JSF 2.0 + Spring 安全 2.x

Question

我使用 JSF 2.0 + Icefaces 2.0 并尝试实现 spring security 2.06（不是 3.x，因为 Icefaces 2.0 的兼容问题）。

我遵循本指南（我认为它适用于 JSF 1.x 和 Icefaces 1.8）： http://facestutorials.icefaces.org/tutorial/spring-security-basic.html

但是我在集成spring框架时遇到了问题。我已将这些行添加到 web.xml：

<listener>
  <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<!-- Spring Security -->
<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

然后我有一个文件，applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">

  <security:http auto-config="true" access-denied-page="/pages/accessDenied.xhtml">
    <security:intercept-url pattern="/secured/**"                        access="ROLE_ALLACCESS, ROLE_URLACCESS"/>
    <security:form-login login-page="/pages/springSecurityLogin.xhtml"
                             default-target-url="/secured/welcome.xhtml"/>
    <security:logout logout-success-url="/pages/logoutSuccess.xhtml"/>
  </security:http>

  <security:authentication-provider user-service-ref="userDetailsService"/>

  <bean id="userDetailsService" class="security.UserDetailsServiceImpl">
    <constructor-arg ref="userRepository"/>
  </bean>

  <bean id="userRepository" class="security.UserDaoImpl"/>

</beans>

userDetailsS​​ervice类的实现依据：

package security;

import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;

public class UserDetailsServiceImpl implements UserDetailsService {

private UserDAO userDAO;

public UserDetailsServiceImpl(UserDAO userDAO) {
    this.userDAO = userDAO;
}

public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException, DataAccessException {
    AppUser user = userDAO.findUser(username);
    if (user == null)
        throw new UsernameNotFoundException("User not found: " + username);
    else {
        return makeUser(user);
    }
}

private org.springframework.security.userdetails.User makeUser(AppUser user) {
    return new org.springframework.security.userdetails.User(user.getLogin(), user
            .getPassword(), true, true, true, true,
            makeGrantedAuthorities(user));
}

private GrantedAuthority[] makeGrantedAuthorities(AppUser user) {
    GrantedAuthority[] result = new GrantedAuthority[user.getRoles().size()];
    int i = 0;
    for (String role : user.getRoles()) {
        result[i++] = new GrantedAuthorityImpl(role);
    }
    return result;
}

}

我还有一个登录 bean：

package web.bean.security;
import org.springframework.security.ui.AbstractProcessingFilter;

import javax.faces.application.FacesMessage;
import javax.faces.bean.ManagedBean;
import javax.faces.context.FacesContext;
import javax.faces.event.ActionEvent;

@ManagedBean(name="login")
public class Login {

    // properties
    private String userId;

    private String password;

    /**
     * default empty constructor
     */
    public Login() {

        Exception ex = (Exception) FacesContext
                .getCurrentInstance()
                .getExternalContext()
                .getSessionMap()
                .get(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);

        if (ex != null)
            FacesContext.getCurrentInstance().addMessage(
                    null,
                    new FacesMessage(FacesMessage.SEVERITY_ERROR, ex
                            .getMessage(), ex.getMessage()));

    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public String getUserId() {
        return userId;
    }

    public void setUserId(String userId) {
        this.userId = userId;
    }

    public void login(ActionEvent e) throws java.io.IOException {
        FacesContext.getCurrentInstance().getExternalContext().redirect("/spring-authentication/j_spring_security_check?j_username=" + userId + "&j_password=" + password);
    }
}

问题是当我运行一个使用登录 bean 的 jsf 文件时：

请求的资源 () 不可用。

我正在使用 Tomcat 7。

你能帮帮我吗？

最好的问候 /kungcc

Answer 1

在登录bean 的login() 方法中省略/spring-authentication 有帮助吗？

public void login(ActionEvent e) throws java.io.IOException {
        FacesContext.getCurrentInstance().getExternalContext().redirect("/j_spring_security_check?j_username=" + userId + "&j_password=" + password);
    }

Answer 2

我认为您需要在 /j_spring_security_check 之前添加 web 应用程序名称 就像/WebAppName/j_spring_security_check 一样，它将把春天应用到/webAppName 之后的所有事情上