Problems Implementing Spring Security

Question

Problems Implementing Spring Security

Asked 9 years, 1 month ago

Viewed 528 times

4

I am implementing Spring Security in a project, however, I have come across some problems. I will put the code of contexts, the part of web.xml for Spring Security and how I put it on a page for you to see.

What happens is that Spring is not restricting himself. I have only one user in the bank with ROLE_GERENTE permission, however, Spring takes from the login page to the restricted home without presenting the manager content it should (see tag in the code below). It also maintains the login page URL ("publico/home.jsf").

applicationContext-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:b="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    <http>
        <intercept-url pattern="/restrito/**" access="ROLE_GERENTE"/>
        <form-login 
            login-page="/publico/home.jsf"
            always-use-default-target="true" 
            default-target-url="/publico/home.jsf"
            authentication-failure-url="/publico/index.jsf?login_error=1" />
        <logout/>
        <remember-me/>
    </http>

    <authentication-manager>
        <authentication-provider>
<!--            <password-encoder hash="md5"/> -->
            <jdbc-user-service data-source-ref="Somore"
                authorities-by-username-query="SELECT u.email, p.permissao FROM usuario u, 
                                usuario_permissao p WHERE u.id = p.usuario AND u.email= ?"
                users-by-username-query="SELECT email, senha, ativo FROM usuario WHERE email = ?" />
        </authentication-provider>
    </authentication-manager>
</b:beans>

applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">

    <bean class="org.springframework.jndi.JndiObjectFactoryBean" id="Somore">
        <property name="jndiName" >
            <value>java:comp/env/jdbc/Somore</value>
        </property>
    </bean>     
</beans>

web xml.

<!-- Spring Security -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/applicationContext.xml
            /WEB-INF/applicationContext-security.xml
        </param-value>
    </context-param>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>ERROR</dispatcher>
    </filter-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

restricted/home.xhtml

<?xml version="1.0" encoding="ISO-8859-1"?>  
<ui:composition 
    xmlns:ui="http://java.sun.com/jsf/facelets"
    xmlns:p="http://primefaces.org/ui" 
    xmlns:h="http://java.sun.com/jsf/html"
    xmlns:sec="http://www.springframework.org/security/facelets/tags" 
    template="/resources/templates/template_restrito.xhtml">        

    <ui:define name="section">      
        <sec:ifAnyGranted roles="ROLE_GERENTE">
            GERENTE<br />
        </sec:ifAnyGranted>

    </ui:define>    

</ui:composition>

Login dialog

<p:dialog resizable="false" reshowEffect="Puff" widgetVar="dlgLogar" 
    modal="true" showHeader="false" closeOnEscape="true" height="175" width="430">
    <h:form id="login" method="post" action="${request.contextPath}/j_spring_security_check">
    <p:panelGrid columns="2" styleClass="panelLogar">
        <p:outputLabel value="Login"/>
        <p:inputText styleClass="input" value="#{usuarioBean.usuarioSpring}" name="j_username"/>

        <p:outputLabel value="Senha"/>
        <p:password styleClass="input" maxlength="8" value="#{usuarioBean.senha}" name="j_password"/>

        <p:outputLabel value="Lembre de mim"/>
        <p:selectBooleanCheckbox name="_spring_security_remember_me"/>

        <p:commandButton ajax="false" value="Logar" action="#{usuarioBean.logar}" style="width:105%;"/>
        <p:commandButton ajax="false" value="Esqueci a senha" style="width:100%;" />
    </p:panelGrid>
    </h:form>
</p:dialog>

Jars

Lista de JARs

1 answer

Browser other questions tagged jsf spring spring-security

You are not signed in. Login or sign up in order to post.

by HDeiro • **918** points · Answer 1 · 2015-05-09T13:19:44+00:00

Guys, I was able to solve it here. The problem was that my login button was not the Submit type. Now it’s working, needing me to fix now only the issue of permissions.