Results 1 to 5 of 5

Thread: Stays on same url after (successful?) login

  1. Feb 6th, 2012, 11:25 AM #1
    glen_jai
    glen_jai is offline Junior Member
    Join Date
    Jul 2011
    Posts
    6

    Question Stays on same url after (successful?) login

    Hi,
    I am trying to integrate Spring Security 3 with JSF2.0 (Apache Myfaces) to direct users to a login page when they attempt to access a page that requires authentication.

    My applicationContext.xml looks like:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:security="http://www.springframework.org/schema/security"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.1.xsd">


	<security:http auto-config="true" access-denied-page="/index.jsf">
		<security:intercept-url pattern="/authenticated/**" access="ROLE_BLAH_USER" />	
		<security:intercept-url pattern="/admin/**" access="ROLE_BLAH_ADMIN" />
		<security:form-login login-page="/login.html" default-target-url="/authenticated/hello.html"/>
		<security:logout logout-success-url="/index.jsf" />
	</security:http>

	<security:authentication-manager>
		<security:authentication-provider user-service-ref="userDetailsService"/>
	</security:authentication-manager>

  <bean id="userDetailsService" class="com.blah.security.spring.UserDetailsServiceImpl" />

</beans>
    And the "login.html" looks like this:

    HTML Code:
    <html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Blah title</title>
</head>
<body>
	<form action="j_spring_security_check" method="post">
		<label for="j_username">User name</label>
		<input type="text" name="j_username" id="j_username"/>
		<br/>
		<label for="j_password">Password</label>
		<input type="password" name="j_password" id="j_password"/>
		<br/>
		<input type='checkbox' name='_spring_security_remember_me'/> Remember me on this computer.
		<br/>
		<input type="submit" value="Login"/>
	</form>
</body>
</html>
    The "login.html" page correctly displays when a user attempts to view any page under the "/authenticated" directory of the webapp.
    But after (I think, successful) login, I do not get redirected to the "default-target-url". It just stays on the same page (i.e. login.html). And I do not get any message saying "Bad Credentials" or anything when I login with an incorrect username and password.

    I also do not get anything in my log that tells me that anything is wrong.

    Can some one help me please?

    Many thanks,
    Glen
    Reply With Quote Reply With Quote
  2. Feb 7th, 2012, 02:01 PM #2
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    You do not allow anonymous access to the login page. I'm not sure why the login page renders (since you should not have access to it), but if your springSecurityFilterChain is not the first filter-mapping that might explain why.
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
  3. Feb 13th, 2012, 04:44 AM #3
    glen_jai
    glen_jai is offline Junior Member
    Join Date
    Jul 2011
    Posts
    6

    Default

    Quote Originally Posted by rwinch View Post
    You do not allow anonymous access to the login page. I'm not sure why the login page renders (since you should not have access to it), but if your springSecurityFilterChain is not the first filter-mapping that might explain why.
    Hi, thank you for your response. But I don't understand why I would need anonymous access to the login page.
    Would you mind explaining a bit more?
    The "springSecurityFilterChain" has been moved to the first filter in the web.xml, but I still get the same problem.

    Thanks again,
    Glen
    Reply With Quote Reply With Quote
  4. Feb 13th, 2012, 08:01 AM #4
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    You need anonymous access because you need to be able to view the login page prior to being authenticated. What does the URL display after you have logged in and are still seeing the login page? If you navigate to another location in your application that is secured do you see that page or does it send you to the login page again?
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
  5. Mar 6th, 2012, 08:59 AM #5
    glen_jai
    glen_jai is offline Junior Member
    Join Date
    Jul 2011
    Posts
    6

    Default

    Quote Originally Posted by rwinch View Post
    You need anonymous access because you need to be able to view the login page prior to being authenticated. What does the URL display after you have logged in and are still seeing the login page? If you navigate to another location in your application that is secured do you see that page or does it send you to the login page again?
    Hello rwinch,
    Sorry for the late reply again. I was trying to get it to work for a while, and then was onto something else for a bit.
    Thank you for your replies and your help. I really appreciate it.

    I managed to get it to work in the end with JSF, following this article:
    Spring security Integration - JSF Log in

    Basically I do all the necessary login initialisation required in JSF, before forwarding the original request to the Spring "j_spring_security_check" servlet.

    Thanks again for all the help.

    Glen
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules