我有一个使用Spring Security + LDAP的登录页面。身份验证本身可以正常运行将表单从常规HTML更改为Primefaces / JSF标记后,问题就出现了。用户通过身份验证后,页面不会重定向到索引页面,但会在第二次尝试后重定向。由于某种原因,会话正在被清除。我已经阅读了很多关于使用JSF登录的帖子和教程,以及类似的问题,但到目前为止,它们都没有奏效。
以下是我的一些配置:
login.xhtml BEFORE Primefaces / JSF
<form action='#{request.contextPath}/j_spring_security_check' method='POST' id="loginForm">
...
</form>
login.xhtml AFTER Primefaces / JSF
<h:form id="loginForm">
<h:outputLabel for="j_username" value="User" />
<p:inputText id="j_username" required="true" value="#{loginBean.username}"></p:inputText>
<h:outputLabel for="j_password" value="Password" />
<p:password id="j_password" required="true" value="#{loginBean.password}"></p:password>
<h:commandButton type="submit" id="loginButton" action="#{loginBean.doLogin}" value="LOGIN" />
</h:form>
securityContext.xml
<security:http use-expressions="true">
<security:intercept-url pattern="/login.xhtml" access="isAnonymous()" />
<security:intercept-url pattern="/index.xhtml" access="isAuthenticated()" />
<security:form-login login-processing-url="/j_spring_security_check"
login-page="/login.xhtml"
authentication-failure-handler-ref="authenticationFailureHandler"
default-target-url="/index.xhtml"
always-use-default-target="true" />
...
</security:http>
LoginBean.java
public String doLogin() throws IOException, ServletException {
try {
ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
RequestDispatcher dispatcher = ((ServletRequest)context.getRequest()).getRequestDispatcher("/j_spring_security_check");
dispatcher.forward((ServletRequest)context.getRequest(), (ServletResponse)context.getResponse());
FacesContext.getCurrentInstance().responseComplete();
return "/index?faces-redirect=true";
}
...
}
的web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
面-config.xml中
<managed-bean>
<managed-bean-name>loginBackingBean</managed-bean-name>
<managed-bean-class>my.project.jsf.beans.LoginBean</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
</managed-bean>
堆栈跟踪的一部分
<SecurityContext is empty or anonymous - context will not be stored in HttpSession. >
SEVERE: Servlet.service() for servlet Faces Servlet threw exception
java.lang.IllegalStateException
at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:435)
答案 0 :(得分:0)
解决。问题与登录后页面的重定向有关。我使用了以下代码行:
FacesContext.getCurrentInstance().getExternalContext().redirect("inicio.xhtml");
我在阅读post
后得到了这个想法LoginBean.java 如下所示:
public String doLogin() throws IOException, ServletException {
try {
ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
RequestDispatcher dispatcher = ((ServletRequest)context.getRequest()).getRequestDispatcher("/j_spring_security_check");
dispatcher.forward((ServletRequest)context.getRequest(), (ServletResponse)context.getResponse());
FacesContext.getCurrentInstance().responseComplete();
FacesContext.getCurrentInstance().getExternalContext().redirect("inicio.xhtml");
return;
}
...
}