is as follows:

    HTML Code:
        <security:http auto-config="true" >	
    		<security:intercept-url pattern="/views/login.xhtml"  access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<security:form-login login-processing-url="/views/login.xhtml"
    		<security:logout logout-url="/views/logout.xhtml" />
    		<security:access-denied-handler error-page="/views/accessDenied.xhtml" />
    		<security:authentication-provider user-service-ref="ValidacionUsuariosService" />
    My processing-url is the same than authentication-failure-url and login-page, as validation using a customized service.

    If the login is correct it works fine, but if not, it gives an error in the browser "This webpage have a redirect loop."

    If I use the HTML form tag, and the action and the login-processing-url put another URL works well.

    How I can fix this problem if I want use h: form?

  • #2
    Please add the following under, because your config making redirecting to login n login page.

    <http use-expressions="true">
    <intercept-url pattern="/views/login.xhtml" filters="none" />