Question

我非常喜欢springsecurity和jsf，我在jsf中实现spring security logout时遇到了问题。

我的申请：
springframework 3.0.2
jsf 2.0
主要表面3.1.1

的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Production</param-value>
</context-param>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/app-config.xml</param-value>
</context-param>

<servlet>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/app-config.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <url-pattern>*.htm</url-pattern>
</servlet-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>


<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.jsf</url-pattern>
</servlet-mapping>

<welcome-file-list>
    <welcome-file>faces/index.jsp</welcome-file>
</welcome-file-list>

</web-app>

应用-config.xml中

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">

<!-- Scans the classpath of this application for @Components to deploy as beans -->
<context:component-scan base-package="com.raistudies" />

<!-- Importing Spring Security Settings  -->
<import resource="security.xml"/>

<!-- Configures the @Controller programming model -->
<mvc:annotation-driven />

<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix" value="/userPage/"/>
    <property name="suffix" value=".xhtml"/>
</bean>

<context:property-placeholder location="/WEB-INF/jdbc.properties" />

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="${app.jdbc.driverClassName}" />
    <property name="url" value="${app.jdbc.url}" />
    <property name="username" value="${app.jdbc.username}" />
    <property name="password" value="${app.jdbc.password}" />
</bean>

</beans>

security.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<http auto-config="true" use-expressions="true">

    <intercept-url pattern="/assets/previews/**" access="permitAll" />
    <intercept-url pattern="/assets/thumbs/**" access="permitAll" />
    <intercept-url pattern="/css/**" access="permitAll"/>
    <intercept-url pattern="/design/**" access="permitAll" />
    <intercept-url pattern="/images/**" access="permitAll" />
    <intercept-url pattern="/js/**" access="permitAll" />
    <intercept-url pattern="/pageAllNews/**" access="permitAll" />

    <intercept-url pattern="/pageLogin/**" access="permitAll" />
    <intercept-url pattern="/resources/css/**" access="permitAll" />
    <intercept-url pattern="/resources/skins/tn3/**" access="permitAll" />
    <intercept-url pattern="/templates/**" access="permitAll"/>
    <intercept-url pattern="/userPage/**" access="permitAll" />

    <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
    <intercept-url pattern="/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')"/>

    <form-login login-processing-url="/j_spring_security_check"
                login-page="/userPage/login.jsp"
                default-target-url="/userPage/home.jsf"
                authentication-failure-url="/userPage/login.jsp" />

    <logout logout-success-url="/userPage/login.jsp"/>
    <remember-me />

</http>

<authentication-manager>
    <authentication-provider>
        <password-encoder hash="md5"/>
        <jdbc-user-service data-source-ref="dataSource" />
    </authentication-provider>
</authentication-manager>

</b:beans>

我已尝试在jsf.page 中实施按钮注销，但它不起作用..

<h:outputLink value="${request.contextPath}/j_spring_security_logout">logout</h:outputLink>

任何人都可以帮我解决这个问题..？
agungdmt

Answer 1

替换此

 <h:outputLink value="${request.contextPath}/j_spring_security_logout">logout</h:outputLink>

用这个

 <h:outputLink value="${pageContext.request.contextPath}/j_spring_security_logout">logout</h:outputLink>

Answer 2

关于登录问题。 您可以查看@ How to use Spring security with Primefaces问题提供的答案。

关于注销，您可以定义一个导航案例，将注销操作定向到注销页面，例如logout.xhtml然后确保在spring security

中定义了以下内容

<security:logout logout-url="logout.xhtml"
        logout-success-url="logout_success.xhtml" invalidate-session="true" />

通过这种方式，您可以在实际导航之前在托管bean中执行操作，并在Spring安全性中执行注销操作。

Answer 3

为我的

工作

<h:form id="formExit" >
 <p:commandLink ajax="true" action="/userPage/login.jsp" oncomplete="jQuery.get('{request.contextPath}/j_spring_security_logout')"> 
    <p:outputLabel value="Logout" />
 </p:commandLink>
</h:form>

如何在jsf中设置spring security logout ..？

3 个答案: