How to disable spring security

Asked

Viewed 956 times

1

Good evening, I am learning jsf, so I followed some videos of Leandro Costa on youtube, I found it very didactic and etc. At the end of the course it provides the source code, however as the project uses spring security on login and it did not pass the sql script every page I try to access gives the HTTP error Status 403 - Access to the requested Resource has been denied. I tried to create the bank manually, but without success. So I came to the conclusion that it is better to take the authentication to be able to use the application.

spring-security.xml

<b:beans xmlns="http://www.springframework.org/schema/security"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:b="http://www.springframework.org/schema/beans"
     xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <http auto-config="true" use-expressions="true">
    <intercept-url pattern="/login.faces" access="permitAll" />
    <intercept-url pattern="/restrict/**" access="isAuthenticated()" />
    <intercept-url pattern="/public/**" access="permitAll"/>

    <form-login login-page="/login.faces" authentication-failure-url="/login.faces?erro=true"
                default-target-url="/restrict/home.faces"/>     
    <access-denied-handler error-page="/acessonegado.faces" />
</http>                

<!-- NO PROJETO SEMERU PADRÃO FIZEMOS DESSA FORMA -->  
<authentication-manager>
    <authentication-provider>
        <password-encoder hash="sha"/>
        <jdbc-user-service data-source-ref="dataSource"
                           users-by-username-query="SELECT Login, Senha, 'true' as enable FROM pessoa WHERE Login=?"
                           authorities-by-username-query="SELECT Login as username, Permissao as authority  FROM pessoa WHERE Login=?"/>               
    </authentication-provider>
</authentication-manager>

<b:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
    <b:property name="url" value="jdbc:mysql://localhost:3306/semeru_jsf_maven_db" />
    <b:property name="driverClassName" value="com.mysql.jdbc.Driver" />
    <b:property name="username" value="root" />
    <b:property name="password" value="admin" />
</b:bean>

Web.xml

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
     id="WebApp_ID" version="2.5">

<display-name>semeru_jsf_maven</display-name>

<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
    <!--        <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>-->
</welcome-file-list>

<!-- Duração da sessão -->

<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring-security.xml
    </param-value>
</context-param>  

<!-- Configurações do tema do PrimeFaces -->
<context-param>  
    <param-name>primefaces.THEME</param-name>  
    <param-value>sam</param-value>  
</context-param>         

<!-- Filtros do Spring  -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

    <!-- Configurações do JavaServer Faces -->

<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>

<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.faces</url-pattern>
</servlet-mapping>

<security-constraint>
    <display-name>Bloqueia o browser de acessar arquivos xhtml</display-name>
    <web-resource-collection>
        <web-resource-name>xhtml files</web-resource-name>
        <url-pattern>*.xhtml</url-pattern>
    </web-resource-collection>
    <auth-constraint/>
</security-constraint>

<!-- Configurações do PrimeFaces -->

<servlet>
    <servlet-name>Resource Servlet</servlet-name>
    <servlet-class>org.primefaces.resource.ResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Resource Servlet</servlet-name>
    <url-pattern>/primefaces_resource/*</url-pattern>
</servlet-mapping>

1 answer

0


commented the excerpts that activate the spring security of your web.xml trying to explain what each excerpt is responsible for doing, it is important to note, that although spring security will be disabled with this web.xml, the application may be using this context in several places and not function properly.

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
     id="WebApp_ID" version="2.5">

<display-name>semeru_jsf_maven</display-name>

<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
    <!--        <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>-->
</welcome-file-list>

<!-- Duração da sessão -->

<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>

<!-- Este parâmetro refere-se ao contexto do Spring
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring-security.xml
    </param-value>
</context-param>  -->

<!-- Configurações do tema do PrimeFaces -->
<context-param>  
    <param-name>primefaces.THEME</param-name>  
    <param-value>sam</param-value>  
</context-param>         

<!-- Estes filtros são responsáveis por interceptar qualquer request e direcioná-lo para o Spring
Filtros do Spring  
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>
-->

    <!-- Configurações do JavaServer Faces -->

<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>

<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.faces</url-pattern>
</servlet-mapping>

<!-- Aqui como explicado abaixo, é responsável por blqouear acesso ao xhtml caso o usuário não esteja autenticado
<security-constraint>
    <display-name>Bloqueia o browser de acessar arquivos xhtml</display-name>
    <web-resource-collection>
        <web-resource-name>xhtml files</web-resource-name>
        <url-pattern>*.xhtml</url-pattern>
    </web-resource-collection>
    <auth-constraint/>
</security-constraint>
-->

<!-- Configurações do PrimeFaces -->

<servlet>
    <servlet-name>Resource Servlet</servlet-name>
    <servlet-class>org.primefaces.resource.ResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Resource Servlet</servlet-name>
    <url-pattern>/primefaces_resource/*</url-pattern>
</servlet-mapping>

I hope I’ve helped.

  • It worked Ricardo, thank you so much for helping me.

  • Anything expensive, in case you have any questions, don’t hesitate to ask.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.