Announcement Announcement Module
Collapse
No announcement yet.
ICEfaces 1.7 with Spring Security 2.0.2 (almost full working just few problems...) Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • ICEfaces 1.7 with Spring Security 2.0.2 (almost full working just few problems...)

    Hi everybody,

    I've been working with ICEfaces 1.7.0 and trying to found the perfect/easier way to implement authentication/authorization over jsf applications, then I discovery this article (amazing by the way)
    http://www.javaworld.com/javaworld/j...acegi-jsf.html.

    But the article was made to use of Acegi Security 1.0.x and I want to use the 2.0.4, so I make the "changes" (most just changes is just rename the packages org.acegisecurity to org.springframework.security) to get it working.
    [After read, read fix, read and fix...]

    Well I got it working, at least my tomcat console doesn't say anything wrong/warn and I try to lauch the application and the page is the login.jsp (Well done!!!) but when I got acess.... see the history bellow

    My configurations

    my web.xml
    Code:
    	<filter>
     		<filter-name>RequestContextFilter</filter-name>
     		<filter-class>
     			org.springframework.web.filter.RequestContextFilter
     		</filter-class>
     	</filter>
    
    
    
    	<filter>
    		<filter-name>Acegi Filter Chain Proxy</filter-name>
    		<filter-class>
    			org.springframework.security.util.FilterToBeanProxy
    		</filter-class>
    		<init-param>
    			<param-name>targetClass</param-name>
    			<param-value>
    				org.springframework.security.util.FilterChainProxy
    			</param-value>
    		</init-param>
    	</filter>
    
    	<filter-mapping>
    		<filter-name>Acegi Filter Chain Proxy</filter-name>
    		<url-pattern>/*</url-pattern>
    		<dispatcher>FORWARD</dispatcher>
         	<dispatcher>REQUEST</dispatcher>	
    	</filter-mapping>
    	
    	 
     	<filter-mapping>
     		<filter-name>RequestContextFilter</filter-name>
     		<servlet-name>Persistent Faces Servlet</servlet-name>
     	</filter-mapping>
    	
    
    	<listener>
    		<listener-class>
    			org.springframework.web.context.ContextLoaderListener
    		</listener-class>
    	</listener>
    My Context Application xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:aop="http://www.springframework.org/schema/aop"
    	xmlns:jee="http://www.springframework.org/schema/jee"
    	xmlns:lang="http://www.springframework.org/schema/lang"
    	xmlns:tx="http://www.springframework.org/schema/tx"
    	xmlns:util="http://www.springframework.org/schema/util"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
    		http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.1.xsd
    		http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.0.xsd
    		http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang-2.0.xsd
    		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.1.xsd
    		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
    
    
    	<bean id="filterChainProxy"
    		class="org.springframework.security.util.FilterChainProxy">
    		<property name="filterInvocationDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT 
    				/error/*=#NONE# 
    				/back*=#NONE#
    				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
    			</value>
    		</property>
    	</bean>
    
    	<bean id="httpSessionContextIntegrationFilter"
    		class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
    
    	<bean id="authenticationProcessingFilter"
    		class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
    		<property name="filterProcessesUrl">
    			<value>/j_acegi_security_check.jsp</value>
    		</property>
    		<property name="authenticationFailureUrl">
    			<value>/login.jsp</value>
    		</property>
    		<property name="defaultTargetUrl">
    			<value>/index.jsp</value>
    		</property>
    		<property name="authenticationManager">
    			<ref bean="authenticationManager" />
    		</property>
    	</bean>
    
    
    	<bean id="securityContextHolderAwareRequestFilter"
    		class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />
    
    	<bean id="authenticationManager"
    		class="org.springframework.security.providers.ProviderManager">
    		<property name="providers">
    			<list>
    				<ref local="daoAuthenticationProvider" />
    			</list>
    		</property>
    	</bean>
    
