直接从JSF应用程序调用j_spring_security_check失败

时间:2013-12-10 20:35:19

标签: java spring jsf authentication spring-security

我有一个JSF + Spring应用程序。它正在运行spring security 2.0.2。当我尝试调用myapp / j_spring_security_check时,我得到了我的应用程序的错误页面,没有异常解释发生了什么。控制台上的日志也是空的。

这是我的春季安全配置:

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans
        xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
                          http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                          http://www.springframework.org/schema/security
                          http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

    <http
            auto-config="true">

        <intercept-url pattern="/view/iam/login.do" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/view/iam/userSelfRegistration.do" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/view/iam/js/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/view/password.do" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/view/registration.do" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/view/register.do" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <!--intercept-url pattern="/rest/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/-->
        <intercept-url pattern="/view/registrationProduct.do" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/view/studentRegistration.do" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/view/iam/concurrentTest.do" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/a4j/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <!-- root redirects to deal-mgmt -->
        <intercept-url pattern="/**" access="ROLE_HOME_VIEW"/>


        <form-login
                login-processing-url="/j_spring_security_check"
                login-page="/view/iam/login.do"
                default-target-url="/view/iam/deal-mgmt.do"
                always-use-default-target="false"
                authentication-failure-url="/view/iam/login.do?login_error=1"/>

    </http>

    <beans:bean id="iapUserDetailsService" class="mycompany.mypackage.services.auth.IapUserDetailsService">
        <beans:property name="userDao" ref="userDaoServ"/>
        <beans:property name="userPrivilegeDao" ref="userPrivilegeDaoServ"/>
        <beans:property name="rolePrivilegeDao" ref="rolePrivilegeDaoServ"/>
        <beans:property name="userWebseviceClient" ref="iapUserWsClientServ"/>
    </beans:bean>

    <beans:bean id="iapPasswordEncoder" class="mycompany.mypackage.services.auth.IapPasswordEncoder"/>
    <authentication-provider user-service-ref="iapUserDetailsService">
        <password-encoder ref="iapPasswordEncoder"/>
    </authentication-provider>
</beans:beans>

我调试了身份验证,一切似乎都运行正常。尝试渲染目标网址时出现问题。但是,如果在auth经过之后,我尝试点击应用程序的URL,它会重定向到正确的位置(目标URL),但会显示错误页面。好像它已经卡在了某个地方。

如果您需要更多信息(以及哪种类型),请告诉我,我会添加它。谢谢!

1 个答案:

答案 0 :(得分:0)

我终于开始工作了。我将所有记录器设置为ALL所以我可以看到发生了什么,并找出我得到的异常来自Spring security,说我的用户没有所需的角色。我解决了这个问题,它现在正在工作。谢谢CodeChimp!