Spring Security与JSF 2.1集成

时间:2012-08-16 12:58:18

标签: spring security jsf

我正在尝试将Spring 3.1.1安全性与JSF 2.1集成。我设法在http://ocpsoft.org/java/acegi-spring-security-jsf-login-page/上运行示例代码。但是,我在尝试自定义时遇到了问题。即使使用正确的凭据我也无法登录,并且总是被重定向到loginFailed.xhtml。我的配置如下

的web.xml:

<web-app>
    <display-name>Captain Admin</display-name>
    <welcome-file-list>
        <welcome-file>welcome.xhtml</welcome-file>
    </welcome-file-list>
    <session-config>
        <session-timeout>10</session-timeout>
    </session-config>
    <!-- JSF Config -->
    <context-param>
        <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
        <param-value>.xhtml</param-value>
    </context-param>
    <context-param>
        <param-name>javax.faces.CONFIG_FILES</param-name>
        <param-value>
            /WEB-INF/faces-config.xml,
            /WEB-INF/faces-managed-beans.xml,
            /WEB-INF/faces-navigation.xml
        </param-value>
    </context-param>
    <context-param>
        <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
        <param-value>client</param-value>
    </context-param>
    <context-param>
        <param-name>com.sun.faces.enabledLoadBundle11Compatibility</param-name>
        <param-value>true</param-value>
    </context-param>
    <context-param>
        <param-name>com.sun.faces.validateXml</param-name>
        <param-value>true</param-value>
    </context-param>
    <context-param>
        <param-name>com.sun.faces.verifyObjects</param-name>
        <param-value>true</param-value>
    </context-param>
    <!-- Spring Config -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/applicationContext.xml
            /WEB-INF/applicationContext-security.xml
        </param-value>
    </context-param>
    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>
    <listener>
        <listener-class>
        org.springframework.web.context.request.RequestContextListener
        </listener-class>
    </listener>
    <!-- Filter Config -->

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <!-- Filter Mappings -->  
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>

    <!-- Core JSF Config -->
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
        <url-pattern>*.xhtml</url-pattern>
    </servlet-mapping>
</web-app>

的applicationContext.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans>
    <context:annotation-config />
    <context:component-scan base-package="com.ocpsoft" />
    <bean id="loggerListener"
        class="org.springframework.security.event.authentication.LoggerListener" />

    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="location">
            <value>WEB-INF/classes/config/database/db.properties</value>
        </property>
    </bean>
    <bean id="dataSources" class="com.mchange.v2.c3p0.ComboPooledDataSource"
        destroy-method="close">
        <property name="driverClass" value="${jdbc.driverClassName}" />
        <property name="jdbcUrl" value="${jdbc.url}" />
        <property name="user" value="${jdbc.username}" />
        <property name="password" value="${jdbc.password}" />
    </bean>
    <bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
        <constructor-arg ref="dataSources"/>
    </bean>
    <bean id="namedParameterJdbcTemplate"
        class="org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate">
        <constructor-arg ref="dataSources"/>
    </bean>
</beans>

的applicationContext-security.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<beans>
    <global-method-security secured-annotations="enabled"/>
    <http auto-config="true" access-denied-page="/accessDenied.xhtml" >
        <intercept-url pattern="/protected/*" access="ROLE_ADMIN" />
        <form-login login-processing-url="/j_spring_security_check"
            login-page="/login.xhtml"
            default-target-url="/protected/index.xhtml"
            authentication-failure-url="/loginFailed.xhtml" />
        <logout logout-url="/logout*" logout-success-url="/" />
    </http>

    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <user-service>
                <user name="rod" password="rod" authorities="ROLE_ADMIN" />
                <user name="dianne"
                    password="65d15fe9156f9c4bbffd98085992a44e"
                    authorities="ROLE_USER,ROLE_TELLER" />
                <user name="scott"
                    password="2b58af6dddbd072ed27ffc86725d7d3a"
                    authorities="ROLE_USER" />
                <user name="peter"
                    password="22b5c9accc6e1ba628cedc63a72d57f8"
                    authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

faces-config.xml中

<?xml version="1.0" encoding="UTF-8"?>
<faces-config>
    <!-- Application Config -->
    <application>
        <el-resolver>
            org.springframework.web.jsf.el.SpringBeanFacesELResolver
        </el-resolver>
    </application>

</faces-config>

面管理-beans.xml文件

<?xml version="1.0"?>
<faces-config >
    <!-- Managed Beans -->
    <managed-bean>
        <description>
            Current logged in user's authentication information
        </description>
        <managed-bean-name>loginBean</managed-bean-name>
        <managed-bean-class>
            com.ocpsoft.pages.login.LoginBean
        </managed-bean-class>
        <managed-bean-scope>
            request
        </managed-bean-scope>
    </managed-bean>
</faces-config>

1 个答案:

答案 0 :(得分:1)

我认为您无法访问您的登录页面:

 <!-- 
        <intercept-url
            pattern="/login*"
            access="IS_AUTHENTICATED_ANONYMOUSLY" />
 -->

我相信您的登录页面是由Spring安全程序拦截的,它会阻止您在没有凭据的情况下访问它(如果没有您的登录页面,则无法获取)。

this存储库中,如果要检查它,我有一个spring security 3,jsf 2和prettyfaces 3的工作代码。