    	<bean id="daoAuthenticationProvider"
    		class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
    		<property name="userDetailsService" ref="userDetailsService" />
    	</bean>
    
    
    
    	<bean id="userDetailsService"
    		class="br.com.paarquivos.servico.ServicoUsuario">
    	</bean>
    
    
    	<bean id="filterInvocationInterceptor"
    		class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    		<property name="authenticationManager"
    			ref="authenticationManager" />
    		<property name="accessDecisionManager"
    			ref="accessDecisionManager" />
    		<property name="objectDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/login.jsp=IS_AUTHENTICATED_ANONYMOUSLY
    				/index.jsp=ROLE_ALLACCESS,ROLE_URLACCESS
    				/oportunidade.jsp=ROLE_ALLACCESS
    			</value>
    		</property>
    	</bean>
    
    
    	<bean id="accessDecisionManager"
    		class="org.springframework.security.vote.AffirmativeBased">
    		<property name="allowIfAllAbstainDecisions" value="false" />
    		<property name="decisionVoters">
    			<list>
    				<bean
    					class="org.springframework.security.vote.RoleVoter" />
    				<bean
    					class="org.springframework.security.vote.AuthenticatedVoter" />
    			</list>
    		</property>
    	</bean>
    
    
    
    
    	<bean id="anonymousProcessingFilter"
    		class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
    		<property name="key" value="changeThis" />
    		<property name="userAttribute"
    			value="anonymousUser,ROLE_ANONYMOUS" />
    	</bean>
    
    
    
    	<bean id="exceptionTranslationFilter"
    		class="org.springframework.security.ui.ExceptionTranslationFilter">
    		<property name="authenticationEntryPoint">
    			<bean
    				class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    				<property name="loginFormUrl" value="/login.jsp" />
    				<property name="forceHttps" value="false" />
    			</bean>
    		</property>
    		<property name="accessDeniedHandler">
    			<bean
    				class="org.springframework.security.ui.AccessDeniedHandlerImpl">
    				<property name="errorPage" value="/acessonegado.jsp" />
    			</bean>
    		</property>
    	</bean>
    
    
    
    	<bean id="logoutFilter"
    		class="org.springframework.security.ui.logout.LogoutFilter">
    		<constructor-arg value="/index.jsp" />
    		<constructor-arg>
    			<list>
    				<bean
    					class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
    			</list>
    		</constructor-arg>
    		<property name="filterProcessesUrl">
    			<value>/j_acegi_logout.jsp</value>
    		</property>
    	</bean>
    
    </beans>

    I try to start on index.jsp and the application redirect me to login.jsp, Good PERFECT!!! However... when I click to logon ... I got the follow error just on console... and the page is showed is a blank one.

    The console error:
    Code:
    SEVERE: Servlet.service() for servlet Persistent Faces Servlet threw exception
    java.lang.NullPointerException
    	at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:454)
    	at com.icesoft.faces.application.D2DViewHandler.renderView(D2DViewHandler.java:161)
    	at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:107)
    	at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:268)
    	at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:137)
    	at com.icesoft.faces.webapp.http.core.JsfLifecycleExecutor.apply(JsfLifecycleExecutor.java:18)
    	at com.icesoft.faces.webapp.http.core.ReceiveSendUpdates.renderCycle(ReceiveSendUpdates.java:54)
    	at com.icesoft.faces.webapp.http.core.ReceiveSendUpdates.service(ReceiveSendUpdates.java:42)
    	at ...
    If I change the url to localhost:8080/myapp/index.jsp the the follow error is showed on the page. (and redirect to login.jsp)

    The error trace on page.
    Code:
    ...
    	javax.faces.FacesException: Can't find stream for /j_acegi_security_check.jsp
    	com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:468)
    	com.icesoft.faces.application.D2DViewHandler.renderView(D2DViewHandler.java:161)
    	com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:107)
    	com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:268)
    	...
    	java.lang.NullPointerException
    	com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:454)
    	com.icesoft.faces.application.D2DViewHandler.renderView(D2DViewHandler.java:161)
    	com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:107)
    When I put a breakpoint on method that authenticate the user ( on daoimplementation) I've noted that the program doesn't pass there, therefore I guess the logic to "login" isn't executed... but why? Thus if the "authenticate method" isn't called something is not right.

