0
votes

I using JSF 2.0 + Icefaces 2.0 and try to implement spring security 2.06 (not 3.x due to compatible problems with Icefaces 2.0).

I follow this guide (I think it is for JSF 1.x and Icefaces 1.8): http://facestutorials.icefaces.org/tutorial/spring-security-basic.html

But I have problem to integrate the spring framework. I have added these lines to web.xml:

<listener>
  <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<!-- Spring Security -->
<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

Then I have a file, applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">

  <security:http auto-config="true" access-denied-page="/pages/accessDenied.xhtml">
    <security:intercept-url pattern="/secured/**"                        access="ROLE_ALLACCESS, ROLE_URLACCESS"/>
    <security:form-login login-page="/pages/springSecurityLogin.xhtml"
                             default-target-url="/secured/welcome.xhtml"/>
    <security:logout logout-success-url="/pages/logoutSuccess.xhtml"/>
  </security:http>

  <security:authentication-provider user-service-ref="userDetailsService"/>

  <bean id="userDetailsService" class="security.UserDetailsServiceImpl">
    <constructor-arg ref="userRepository"/>
  </bean>

  <bean id="userRepository" class="security.UserDaoImpl"/>

</beans>

The userDetailsService class is implemented according to:

package security;

import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;

public class UserDetailsServiceImpl implements UserDetailsService {

private UserDAO userDAO;

public UserDetailsServiceImpl(UserDAO userDAO) {
    this.userDAO = userDAO;
}

public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException, DataAccessException {
    AppUser user = userDAO.findUser(username);
    if (user == null)
        throw new UsernameNotFoundException("User not found: " + username);
    else {
        return makeUser(user);
    }
}

private org.springframework.security.userdetails.User makeUser(AppUser user) {
    return new org.springframework.security.userdetails.User(user.getLogin(), user
            .getPassword(), true, true, true, true,
            makeGrantedAuthorities(user));
}

private GrantedAuthority[] makeGrantedAuthorities(AppUser user) {
    GrantedAuthority[] result = new GrantedAuthority[user.getRoles().size()];
    int i = 0;
    for (String role : user.getRoles()) {
        result[i++] = new GrantedAuthorityImpl(role);
    }
    return result;
}

}

I also has a login bean:

package web.bean.security;
import org.springframework.security.ui.AbstractProcessingFilter;

import javax.faces.application.FacesMessage;
import javax.faces.bean.ManagedBean;
import javax.faces.context.FacesContext;
import javax.faces.event.ActionEvent;

@ManagedBean(name="login")
public class Login {

    // properties
    private String userId;

    private String password;

    /**
     * default empty constructor
     */
    public Login() {

        Exception ex = (Exception) FacesContext
                .getCurrentInstance()
                .getExternalContext()
                .getSessionMap()
                .get(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);

        if (ex != null)
            FacesContext.getCurrentInstance().addMessage(
                    null,
                    new FacesMessage(FacesMessage.SEVERITY_ERROR, ex
                            .getMessage(), ex.getMessage()));

    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public String getUserId() {
        return userId;
    }

    public void setUserId(String userId) {
        this.userId = userId;
    }

    public void login(ActionEvent e) throws java.io.IOException {
        FacesContext.getCurrentInstance().getExternalContext().redirect("/spring-authentication/j_spring_security_check?j_username=" + userId + "&j_password=" + password);
    }
}

The problem is when I running a jsf file which using the login bean:

The requested resource () is not available.

I'm using Tomcat 7.

Can you please help me?

Best Regards /kungcc

2

2 Answers

0
votes

I think you need to add the webapplication name before the /j_spring_security_check like /WebAppName/j_spring_security_check that will aply the spring on all what comes after /webAppName

0
votes

Does omitting /spring-authentication in the login() method of login bean help?

public void login(ActionEvent e) throws java.io.IOException {
        FacesContext.getCurrentInstance().getExternalContext().redirect("/j_spring_security_check?j_username=" + userId + "&j_password=" + password);
    }