Results 1 to 2 of 2

Thread: Wrong URL after forwarding to acceddDenied page

  1. Feb 6th, 2008, 01:39 PM #1
    fabatt
    fabatt is offline Junior Member
    Join Date
    Apr 2007
    Posts
    9

    Default Wrong URL after forwarding to acceddDenied page

    Hi all,
    into my webapp I'm using spring(2.5.1), spring-security(1.0.6), iceFaces(JSF) with facelets.
    Spring-security in general seems to work fine. But there is one problem regarding
    accessDeniedHandler which I don't understand.

    I have following DIR structure which are protected by spring-sec:
    webapp/secure/
    webapp/secure/extreme/

    Files used into exceptionTranslationFilter are located here:
    webapp/login_user.xhtml
    webapp/accessDenied.xhtml

    If a request should be forwarded from /login_user.iface to /accessDenied.iface it seems to works, because the content of my
    acceddDenied.xhtml page appears (...access denied...).

    But when I take a look into the URL, there must be something wrong:
    .../webapp/secure/index.iface

    It should be:
    .../webapp/accessDenied.iface

    Now I can navigate to some other page, but the "../secure/.." is still into the URL, and this is wrong and causes
    problem for my layout set-up.

    It seems that the authentication order is wrong:
    First it checks on the login_user.xhtml the authentication:
    action="#{authenticationController.authenticate}

    If ok it navigate to the file defined into the faces-config.xml:
    <navigation-case>
    <from-action>#{authenticationController.authenticate}</from-action>
    <from-outcome>success</from-outcome>
    <to-view-id>/secure/index.iface</to-view-id>
    <redirect/>
    </navigation-case>

    And now it recignise that he has to navigate to the acceddDenied.iface page as defined into applicationContext.xml.
    <property name="loginFormUrl"> <value>/login_user.iface</value> </property>

    And now it seems that my webapp is totally consufed.

    Any Idea what I'm doing wrong?

    Thanks in advance

    regards fabatt


    Part of my applicationContext.xml:
    ....
    <bean id="acegiFilterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=httpSessionContextIntegrationFilter,securityReq uestFilter,exceptionTranslationFilter,filterSecuri tyInterceptor
    </value>
    </property>
    </bean>

    <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContex tIntegrationFilter">
    <property name="context">
    <value>org.acegisecurity.context.SecurityContextIm pl</value>
    </property>
    </bean>

    <bean id="securityRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHo lderAwareRequestFilter" />

    <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFi lter">
    <property name="authenticationEntryPoint">
    <bean class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilterEntryPoint">
    <property name="loginFormUrl"> <value>/login_user.iface</value> </property>
    <property name="forceHttps"> <value>false</value></property>
    </bean>
    </property>
    <property name="accessDeniedHandler">
    <bean class="org.acegisecurity.ui.AccessDeniedHandlerImp l">
    <property name="errorPage"> <value>/accessDenied.iface</value></property>
    </bean>
    </property>
    </bean>

    <bean id="filterSecurityInterceptor" class="org.acegisecurity.intercept.web.FilterSecur ityInterceptor">
    <property name="authenticationManager"><ref bean="authenticationManager"/></property>
    <property name="accessDecisionManager">
    <bean class="org.acegisecurity.vote.AffirmativeBased">
    <property name="decisionVoters">
    <list>
    <bean class="org.acegisecurity.vote.RoleVoter">
    <property name="rolePrefix">
    <value></value>
    </property>
    </bean>
    <bean class="org.acegisecurity.vote.AuthenticatedVoter" />
    </list>
    </property>
    </bean>
    </property>
    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /secure/extreme/**=ROLE_SUPERVISOR
    /secure/**=ROLE_USER,ROLE_SUPERVISOR
    </value>
    </property>
    </bean>

    <!-- ========== Authentication Manager ================================ -->
    <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager ">
    <property name="providers">
    <list>
    <ref local="daoAuthenticationProvider" />
    </list>
    </property>
    </bean>

    <!-- ========== Authentication Providers ================================ -->
    <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenti cationProvider">
    <property name="userDetailsService" ref="userDetailsServiceDaoImpl"/>
    </bean>

    <!-- DAO Implementation used by security framework for getting the user details -->
    <bean id="userDetailsServiceDaoImpl" class="org.springframework.transaction.interceptor .TransactionProxyFactoryBean">
    <!--<property name="transactionManager">
    <ref bean="transactionManager"/>
    </property> -->
    <property name="target">
    <bean class="webapp.service.usermanagement.UsersServiceI mpl" singleton="true" lazy-init="default" autowire="default" dependency-check="default" abstract="false">
    <property name="usersDao">
    <ref bean="usersDao"/>
    </property>
    </bean>
    </property>
    <property name="transactionAttributes">
    <props>
    <prop key="*">PROPAGATION_REQUIRED</prop>
    </props>
    </property>
    </bean>

    <bean id="authenticationController" class="webapp.util.AuthenticationController">
    <property name="authenticationManager"><ref bean="authenticationManager"/></property>
    </bean>

    </beans>
    login_user.xhtml:
    <ice:form jsfc="h:form" id="loginForm">
    <span jsfc="h:messages"/><br/>
    Username: <input jsfc="h:inputText"
    id="inputUsername"
    value="#{authenticationController.username}" /><br/>
    Password: <input jsfc="h:inputSecret"
    value="#{authenticationController.password}" /><br/>

    <input jsfc="h:commandButton" action="#{authenticationController.authenticate}" value="Login" />
    </ice:form>
    Part of faces-config.xml
    Code:
    ....
<navigation-rule>
	 		<from-view-id>/login_user.xhtml</from-view-id>
	 	<navigation-case>
	  		<from-action>#{authenticationController.authenticate}</from-action>
	  		<from-outcome>success</from-outcome>
	  		<to-view-id>/secure/index.iface</to-view-id>
	  		<redirect/>
	 	</navigation-case>
	 	<navigation-case>
	  		<from-action>#{authenticationController.authenticate}</from-action>
	  		<from-outcome>failure</from-outcome>
	  		<to-view-id>/login_user.iface</to-view-id>
	 	</navigation-case>
	</navigation-rule>
	
	<navigation-rule>
	 		<from-view-id>/login_admin.xhtml</from-view-id>
	 	<navigation-case>
	  		<from-action>#{authenticationController.authenticate}</from-action>
	  		<from-outcome>success</from-outcome>
	  		<to-view-id>/secure/extreme/index.iface</to-view-id>
	  		<redirect/>
	 	</navigation-case>
	 	<navigation-case>
	  		<from-action>#{authenticationController.authenticate}</from-action>
	  		<from-outcome>failure</from-outcome>
	  		<to-view-id>/login_admin.iface</to-view-id>
	 	</navigation-case>
	</navigation-rule>
  2. Mar 30th, 2008, 03:37 PM #2
    fabatt
    fabatt is offline Junior Member
    Join Date
    Apr 2007
    Posts
    9

    Default

    Any Idea or some hints?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules