*
The moose likes Spring and the fly likes Spring Security 3 - cant't access secured page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring Security 3 - cant Watch "Spring Security 3 - cant New topic
Author

Spring Security 3 - cant't access secured page

everson santos
Ranch Hand

Joined: Jul 11, 2009
Posts: 50

hi!

I'm using springsecurity + jsf to do my login and it's working fine

But I got this message at the browser when I try to access a secured page

HTTP Status 404 - /SGP_3/modules/login/secure.jsf
--------------------------------------------------------------------------------
type Status report
message /SGP_3/modules/login/secure.jsf
description The requested resource (/SGP_3/modules/login/secure.jsf) is not available.






And test1.jsp .


If I do it works fine


secure.jsf

Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17250
    
    6

OK, then just do what works fine. ;)

Mark


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17250
    
    6

Just out of curiosity. Try the one that doesn't work and remove the first "/"

like

<jsp:forward page="modules/login/secure.jsf" />

It is all about relative versus exact paths sometimes. I always do the wrong thing myself, putting the "/" when I shouldn't or forgetting it when I should.

Mark
everson santos
Ranch Hand

Joined: Jul 11, 2009
Posts: 50
Mark Spritzler wrote:Just out of curiosity. Try the one that doesn't work and remove the first "/"

like

<jsp:forward page="modules/login/secure.jsf" />

It is all about relative versus exact paths sometimes. I always do the wrong thing myself, putting the "/" when I shouldn't or forgetting it when I should.

Mark


I changed the project to JSP pages instead JSF and it works.

my mistake is about jsf navigation I think...


thanks
...

Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17250
    
    6

So for the JSF stuff did you add Spring's ELVariableResolver in your faces-config.xml?

Mark
everson santos
Ranch Hand

Joined: Jul 11, 2009
Posts: 50
No, my faces-config is like this:






Well, now a I have another problem. I can access a secure page after login, but when an user has a diferent role(ROLE_MANAGER) this user can access a secure page only for ROLE_ADMIN. And when I do logout I can access the page secure yet. After logout the role is ROLE_ANONYMOUS



Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17250
    
    6

everson santos wrote:No, my faces-config is like this:





You mean Yes, you do.

The DelegatingVariableResolver is the variable resolver that I spoke of.

Mark
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17250
    
    6

For the last part. Check your UserDetails object for that user and make sure they only have that one ROLE.

Also, are all the URLs mapping as you expect, or is it a different URL that is actually being requested. I guess from the faces-config.xml it is. But it just seems too odd.

Mark
everson santos
Ranch Hand

Joined: Jul 11, 2009
Posts: 50
Hi mark

I think my spring security configuration is ok and the problem is jsf/facelets. Because I have the same configuration to jsp project and all is working fine.


In .xhtml file I have
and it show me the role in session

org.springframework.security.context.SecurityContextImpl@c1780c08: Authentication: org.springframework.security.providers.UsernamePasswordAuthenticationToken@c1780c08: Principal: com.springtest.User@185babe; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 4677E11BE9EC9A8DEEBF0A0F3AA9025D; Granted Authorities: ROLE_MANAGER

I have the code below in secure.xhtml and it show me /SGP_3/um.xhtml (um.xhtml is the page I click on button go to secure.xhtml how is in faces-config.xml navigation).
login.xhtml ==> um.xhtml ==> secure.xhtml




In jsp project when I try access the secure page it's redirect to accessdenied.jsp and the url/context is /SpringTeste2/protected/secure.jsp,
it looks like the spring security is validation the by url/context ... /modules/login/secure.xhtm. But when I click the button go to secure page the url is /SGP_3/um.xhtml instead /SGP_3/modules/login/secure.xhtml

Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17250
    
    6

So the Navigation rule then isn't being triggered. so maybe the change needs to happen in



what happens if you change default-target-url to "/modules/login/um.xhtml" or what happens if you remove the leading "/" so it is "um.xhtml"

I'd actually try the last way I just said first. Sometimes I put a "/" in front when it isn't supposed to be there, and sometimes I don't have the "/" in front when needed. It is all about relative versus exact paths, and I think with the "/" in front is an exact path in context of your web application context.

Mark

everson santos
Ranch Hand

Joined: Jul 11, 2009
Posts: 50

I fixed! But wasn't a way beautiful... I need figure out another way to fix that...

In jsf there's no get navigation...

next step, jsf forum




Thanks!
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17250
    
    6

everson santos wrote:
I fixed! But wasn't a way beautiful... I need figure out another way to fix that...

In jsf there's no get navigation...

next step, jsf forum




Thanks!


Yeah, I don't think that is pretty either.

Good Luck

Mark
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Spring Security 3 - cant't access secured page