JSF 2, CDI 1.1, Springsecurity 4: Custom login form does not redirect to page

Asked

Viewed 649 times

2

I’m making an application with JSF 2, Springsecutiry 4 and CDI 1.1.

I did the entire implementation of Springsecurity with JSF and apparently everything worked normally, but when making the custom login form, the same redirects to file links in the HTML Head. If I use the spring login form everything works correctly.

Follow the codes:

@EnableWebSecurity
@Configuration
@ComponentScan(
        basePackages = {
    "br.com.projectus.acompobra.negocio",
    "br.com.projectus.acompobra.dao"})
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Inject
    private UserDetailsService userDetailsService;

    @Inject
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.authorizeRequests().anyRequest().authenticated().and().logout()
                .logoutSuccessUrl("/faces/login.xhtml?logout")
                .permitAll().and().formLogin()
                .loginPage("/faces/login.xhtml")
                .failureUrl("/faces/login.xhtml?erro").permitAll().defaultSuccessUrl("/faces/login.xhtml");
    }

}

HTML Page:

<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:p="http://primefaces.org/ui"
      xmlns:f="http://xmlns.jcp.org/jsf/core"
      xmlns:c="http://xmlns.jcp.org/jsp/jstl/core"
      xmlns:h="http://xmlns.jcp.org/jsf/html">
    <h:head>
        <h:outputStylesheet library="css" name="login.css"/>
        <title>Projectus - SGO</title>
        <link rel="shortcut icon" href="../resources/images/logo_prj.ico" type="image/x-icon" />
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    </h:head>

    <h:body>

        <h:panelGroup rendered="#{param.erro != null}">  
            <p>Dados inválidos.</p>
        </h:panelGroup> 
        <h:panelGroup rendered="#{param.logout != null}">  
            <p>Logout efetuado com sucesso.</p>  
        </h:panelGroup>

        <div id="header-wrapperLogin">
            <div id="headerLogin">
                <div id="logoLogin">

                    <h:form id="form" prependId="false">  
                        <h2>Seja bem vindo. Entre com os dados abaixo para realizar o login.</h2> 
                        <h:panelGrid columns="2">
                            <h:outputLabel for="username" value="Usuário" />  
                            <h:inputText id="username" />   
                            <h:outputLabel for="password" value="Senha" />  
                            <h:inputSecret id="password"  />  
                        </h:panelGrid>  
                        <p:commandButton value="Enviar" /> 
                    </h:form>

                </div>
            </div>
        </div>
    </h:body>

</html>
java jsf spring spring-security

1 answer

1

The configuration order of the configure(Httpsecurity http) method is important, if you put/set the settings in random order, problems may occur for Spring Security to recognize.

Even if this is not the situation in this scenario, it is possible to redirect manually, creating a Handler and setting it together with Spring Security settings .successHandler(new AuthSuccessHandler())

Ex:

public class AuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {

    if(isAdmin()) {
        response.sendRedirect("admin");
    }
    response.sendRedirect("usuario"); 
  }
}

Browser other questions tagged java jsf spring spring-security

You are not signed in. Login or sign up in order to post.