Spring security + Jsf2

时间:2014-02-17 11:40:15

标签: spring java-ee jsf-2 spring-security

我是春季安全新手,这是我第一次使用APP来安全保护 我的应用程序使用jsf2,primefaces,spring,hibernate开发 在开发它之后,我正在尝试将它与Spring安全框架集成 有两个问题 1-当从应用程序访问任何URL时,我的应用程序不会将他导航到登录页面 2-当一个用户登录并且其他人试图同时访问该应用程序时,他看到有人登录并发生冲突,最后抛出异常意味着没有为第二个用户创建新会话

我的applicationContext-Security.xml是

    <context:property-placeholder location="classpath:resources/jdbc.properties" />
    <!-- For Spring auto wiring -->
    <tx:annotation-driven />
    <context:annotation-config />
    <context:component-scan base-package="main.com.zc.attSys" />

    <tx:annotation-driven transaction-manager="hibernateTransactionManager" />

    <http use-expressions="true">

        <form-login login-page="/pages/courseFeedBack/ask/login.xhtml"  
            authentication-failure-url="/pages/courseFeedBack/ask/login.xhtml" />

    </http>


    <authentication-manager>
        <authentication-provider user-service-ref="userDetailsService">

        </authentication-provider>
    </authentication-manager>

</beans:beans>

我的web.xml是:

  <context-param>
        <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
        <param-value>client</param-value>
    </context-param>
    <!-- Add Support for Spring -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <listener>
        <listener-class>
            org.springframework.web.context.request.RequestContextListener</listener-class>
    </listener>
    <listener>
        <listener-class>com.sun.faces.conf

    ig.ConfigureListener</listener-class>
        </listener>


  <listener>
    <listener-class>
      org.springframework.security.web.session.HttpSessionEventPublisher
    </listener-class>
  </listener> 

    <welcome-file-list>
        <welcome-file>index.xhtml</welcome-file>
    </welcome-file-list>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.xhtml</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.jsf</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.faces</url-pattern>
    </servlet-mapping>
    <!-- <context-param> <param-name>primefaces.THEME</param-name> <param-value>none</param-value> 
        </context-param> -->

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>




    <context-param>

        <param-name>contextConfigLocation</param-name>

        <param-value>
             /WEB-INF/applicationContext.xml
            /WEB-INF/applicationContext-security.xml

        </param-value>

    </context-param>
<session-config>
       <session-timeout>1</session-timeout>
    </session-config>
</web-app>

有什么帮助吗?

0 个答案:

没有答案