1
Good evening, I am learning jsf, so I followed some videos of Leandro Costa on youtube, I found it very didactic and etc. At the end of the course it provides the source code, however as the project uses spring security on login and it did not pass the sql script every page I try to access gives the HTTP error Status 403 - Access to the requested Resource has been denied. I tried to create the bank manually, but without success. So I came to the conclusion that it is better to take the authentication to be able to use the application.
spring-security.xml
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:b="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login.faces" access="permitAll" />
<intercept-url pattern="/restrict/**" access="isAuthenticated()" />
<intercept-url pattern="/public/**" access="permitAll"/>
<form-login login-page="/login.faces" authentication-failure-url="/login.faces?erro=true"
default-target-url="/restrict/home.faces"/>
<access-denied-handler error-page="/acessonegado.faces" />
</http>
<!-- NO PROJETO SEMERU PADRÃO FIZEMOS DESSA FORMA -->
<authentication-manager>
<authentication-provider>
<password-encoder hash="sha"/>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT Login, Senha, 'true' as enable FROM pessoa WHERE Login=?"
authorities-by-username-query="SELECT Login as username, Permissao as authority FROM pessoa WHERE Login=?"/>
</authentication-provider>
</authentication-manager>
<b:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
<b:property name="url" value="jdbc:mysql://localhost:3306/semeru_jsf_maven_db" />
<b:property name="driverClassName" value="com.mysql.jdbc.Driver" />
<b:property name="username" value="root" />
<b:property name="password" value="admin" />
</b:bean>
Web.xml
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>semeru_jsf_maven</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<!-- <welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>-->
</welcome-file-list>
<!-- Duração da sessão -->
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Configurações do tema do PrimeFaces -->
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>sam</param-value>
</context-param>
<!-- Filtros do Spring -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<!-- Configurações do JavaServer Faces -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Bloqueia o browser de acessar arquivos xhtml</display-name>
<web-resource-collection>
<web-resource-name>xhtml files</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<!-- Configurações do PrimeFaces -->
<servlet>
<servlet-name>Resource Servlet</servlet-name>
<servlet-class>org.primefaces.resource.ResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Resource Servlet</servlet-name>
<url-pattern>/primefaces_resource/*</url-pattern>
</servlet-mapping>
It worked Ricardo, thank you so much for helping me.
– David Filipe
Anything expensive, in case you have any questions, don’t hesitate to ask.
– Ricardo Rodrigues de Faria