Spring Security+；Primefaces-can'；t处理ViewExpiredException_Spring_Jsf_Spring Security_Primefaces

Spring Security+；Primefaces-can'；t处理ViewExpiredException

spring jsf spring-security primefaces

Spring Security+；Primefaces-can'；t处理ViewExpiredException,spring,jsf,spring-security,primefaces,Spring,Jsf,Spring Security,Primefaces,我在spring安全性和primefaces配置方面有问题。对于我的项目，我需要能够登录，并且决定添加spring安全性。在我添加spring安全性之前，它是这样的：如果用户打开页面并且空闲了半个小时，那么会话就会终止，页面上的按钮停止工作，当按下按钮时，我会在IDE的控制台中看到viewexpiredexception。然后我更改了web.xml和faces-config.xml文件： web.xml： <!-- File(s) appended to a request for a U

我在spring安全性和primefaces配置方面有问题。对于我的项目，我需要能够登录，并且决定添加spring安全性。在我添加spring安全性之前，它是这样的：如果用户打开页面并且空闲了半个小时，那么会话就会终止，页面上的按钮停止工作，当按下按钮时，我会在IDE的控制台中看到viewexpiredexception。然后我更改了web.xml和faces-config.xml文件：

web.xml：

<!-- File(s) appended to a request for a URL that is not mapped to a web component -->
<welcome-file-list>
    <welcome-file>mypage.xhtml</welcome-file>
</welcome-file-list>

<error-page>
    <exception-type>
        javax.faces.application.ViewExpiredException
    </exception-type>
    <location>/login.xhtml</location> <!-- type whatever suits your environment and requirements -->
</error-page>

<!-- Define the JSF servlet (manages the request processing life cycle for JavaServer Faces) -->
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<!-- Map following files to the JSF servlet -->
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.xhtml</url-pattern>
</servlet-mapping>

<listener>
    <listener-class>org.springframework.boot.legacy.context.web.SpringBootContextLoaderListener</listener-class>
</listener>

}

我找不到如何解决我的问题。

可能是spring security干扰了JSF/PrimeFaces的ajax调用……很可能spring security捕获了请求并用代码403响应，因为用户没有授权Danymore在该视图上执行任何操作。因此，重建视图是不必要的，并且不会引发视图过期异常。

<application>
    <el-resolver>
        org.primefaces.application.exceptionhandler.PrimeExceptionHandlerELResolver
    </el-resolver>
</application>
<factory>
    <exception-handler-factory>
        org.primefaces.application.exceptionhandler.PrimeExceptionHandlerFactory
    </exception-handler-factory>
</factory>

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
@Override
protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests().antMatchers("/javax.faces.resource/**")
            .permitAll().anyRequest().authenticated();
    // login
    http.formLogin().loginPage("/login.xhtml").permitAll()
            .failureUrl("/login.xhtml?error=true");
    http.sessionManagement()
            .maximumSessions(1)
            .expiredUrl("/login.xhtml")
            .and()
            .invalidSessionUrl("/login.xhtml");

    // logout
    http.logout().logoutSuccessUrl("/login.xhtml");
    // not needed as JSF 2.2 is implicitly protected against CSRF
    http.csrf().disable();
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
        throws Exception {
    auth.inMemoryAuthentication().withUser("john.doe")
            .password("{noop}1234").roles("USER").and()
            .withUser("jane.doe").password("{noop}5678").roles("ADMIN");
}