Authentication with Spring Security 3.0.5 + JSF 1.2
First of all, sorry for my bad english(a mysterious language for me ... w google translate!!! :mrgreen: )
I'm doing a web application with the framework in subject (more iBatis for management of persistence in db) and the problem is that......despite a successful implementation of the form Spring Security, the authentication doesn't work :banghead:
For the accuracy.....after Login, don't enter in the method loadUserByUsername!!!!
I tried debugging with Eclipse but...nothing.....
Here's some code:
web.xml
applicationContext-security.xmlCode:<context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext-security.xml </param-value> </context-param> <context-param> <param-name>org.richfaces.SKIN</param-name> <param-value>blueSky</param-value> </context-param> <context-param> <param-name>org.richfaces.CONTROL_SKINNING</param-name> <param-value>enable</param-value> </context-param> <context-param> <param-name>javax.faces.STATE_SAVING_METHOD</param-name> <param-value>client</param-value> </context-param> <context-param> <param-name>org.ajax4jsf.VIEW_HANDLERS</param-name> <param-value>com.sun.facelets.FaceletViewHandler</param-value> </context-param> <filter> <display-name>RichFaces Filter</display-name> <filter-name>richfaces</filter-name> <filter-class>org.ajax4jsf.Filter</filter-class> <init-param> <param-name>enable-cache</param-name> <param-value>false</param-value> </init-param> </filter> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping> <filter-mapping> <filter-name>richfaces</filter-name> <servlet-name>Faces Servlet</servlet-name> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> </filter-mapping> <!-- - Loads the root application context of this web app at startup. - The application context is then available via - WebApplicationContextUtils.getWebApplicationContext(servletContext). --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- - Publishes events for session creation and destruction through the application - context. Optional unless concurrent session control is being used. --> <listener> <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> </listener> <listener> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> </listener> <!-- Faces Servlet --> <servlet> <servlet-name>Faces Servlet</servlet-name> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <!-- Faces Servlet Mapping --> <servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>/faces/*</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>/index.jsp</welcome-file> </welcome-file-list>
CustomUserService.javaCode:<beans xmlns="http://www.springframework.org/schema/beans" xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd" > <sec:http auto-config="true"> <sec:intercept-url pattern="/login.jsp" filters="none" /> <sec:intercept-url pattern="/bad-login.html" filters="none" /> <sec:intercept-url pattern="/index.jsp" filters="none" /> <sec:intercept-url pattern="/**" access="ROLE_admin,ROLE_user" /> <sec:form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check" authentication-failure-url="/bad-login.html" /> <sec:logout logout-url="/logout" logout-success-url="/login.jsp" /> </sec:http> <bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" id="passwordEncoder"/> <bean id="CustomUserServiceDetails" class="it.wave.wpc.fe.service.CustomUserService" /> <sec:authentication-manager alias="authenticationManager"> <sec:authentication-provider user-service-ref="CustomUserServiceDetails"> <sec:password-encoder ref="passwordEncoder"/> </sec:authentication-provider> </sec:authentication-manager> </beans>
- my Users implements UserDetailsCode:public class CustomUserService implements UserDetailsService { public BLMUsers getBlmUsers() { return (BLMUsers)ServiceProviderLocatorUser.getCurrentInstance().get("BLMUsers"); } public BLMUserRoles getBlmUserRoles() { return (BLMUserRoles)ServiceProviderLocatorUser.getCurrentInstance().get("BLMUserRoles"); } public UserDetails loadUserByUsername(String arg0) throws UsernameNotFoundException, DataAccessException { Users utente = new Users(); utente = (Users) getBlmUsers().getUserName(arg0); if(utente == null) throw new UsernameNotFoundException(arg0 + " is not found"); List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); UserRolesExample example = new UserRolesExample(); example.createCriteria().andUserIdEqualTo(arg0); List<UserRolesKey> lista = (List<UserRolesKey>) getBlmUserRoles().getUserRoles(example); authorities.add(new GrantedAuthorityImpl(lista.get(0).getRoleName())); return utente; } }
- I don't use default tables for users e roles but I have custom tables
- page of login is by manual of Spring Security
If you need any more information or code, just ask! :thumbup:
Thank you!!!!!!
Reply With Quote