    Sometimes I feel like that the problem is on this /j_acegi_security_check.jsp

    What can I do?

    Thanks in advance,

  • #2
    Just an observation... the code bellow
    <filter-mapping>
    <filter-name>Acegi Filter Chain Proxy</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    Make the IDE eclipe claims.
    "The content of element type "filter-mapping" must match "(filter-name,(url-pattern|servlet-name))".

    On web.xml.... this is necessary?

    Comment


    • #3
      Check you are using a web.xml DTD which includes the "dispatcher" element.

      Comment


      • #4
        I'm using the http://java.sun.com/dtd/web-app_2_3.dtd DTD...

        Just to be more clear my login page: (when I try to access a protected url the framework sends to this page)
        Code:
        <h:form>
              <h:panelGrid columns="2">
                    <h:outputLabel value="User Name" for="j_username" />
                    <h:inputText id="j_username" 
                    value="#{loginBacking.userId}"  size="40" maxlength="80"></h:inputText>
                    <h:outputLabel value="Password" for="j_password" />
                    <h:inputSecret id="j_password" 
                        value="#{loginBacking.password}" size="40" maxlength="80"
                        redisplay="true"></h:inputSecret>
                </h:panelGrid>
                <h:commandButton action="login" value="Login" />
                
                <ice:messages id="messages" layout="table" globalOnly="true"
                        showSummary="true" showDetail="false" />
            </h:form>
        My login button is mapped to navigation case:
        Code:
        <navigation-rule>
        	        <from-view-id>/login.jsp</from-view-id>
        	        <navigation-case>
        	                <from-outcome>login</from-outcome>
        	                <to-view-id>/j_acegi_security_check.jsp</to-view-id>
        	        </navigation-case>
        	</navigation-rule>
        		
        		<navigation-rule>
                <from-view-id>*</from-view-id>
                <navigation-case>
                        <from-outcome>logout</from-outcome>
                        <to-view-id>/j_acegi_logout.jsp</to-view-id>
                </navigation-case>
        </navigation-rule>

        Comment


        • #5
          Originally posted by Luke Taylor View Post
          Check you are using a web.xml DTD which includes the "dispatcher" element.
          Just changing the dtd it will work? Which dtd I need to use?
          THanks in advance,

          Comment


          • #6
            Just look at the DTD for the 2.3 web.xml - it doesn't have the dispatcher element.

            If you want your XML editor to work properly you should use an XML DTD or schema which is valid for the file you are editing. Try using the 2.4 specification and DTD or XSD and you shouldn't have the problem with eclipse.

            Comment


            • #7
              I fix the DTD scheme but the "problem" (almost untrackable) persist...
              I guess the integration between these framework is very unclean, hard ... I couldn't get any answer, so I try to create a filter (javax.servlet.Filter implements) and make all this with "the hands" is possible?

              [user]--has-->[role]---take access--->[resources]

              user{john, pwd, roleadm}
              role{roleadm}
              resources{roleadm,buy.jsf}
              resources{roleadm,sell.jsf}
              resources{roleadm,reports.jsf}

              I imagine use it based on url scheme.
              But how I can discovery the url from request... (and so take a decision based on role from user, on session managed bean)

              public class MySecurityFilter implements Filter{
              doFilter(res, req) {
              //how can I deal with the url from request....
              }
              }

              Comment


              • #8
                I'm still thinking that it was happening because of "j_acegi_security_check.jsp". I said it because the application is loaded by tomcat and none error or warning is showed and the user is sent to login.jsp page, but when Try to login it doesn't works... you can mark a breakpoint on method (userdetailservice) and the application doesn't reach there.... maybe this scheme "j_acegi_security_check" has changed or the ICEFaces has something 'more' to do (ps: I already post it on official ICEFaces forum)....

