Announcement Announcement Module
Collapse
No announcement yet.
Custom login page problem Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom login page problem

    I am having issues with replacing the automated login page with a jsf page. Problem happened after i upgraded my spring from 2.5 to 3.0.5 and security from 2.0.4 to 3.0.4. My JSF page is based on a simple form with username and password fields with visual stuff and the backing bean redirects the form post to spring security. This was working fine with previous versions but now when i try to login from my custom login page it happens to be an Tomcat error page as; the requested resource is not available. With default login page it works as normal, i ll add the configuration files and the backing bean method .

    web.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
                        http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
        
        <context-param>
            <param-name>javax.faces.PROJECT_STAGE</param-name>
            <param-value>Development</param-value>
        </context-param>
    
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/spring*-config.xml</param-value>
        </context-param>
    
        <context-param>
            <param-name>primefaces.skin</param-name>
            <param-value>none</param-value>
        </context-param>
    
        <context-param>
            <param-name>com.sun.faces.expressionFactory</param-name>
            <param-value>org.jboss.el.ExpressionFactoryImpl</param-value>
        </context-param>
    
    
        <servlet>
            <servlet-name>Faces Servlet</servlet-name>
            <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
            <load-on-startup>1</load-on-startup>
        </servlet>
        
        <servlet-mapping>
            <servlet-name>Faces Servlet</servlet-name>
            <url-pattern>*.jsf</url-pattern>
        </servlet-mapping>
    
        <listener>
            <listener-class>
    			org.springframework.web.context.ContextLoaderListener
            </listener-class>
        </listener>
        
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>
                    org.springframework.web.filter.DelegatingFilterProxy
            </filter-class>
        </filter>
    
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
            <dispatcher>FORWARD</dispatcher>
            <dispatcher>REQUEST</dispatcher>
        </filter-mapping>
        
    </web-app>
    security-config.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans"
    	xmlns:context="http://www.springframework.org/schema/context"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:p="http://www.springframework.org/schema/p"
    	xsi:schemaLocation="http://www.springframework.org/schema/security
                                http://www.springframework.org/schema/security/spring-security-3.0.xsd
                                http://www.springframework.org/schema/beans
                                http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                                http://www.springframework.org/schema/context
                                http://www.springframework.org/schema/context/spring-context-3.0.xsd">
    	
        <http auto-config='true'>
            <intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
            <intercept-url pattern="/bgs/*" access="ROLE_BAGIS" />
            <intercept-url pattern="/yrdm/*" access="ROLE_YARDIM" />
            <intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN,ROLE_BAGIS,ROLE_YARDIM" />
            <intercept-url pattern="/resources/images/*" filters="none" />
            <intercept-url pattern="/resources/css/*" filters="none" />
            <intercept-url pattern="/login*" filters="none"/>
    
            <form-login
                login-processing-url="/j_spring_security_check"
                login-page="/login.jsf"
                default-target-url="/index.jsf"
                authentication-failure-url="/login.jsf" />
    
        	<logout logout-url="/logout" logout-success-url="/login.jsf"/>
        </http>
    
        	<authentication-manager alias="authenticationManager">
    		<authentication-provider ref="daoAuthenticationProvider">
                    </authentication-provider>
    	</authentication-manager>
    
    	<beans:bean id="daoAuthenticationProvider"
            class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
                <beans:property name="userDetailsService" ref="userDetailsService"/>
            </beans:bean>
    
    </beans:beans>
    backing bean's login action
    Code:
    public String doLogin() throws IOException, ServletException
        {
            ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
    
            RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
                     .getRequestDispatcher("/j_spring_security_check");
    
            dispatcher.forward((ServletRequest) context.getRequest(),
                    (ServletResponse) context.getResponse());
    
            FacesContext.getCurrentInstance().responseComplete();
    
            return null;
        }

  • #2
    Sounds like you are running into this bug.

    Comment


    • #3
      Thanks for the reply, issue solved by overriding the http-firewall as you pointed so it is working now.

      Comment

      Working...
      X