我正在使用spring security 3.1,primefaces 5.0,jsf 2.0创建自定义登录表单,并且应用程序正常工作,但问题是当我想要验证时我必须使用URL。当我执行项目并调度到合适的页面时,我需要出现身份验证页面。 有人可以为此提供帮助吗?
的web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml
/WEB-INF/spring/security.xml
</param-value>
</context-param>
<!-- Enable Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<!-- Allow login pages with JSF which redirects to security check, therefore we have to add the forward entry here -->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
LoginController.java
@ManagedBean(name="loginController")
@RequestScoped
public class LoginController implements PhaseListener {
protected final Log logger = LogFactory.getLog(getClass());
/**
*
* Redirects the login request directly to spring security check.
* Leave this method as it is to properly support spring security.
*
* @return
* @throws ServletException
* @throws IOException
*/
public String doLogin() throws ServletException, IOException {
ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
.getRequestDispatcher("/j_spring_security_check");
dispatcher.forward((ServletRequest) context.getRequest(),
(ServletResponse) context.getResponse());
FacesContext.getCurrentInstance().responseComplete();
return null;
}
public void afterPhase(PhaseEvent event) {
}
/* (non-Javadoc)
* @see javax.faces.event.PhaseListener#beforePhase(javax.faces.event.PhaseEvent)
*
* Do something before rendering phase.
*/
public void beforePhase(PhaseEvent event) {
Exception e = (Exception) FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get(
WebAttributes.AUTHENTICATION_EXCEPTION);
if (e instanceof BadCredentialsException) {
logger.debug("Found exception in session map: "+e);
FacesContext.getCurrentInstance().getExternalContext().getSessionMap().put(
WebAttributes.AUTHENTICATION_EXCEPTION, null);
FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR,"Username or password not valid.", "Username or password not valid"));
}
}
public PhaseId getPhaseId() {
return PhaseId.RENDER_RESPONSE;
}
springsecurity.xml
<http use-expressions="true">
<intercept-url pattern="/admin.jsf" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/user.jsf" access="hasRole('ROLE_USER')" />
<!-- Custom login page -->
<form-login login-page="/login.jsf" />
<!-- Custom logout page -->
<logout />
</http>
<!-- Use inline authentication provider. -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_ADMIN" />
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
root-context.xml
<context:component-scan base- package="de.slackspace.tutorials.customloginpage" />