                Comment


                • #9
                  Why do you have a "j_acegi_security_check.jsp" ? Disclaimer: I don't know anything about icefaces etc.

                  Comment


                  • #10
                    Thanks so much

                    Originally posted by Luke Taylor View Post
                    Why do you have a "j_acegi_security_check.jsp" ? Disclaimer: I don't know anything about icefaces etc.
                    (I think that knoledgement 'bout icefaces is not required... or the icefaces has something really especific, I saw a spring security like a "security" indepent... but logically I can be wrong... anyway)

                    Thanks so much Luke, for your atention!!!

                    Well I follow the article, as I said before.
                    And in this article they use a filter to authenticaion process that requires a filterProcessUrl and the url was that. (I don't have this jsp on my project, I guess it is offered by spring security framework). I imagine that a request is sent to this url (by navigation case) and the spring security handle it.. but it isn't happening.

                    My (slice) appcontext.xml
                    Code:
                    <bean id="authenticationProcessingFilter"
                    		class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
                    		<property name="filterProcessesUrl">
                    			<value>/j_acegi_security_check.jsp</value>
                    		</property>
                    ...

                    The same "thing" is made for the logout process /j_acegi_logout.jsp
                    Code:
                    <bean id="logoutFilter"
                    		class="org.springframework.security.ui.logout.LogoutFilter">
                    		<constructor-arg value="/index.jsp" />
                    		<constructor-arg>
                    			<list>
                    				<bean
                    					class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
                    			</list>
                    		</constructor-arg>
                    		<property name="filterProcessesUrl">
                    			<value>/j_acegi_logout.jsp</value>
                    		</property>
                    	</bean>

                    Comment


                    • #11
                      On my faces-config.xml a just 'redirect'
                      <from-view-id>/login.jsp</from-view-id>
                      <navigation-case>
                      <from-outcome>login</from-outcome>
                      <to-view-id>/j_acegi_security_check.jsp</to-view-id>
                      </navigation-case>
                      In my login page
                      <h:commandButton action="login" value="Login" />
                      And then I did think that just it will chain all process...

                      First passing by filter, (FilterToBeanProxy btw deprecated)
                      After the another filter, (AuthenticationProcessingFilter)
                      And then the "user" should be authenticated...

                      How can I on the log system on Spring Security maybe it can help...

                      Comment


                      • #12
                        The default is "/j_acegi_security_check" and as long as your form renders that correctly in the browser HTML (icefaces aside) and the filter is configured to handle the same URL (which it is by default) then the request should be processed as a login request.

                        If you're using Websphere then it may complain about the URL not existing (but that's another issue).

                        You should be able to use the framework's debug log to see exactly what the request is when it comes in and to monitor in detail its progress through the security filters and whether it matches the configure authentication URL or not.

                        Comment


                        • #13
                          I'd also recommend you start with something simpler to get a feel for how things work (like the tutorial sample application which you can run directly from the checked out source tree).

                          Comment


                          • #14
                            Originally posted by Luke Taylor View Post
                            Why do you have a "j_acegi_security_check.jsp" ? Disclaimer: I don't know anything about icefaces etc.
                            The probally event is

                            Client sent a request for j_acegi_security_check.jsp and before pass through the Filter, the chain, tha repass it to properly Filter (Authentication) and there is made the "process"...

                            Comment


                            • #15
                              Originally posted by Luke Taylor View Post
                              You should be able to use the framework's debug log to see exactly what the request is when it comes in and to monitor in detail its progress through the security filters and whether it matches the configure authentication URL or not.
                              How can I actived the log system?
                              I'm using the Tomcat 6.x

                              (I wrote a lot of thing in another page 1 probally when you try to answer my questions)

                              Comment

                              Working...
                              X