All geek questions in one place

Spring redirect security after login

After a successful login, it is not redirected to "index.php". It redirects the same page as "login.php". Is there something wrong with my spring-security.xml page?

By the way, when I launch the application, it redirects me to "login.php", which is good. But it does not display surface components, but html components. After a successful login, it redirects the same page, but this time it displays Primefaces components instead of html components.

<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <http auto-config="true" use-expressions="true"> <intercept-url pattern="/pages/login.xhtml*" access="permitAll"/> <intercept-url pattern="/**" access="hasRole('admin')" /> <form-login login-page='/pages/login.xhtml' default-target-url="/pages/index.xhtml" authentication-failure-url="/pages/login.xhtml"/> <logout logout-success-url="/pages/logout.xhtml" /> </http> <!--Authentication Manager Details --> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="customUserDetailsService"> <!-- <password-encoder hash="md5"/>--> </authentication-provider> </authentication-manager>

my web.xml

 <welcome-file-list> <welcome-file>pages/index.xhtml</welcome-file> </welcome-file-list>

my login page

 <p:outputPanel id="loginOutputPanelId" style="border: navy"> <p:panelGrid id="loginInformationPanel" columns="2"> <h:outputText value="Username: "/> <p:inputText value="#{loginController.userName}"/> <h:outputText value="Password: "/> <p:inputText value="#{loginController.password}"/> </p:panelGrid> <p:commandButton value="Login" actionListener="#{loginController.login()}"/> </p:outputPanel>

my loginController.login () method returns the string "index" and my faces.config;

 <navigation-rule> <from-view-id>/pages/login.xhtml</from-view-id> <navigation-case> <from-outcome>index</from-outcome> <to-view-id>/pages/index.xhtml</to-view-id> <redirect /> </navigation-case> </navigation-rule>

EDIT: without a component, it works without any problems. When I add the login form, it says: "The web page at http://localhost:8080/myApplication/pages/login.xhtml resulted in too many redirects."

 <http auto-config='true' use-expressions="true"> <intercept-url pattern="/**" access="hasRole('admin')" /> <logout logout-success-url="/pages/logout.xhtml" /> <form-login login-page="/pages/login.xhtml" login-processing-url="/j_spring_security_check" default-target-url="/pages/index.xhtml" authentication-failure-url="/pages/login.xhtml"/> </http>

My login page

 <p:outputPanel id="loginOutputPanelId" style="border: navy"> <p:panelGrid id="loginInformationPanel" columns="2"> <h:outputText value="Kullanıcı Adı: "/> <p:inputText id="j_username" required="true" value="#{loginController.userName}"/> <h:outputText value="Şifre: "/> <p:inputText id="j_password" required="true" value="#{loginController.password}"/> </p:panelGrid> <p:commandButton id="login" type="submit" ajax="false" value="Login" actionListener="#{loginController.login()}"/> </p:outputPanel>

My new loginController.login () method;

 ExternalContext context = FacesContext.getCurrentInstance().getExternalContext(); RequestDispatcher dispatcher = ((ServletRequest) context.getRequest()) .getRequestDispatcher("/j_spring_security_check"); dispatcher.forward((ServletRequest) context.getRequest(), (ServletResponse) context.getResponse()); FacesContext.getCurrentInstance().responseComplete();
+6
source share
2 answers

To force spring-security to go to /pages/index.xhtml , you can use the always-use-default-target property as follows:

 <form-login login-page='/pages/login.xhtml' default-target-url="/pages/index.xhtml" always-use-default-target="true" authentication-failure-url="/pages/login.xhtml"/>

Otherwise, the login page should be automatically displayed using spring security when the user invokes a protected resource, and after logging in, continue the protected resource that was originally requested.

In your case, some confusion seems to come from the fact that you want spring security to handle login, and you are trying to handle it yourself using jsf actionListener and navigation rules.

Inserting " <form-login [...] " in the configuration essentially tells spring to activate the filter ( UsernamePasswordAuthenticationFilter ), which will listen for requests made in /j_spring_security_check . If you want spring to process the login, by default your form login should request this URL by passing two parameters: j_username and j_password .

Thus, spring UsernamePasswordAuthenticationFilter will start and try to authenticate the provided credentials using the UserDetailsService that you configured in AuthenticationProvider.

I think you need to remove your jsf controller for login and use spring-security for authentication.

Hope this helps.

PS: make sure your web.xml defines DelegatingFilterProxy before all other servlet filters:

 <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
+16
source

Check the Servlet Faces URL pattern in web.xml. If it contains .jsf, for example:

 <servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>*.jsf</url-pattern> </servlet-mapping>

then you should update your code in spring -security.xml, for example:

 <form-login login-page="/pages/login.jsf" login-processing-url="/j_spring_security_check" default-target-url="/pages/index.jsf" authentication-failure-url="/pages/login.jsf"/>
0
source

Source: https://habr.com/ru/post/946949/

More articles:


All Articles