Spring Security+;Primefaces-can';t处理ViewExpiredException
我在spring安全性和primefaces配置方面有问题。对于我的项目,我需要能够登录,并且决定添加spring安全性。在我添加spring安全性之前,它是这样的:如果用户打开页面并且空闲了半个小时,那么会话就会终止,页面上的按钮停止工作,当按下按钮时,我会在IDE的控制台中看到viewexpiredexception。然后我更改了web.xml和faces-config.xml文件: web.xml:Spring Security+;Primefaces-can';t处理ViewExpiredException,spring,jsf,spring-security,primefaces,Spring,Jsf,Spring Security,Primefaces,我在spring安全性和primefaces配置方面有问题。对于我的项目,我需要能够登录,并且决定添加spring安全性。在我添加spring安全性之前,它是这样的:如果用户打开页面并且空闲了半个小时,那么会话就会终止,页面上的按钮停止工作,当按下按钮时,我会在IDE的控制台中看到viewexpiredexception。然后我更改了web.xml和faces-config.xml文件: web.xml: <!-- File(s) appended to a request for a U
<!-- File(s) appended to a request for a URL that is not mapped to a web component -->
<welcome-file-list>
<welcome-file>mypage.xhtml</welcome-file>
</welcome-file-list>
<error-page>
<exception-type>
javax.faces.application.ViewExpiredException
</exception-type>
<location>/login.xhtml</location> <!-- type whatever suits your environment and requirements -->
</error-page>
<!-- Define the JSF servlet (manages the request processing life cycle for JavaServer Faces) -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Map following files to the JSF servlet -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.boot.legacy.context.web.SpringBootContextLoaderListener</listener-class>
</listener>
}
我找不到如何解决我的问题。可能是spring security干扰了JSF/PrimeFaces的ajax调用……很可能spring security捕获了请求并用代码403响应,因为用户没有授权Danymore在该视图上执行任何操作。因此,重建视图是不必要的,并且不会引发视图过期异常。
<application>
<el-resolver>
org.primefaces.application.exceptionhandler.PrimeExceptionHandlerELResolver
</el-resolver>
</application>
<factory>
<exception-handler-factory>
org.primefaces.application.exceptionhandler.PrimeExceptionHandlerFactory
</exception-handler-factory>
</factory>
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/javax.faces.resource/**")
.permitAll().anyRequest().authenticated();
// login
http.formLogin().loginPage("/login.xhtml").permitAll()
.failureUrl("/login.xhtml?error=true");
http.sessionManagement()
.maximumSessions(1)
.expiredUrl("/login.xhtml")
.and()
.invalidSessionUrl("/login.xhtml");
// logout
http.logout().logoutSuccessUrl("/login.xhtml");
// not needed as JSF 2.2 is implicitly protected against CSRF
http.csrf().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("john.doe")
.password("{noop}1234").roles("USER").and()
.withUser("jane.doe").password("{noop}5678").roles("ADMIN");
}