Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Spring Security 3 - cant't access secured page

 
everson santos
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

hi!

I'm using springsecurity + jsf to do my login and it's working fine

But I got this message at the browser when I try to access a secured page

HTTP Status 404 - /SGP_3/modules/login/secure.jsf
--------------------------------------------------------------------------------
type Status report
message /SGP_3/modules/login/secure.jsf
description The requested resource (/SGP_3/modules/login/secure.jsf) is not available.






And test1.jsp .


If I do it works fine


secure.jsf

 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, then just do what works fine. ;)

Mark
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just out of curiosity. Try the one that doesn't work and remove the first "/"

like

<jsp:forward page="modules/login/secure.jsf" />

It is all about relative versus exact paths sometimes. I always do the wrong thing myself, putting the "/" when I shouldn't or forgetting it when I should.

Mark
 
everson santos
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mark Spritzler wrote:Just out of curiosity. Try the one that doesn't work and remove the first "/"

like

<jsp:forward page="modules/login/secure.jsf" />

It is all about relative versus exact paths sometimes. I always do the wrong thing myself, putting the "/" when I shouldn't or forgetting it when I should.

Mark


I changed the project to JSP pages instead JSF and it works.

my mistake is about jsf navigation I think...


thanks
...

 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So for the JSF stuff did you add Spring's ELVariableResolver in your faces-config.xml?

Mark
 
everson santos
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, my faces-config is like this:






Well, now a I have another problem. I can access a secure page after login, but when an user has a diferent role(ROLE_MANAGER) this user can access a secure page only for ROLE_ADMIN. And when I do logout I can access the page secure yet. After logout the role is ROLE_ANONYMOUS



 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
everson santos wrote:No, my faces-config is like this:





You mean Yes, you do.

The DelegatingVariableResolver is the variable resolver that I spoke of.

Mark
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For the last part. Check your UserDetails object for that user and make sure they only have that one ROLE.

Also, are all the URLs mapping as you expect, or is it a different URL that is actually being requested. I guess from the faces-config.xml it is. But it just seems too odd.

Mark
 
everson santos
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi mark

I think my spring security configuration is ok and the problem is jsf/facelets. Because I have the same configuration to jsp project and all is working fine.


In .xhtml file I have
and it show me the role in session

org.springframework.security.context.SecurityContextImpl@c1780c08: Authentication: org.springframework.security.providers.UsernamePasswordAuthenticationToken@c1780c08: Principal: com.springtest.User@185babe; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 4677E11BE9EC9A8DEEBF0A0F3AA9025D; Granted Authorities: ROLE_MANAGER

I have the code below in secure.xhtml and it show me /SGP_3/um.xhtml (um.xhtml is the page I click on button go to secure.xhtml how is in faces-config.xml navigation).
login.xhtml ==> um.xhtml ==> secure.xhtml




In jsp project when I try access the secure page it's redirect to accessdenied.jsp and the url/context is /SpringTeste2/protected/secure.jsp,
it looks like the spring security is validation the by url/context ... /modules/login/secure.xhtm. But when I click the button go to secure page the url is /SGP_3/um.xhtml instead /SGP_3/modules/login/secure.xhtml

 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So the Navigation rule then isn't being triggered. so maybe the change needs to happen in



what happens if you change default-target-url to "/modules/login/um.xhtml" or what happens if you remove the leading "/" so it is "um.xhtml"

I'd actually try the last way I just said first. Sometimes I put a "/" in front when it isn't supposed to be there, and sometimes I don't have the "/" in front when needed. It is all about relative versus exact paths, and I think with the "/" in front is an exact path in context of your web application context.

Mark

 
everson santos
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I fixed! But wasn't a way beautiful... I need figure out another way to fix that...

In jsf there's no get navigation...

next step, jsf forum




Thanks!
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
everson santos wrote:
I fixed! But wasn't a way beautiful... I need figure out another way to fix that...

In jsf there's no get navigation...

next step, jsf forum




Thanks!


Yeah, I don't think that is pretty either.

Good Luck

Mark
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic