I'm trying to integrate JSF with Spring Security, but it by some reason working wrong. When I push login button, it returns me same login page. second click cause NullPointerException. Trying to open other pages also leads to login page. Can tell me what I'm doing wrong? As tutorial I use book "Spring In Action" third edition, also try many other tutorials from Google Search.
applicationContext.xml
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost:3306/rsdb"/>
<property name="username" value="root"/>
<property name="password" value="1"/>
</bean>
<bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource"/>
<property name="packagesToScan"
value="ru.iartemov.RailService.model.entity"/>
<property name="hibernateProperties">
<props>
<prop key="dialect">org.hibernate.dialect.MySQLDialect</prop>
</props>
</property>
<property name="mappingResources">
<list>
<value>/hibernate/RailService.hbm.xml</value>
</list>
</property>
</bean>
<context:annotation-config/>
<context:component-scan base-package="ru"/>
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory"/>
</bean>
<tx:annotation-driven transaction-manager="transactionManager"/>
<bean class="org.springframework.beans.factory.config.CustomScopeConfigurer">
<property name="scopes">
<map>
<entry key="view">
<bean class="ru.iartemov.RailService.services.helpers.SpringViewScope"/>
</entry>
</map>
</property>
</bean>
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/employee**" access="hasRole('Employee')"/>
<security:intercept-url pattern="/client**" access="isAuthenticated()"/>
<security:form-login
login-processing-url="/j_spring_security_check"
login-page="/login.xhtml"
default-target-url="/clientSearchTrain.xhtml"
authentication-failure-url="/login.xhtml"/>
<security:logout logout-url="/j_spring_security_logout"
logout-success-url="/login.xhtml"
invalidate-session="true"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="securityService"/>
</security:authentication-manager>
</beans>
web.xml
<?xml version="1.0" encoding="ASCII"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://ift.tt/qzwahU"
xmlns:xsi="http://ift.tt/ra1lAU"
xsi:schemaLocation="http://ift.tt/qzwahU
http://ift.tt/16hRdKA">
<display-name></display-name>
<welcome-file-list>
<welcome-file>/login.xhtml</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE</param-name>
<param-value>true</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
</web-app>
login.xhtml
<p>
<h:inputSecret id="password"
value="#{loginBean.user.password}"
required="true"/>
</p>
<p>
<h:commandButton id="login"
action="#{loginBean.login}"
value="Login"/>
</p>
LoginBean.java
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import static ru.iartemov.RailService.StringConstants.*;
import ru.iartemov.RailService.exceptions.LoginFailException;
import ru.iartemov.RailService.model.entity.Role;
import ru.iartemov.RailService.model.entity.User;
import ru.iartemov.RailService.services.LoginService;
import javax.faces.application.FacesMessage;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;
/**
* Backing bean for login page
*/
@Component
@Scope(SESSION_SCOPE)
public class LoginBean {
@Autowired
private LoginService service;
private FacesContext context;
private User user;
private static Logger logger =
LoggerFactory.getLogger(LoginBean.class);
public void init() {
user = new User();
}
public String login() throws ServletException, IOException {
user = service.login(user.getLogin(), user.getPassword());
ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
.getRequestDispatcher("/j_spring_security_check");
dispatcher.forward((ServletRequest) context.getRequest(),
(ServletResponse) context.getResponse());
FacesContext.getCurrentInstance().responseComplete();
return null;
}
/**
* Logout
*
* @return Login page
*/
public String logout() throws ServletException, IOException {
ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
.getRequestDispatcher("/j_spring_security_check");
dispatcher.forward((ServletRequest) context.getRequest(),
(ServletResponse) context.getResponse());
FacesContext.getCurrentInstance().responseComplete();
return null;
}
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
}
SecurityService.java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.security.core.userdetails.User;
import org.springframework.transaction.annotation.Transactional;
import ru.iartemov.RailService.model.dao.api.UserDao;
import ru.iartemov.RailService.model.entity.Role;
import java.util.ArrayList;
import java.util.List;
@Service
@Transactional
public class SecurityService implements UserDetailsService {
@Autowired
private UserDao userDao;
public UserDetails loadUserByUsername(String login) throws UsernameNotFoundException {
ru.iartemov.RailService.model.entity.User user = userDao.getUserByLogin(login);
List<GrantedAuthority> authorities = buildUserAuthority(user.getRole());
return buildUserForAuthentication(user, authorities);
}
private UserDetails buildUserForAuthentication(ru.iartemov.RailService.model.entity.User user,
List<GrantedAuthority> authorities) {
return new User(user.getLogin(),
user.getPassword(), true,
true, true, true, authorities);
}
private List<GrantedAuthority> buildUserAuthority(Role role) {
List<GrantedAuthority> result = new ArrayList<GrantedAuthority>();
result.add(new SimpleGrantedAuthority(role.getName()));
return result;
}
}
Aucun commentaire:
Enregistrer un commentaire