Spring与JSF2.1的安全集成
我正在尝试将Spring3.1.1安全性与JSF2.1集成。我设法在运行时获得了示例代码。但是,我在尝试自定义它时遇到了问题。即使使用正确的凭据,我也无法登录,并且总是被重定向到loginFailed.xhtml。我的配置如下 web.xml:Spring与JSF2.1的安全集成,spring,security,jsf,Spring,Security,Jsf,我正在尝试将Spring3.1.1安全性与JSF2.1集成。我设法在运行时获得了示例代码。但是,我在尝试自定义它时遇到了问题。即使使用正确的凭据,我也无法登录,并且总是被重定向到loginFailed.xhtml。我的配置如下 web.xml: <web-app> <display-name>Captain Admin</display-name> <welcome-file-list> <welcome-fi
<web-app>
<display-name>Captain Admin</display-name>
<welcome-file-list>
<welcome-file>welcome.xhtml</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
<!-- JSF Config -->
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>
/WEB-INF/faces-config.xml,
/WEB-INF/faces-managed-beans.xml,
/WEB-INF/faces-navigation.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.enabledLoadBundle11Compatibility</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.validateXml</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.verifyObjects</param-name>
<param-value>true</param-value>
</context-param>
<!-- Spring Config -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
<!-- Filter Config -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<!-- Filter Mappings -->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<!-- Core JSF Config -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
</web-app>
行政队长
welcome.xhtml
10
javax.faces.DEFAULT_后缀
.xhtml
javax.faces.CONFIG_文件
/WEB-INF/faces-config.xml,
/WEB-INF/faces-managed-beans.xml,
/WEB-INF/faces-navigation.xml
javax.faces.STATE_保存方法
客户
com.sun.faces.enabledLoadBundle11兼容性
真的
com.sun.faces.validateXml
真的
com.sun.faces.verifyObjects
真的
上下文配置位置
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml
org.springframework.web.context.ContextLoaderListener
org.springframework.web.context.request.RequestContextListener
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
向前地
要求
Facesservlet
javax.faces.webapp.FacesServlet
1.
Facesservlet
/面孔/*
*.xhtml
applicationContext.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans>
<context:annotation-config />
<context:component-scan base-package="com.ocpsoft" />
<bean id="loggerListener"
class="org.springframework.security.event.authentication.LoggerListener" />
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location">
<value>WEB-INF/classes/config/database/db.properties</value>
</property>
</bean>
<bean id="dataSources" class="com.mchange.v2.c3p0.ComboPooledDataSource"
destroy-method="close">
<property name="driverClass" value="${jdbc.driverClassName}" />
<property name="jdbcUrl" value="${jdbc.url}" />
<property name="user" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
</bean>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<constructor-arg ref="dataSources"/>
</bean>
<bean id="namedParameterJdbcTemplate"
class="org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate">
<constructor-arg ref="dataSources"/>
</bean>
</beans>
WEB-INF/classes/config/database/db.properties
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans>
<global-method-security secured-annotations="enabled"/>
<http auto-config="true" access-denied-page="/accessDenied.xhtml" >
<intercept-url pattern="/protected/*" access="ROLE_ADMIN" />
<form-login login-processing-url="/j_spring_security_check"
login-page="/login.xhtml"
default-target-url="/protected/index.xhtml"
authentication-failure-url="/loginFailed.xhtml" />
<logout logout-url="/logout*" logout-success-url="/" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="rod" password="rod" authorities="ROLE_ADMIN" />
<user name="dianne"
password="65d15fe9156f9c4bbffd98085992a44e"
authorities="ROLE_USER,ROLE_TELLER" />
<user name="scott"
password="2b58af6dddbd072ed27ffc86725d7d3a"
authorities="ROLE_USER" />
<user name="peter"
password="22b5c9accc6e1ba628cedc63a72d57f8"
authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
faces-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<faces-config>
<!-- Application Config -->
<application>
<el-resolver>
org.springframework.web.jsf.el.SpringBeanFacesELResolver
</el-resolver>
</application>
</faces-config>
org.springframework.web.jsf.el.SpringBeanFacesELResolver
faces-managed-beans.xml
<?xml version="1.0"?>
<faces-config >
<!-- Managed Beans -->
<managed-bean>
<description>
Current logged in user's authentication information
</description>
<managed-bean-name>loginBean</managed-bean-name>
<managed-bean-class>
com.ocpsoft.pages.login.LoginBean
</managed-bean-class>
<managed-bean-scope>
request
</managed-bean-scope>
</managed-bean>
</faces-config>
当前登录用户的身份验证信息
罗根宾
com.ocpsoft.pages.login.LoginBean
要求
我相信您无法访问登录页面,因为:
<!--
<intercept-url
pattern="/login*"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
-->
我相信您的登录页面被spring security截获,它阻止您在没有凭据的情况下访问它(没有登录页面您无法获得凭据)
在存储库中,我有一个SpringSecurity3、JSF2和PrettyFaces3的工作代码,如果您想检查的话