我正在尝试将Spring 3.1.1安全性与JSF 2.1集成。我设法在http://ocpsoft.org/java/acegi-spring-security-jsf-login-page/上运行示例代码。但是,我在尝试自定义时遇到了问题。即使使用正确的凭据我也无法登录,并且总是被重定向到loginFailed.xhtml。我的配置如下
的web.xml:
<web-app>
<display-name>Captain Admin</display-name>
<welcome-file-list>
<welcome-file>welcome.xhtml</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
<!-- JSF Config -->
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>
/WEB-INF/faces-config.xml,
/WEB-INF/faces-managed-beans.xml,
/WEB-INF/faces-navigation.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.enabledLoadBundle11Compatibility</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.validateXml</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.verifyObjects</param-name>
<param-value>true</param-value>
</context-param>
<!-- Spring Config -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
<!-- Filter Config -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<!-- Filter Mappings -->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<!-- Core JSF Config -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
</web-app>
的applicationContext.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans>
<context:annotation-config />
<context:component-scan base-package="com.ocpsoft" />
<bean id="loggerListener"
class="org.springframework.security.event.authentication.LoggerListener" />
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location">
<value>WEB-INF/classes/config/database/db.properties</value>
</property>
</bean>
<bean id="dataSources" class="com.mchange.v2.c3p0.ComboPooledDataSource"
destroy-method="close">
<property name="driverClass" value="${jdbc.driverClassName}" />
<property name="jdbcUrl" value="${jdbc.url}" />
<property name="user" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
</bean>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<constructor-arg ref="dataSources"/>
</bean>
<bean id="namedParameterJdbcTemplate"
class="org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate">
<constructor-arg ref="dataSources"/>
</bean>
</beans>
的applicationContext-security.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<beans>
<global-method-security secured-annotations="enabled"/>
<http auto-config="true" access-denied-page="/accessDenied.xhtml" >
<intercept-url pattern="/protected/*" access="ROLE_ADMIN" />
<form-login login-processing-url="/j_spring_security_check"
login-page="/login.xhtml"
default-target-url="/protected/index.xhtml"
authentication-failure-url="/loginFailed.xhtml" />
<logout logout-url="/logout*" logout-success-url="/" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="rod" password="rod" authorities="ROLE_ADMIN" />
<user name="dianne"
password="65d15fe9156f9c4bbffd98085992a44e"
authorities="ROLE_USER,ROLE_TELLER" />
<user name="scott"
password="2b58af6dddbd072ed27ffc86725d7d3a"
authorities="ROLE_USER" />
<user name="peter"
password="22b5c9accc6e1ba628cedc63a72d57f8"
authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
faces-config.xml中
<?xml version="1.0" encoding="UTF-8"?>
<faces-config>
<!-- Application Config -->
<application>
<el-resolver>
org.springframework.web.jsf.el.SpringBeanFacesELResolver
</el-resolver>
</application>
</faces-config>
面管理-beans.xml文件
<?xml version="1.0"?>
<faces-config >
<!-- Managed Beans -->
<managed-bean>
<description>
Current logged in user's authentication information
</description>
<managed-bean-name>loginBean</managed-bean-name>
<managed-bean-class>
com.ocpsoft.pages.login.LoginBean
</managed-bean-class>
<managed-bean-scope>
request
</managed-bean-scope>
</managed-bean>
</faces-config>
答案 0 :(得分:1)
我认为您无法访问您的登录页面:
<!--
<intercept-url
pattern="/login*"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
-->
我相信您的登录页面是由Spring安全程序拦截的,它会阻止您在没有凭据的情况下访问它(如果没有您的登录页面,则无法获取)。
在this存储库中,如果要检查它,我有一个spring security 3,jsf 2和prettyfaces 3的工作代码。