Menu
After successfull login, it doesn't redirects to "index.php". It redirects same page which is "login.php". Is there something wrong with my spring-security.xml page?
By the way when I run the application it redirects me to "login.php" which is good. But It doesn't shows primefaces components but html components. After I succesfully login, It redirects the same page but this time It shows Primefaces components instead of html components.
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/pages/login.xhtml*" access="permitAll"/>
<intercept-url pattern="/**" access="hasRole('admin')" />
<form-login login-page='/pages/login.xhtml' default-target-url="/pages/index.xhtml"
authentication-failure-url="/pages/login.xhtml"/>
<logout logout-success-url="/pages/logout.xhtml" />
</http>
<!--Authentication Manager Details -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService">
<!-- <password-encoder hash="md5"/>-->
</authentication-provider>
</authentication-manager>
my web.xml
<welcome-file-list>
<welcome-file>pages/index.xhtml</welcome-file>
</welcome-file-list>
my login page
<p:outputPanel id="loginOutputPanelId" style="border: navy">
<p:panelGrid id="loginInformationPanel" columns="2">
<h:outputText value="Username: "/>
<p:inputText value="#{loginController.userName}"/>
<h:outputText value="Password: "/>
<p:inputText value="#{loginController.password}"/>
</p:panelGrid>
<p:commandButton value="Login" actionListener="#{loginController.login()}"/>
</p:outputPanel>
my loginController.login() method returns "index" string and my faces.config;
<navigation-rule>
<from-view-id>/pages/login.xhtml</from-view-id>
<navigation-case>
<from-outcome>index</from-outcome>
<to-view-id>/pages/index.xhtml</to-view-id>
<redirect />
</navigation-case>
</navigation-rule>
EDIT:
without component it runs without any problem. When i add form-login it says "The webpage at http://localhost:8080/myApplication/pages/login.xhtml has resulted in too many redirects".
<http auto-config='true' use-expressions="true">
<intercept-url pattern="/**" access="hasRole('admin')" />
<logout logout-success-url="/pages/logout.xhtml" />
<form-login login-page="/pages/login.xhtml"
login-processing-url="/j_spring_security_check"
default-target-url="/pages/index.xhtml"
authentication-failure-url="/pages/login.xhtml"/>
</http>
My login page
<p:outputPanel id="loginOutputPanelId" style="border: navy">
<p:panelGrid id="loginInformationPanel" columns="2">
<h:outputText value="Kullanıcı Adı: "/>
<p:inputText id="j_username" required="true" value="#{loginController.userName}"/>
<h:outputText value="Şifre: "/>
<p:inputText id="j_password" required="true" value="#{loginController.password}"/>
</p:panelGrid>
<p:commandButton id="login" type="submit" ajax="false" value="Login" actionListener="#{loginController.login()}"/>
</p:outputPanel>
My new loginController.login() method;
ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
.getRequestDispatcher("/j_spring_security_check");
dispatcher.forward((ServletRequest) context.getRequest(),
(ServletResponse) context.getResponse());
FacesContext.getCurrentInstance().responseComplete();
899
To force spring-security to go to /pages/index.xhtml, you can use property always-use-default-target as this :
<form-login login-page='/pages/login.xhtml'
default-target-url="/pages/index.xhtml"
always-use-default-target="true"
authentication-failure-url="/pages/login.xhtml"/>
Otherwise, the login page should be shown automatically by spring security when the user calls a secured resource, and once login done, continue to the secured resource it was originally asked for.
In your case, some confusion seems to come from the fact that you want spring security to handle the login, and you try to handle it yourself with a jsf actionListener and navigation rules.
putting "<form-login [...]" in the configuration essentially tells spring to activate a filter (UsernamePasswordAuthenticationFilter) that will listen to requests made to /j_spring_security_check . If you want spring to handle login, by default your form login must request this url, passing two parameters : j_username and j_password .
This way, spring's UsernamePasswordAuthenticationFilter will kick in and try to authenticate the provided credentials using the UserDetailsService you configured in your AuthenticationProvider.
I think you have to remove your jsf controller for login and use spring-security to handle authentication.
Hope this helps.
PS : make sure your web.xml defines the DelegatingFilterProxy before all other servlet filters :
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
