• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Correct way for JSF 2.0, RichFaces 4, Spring Security 3.0.5 and Hibernate 3

 
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, I made a post a few days ago about making a login form in a webapp combining the technologies mentioned in the subject, but i realize that i am more lost that i thought! hehehe

My idea is to have a base web application project (made by me, i dont want a maven archetype) with jsf2.0, richfaces4, hibernate3 and spring security, properly configured for:

- User authentication (usernames, passwords and roles in a database)
- User permisions for differents resources in my webapp.
- JSF2.0 as my MVC and page flow framework, using facelets as the preferred page language and using templates.
- Hibernate as the orm.

Now, I have jsf 2.0 and richfaces 4 properly configured. But I cant found a propper way to manage the login. I tried with a login bean, but it did not work. Actually, what i dont realize is what happens with the jsf navigations rules (from faces-config.xml) in the login process of spring security. What is the correct way of do that? Maybe using an AuthenticationManager? How can I use it?

Regards!,
JM
 
ranger
Posts: 17347
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think you are trying to over complicate things. The main thing is that each technology you list has their own responsibilities and don't overlap. What that means is that Spring Security is just securing a URL, it doesn't care if you are using JSF, JSP or straight Servlets. And this includes the login page (which you posted saying that it is now working, is that wrong?)

So in JSF, you don't put any security stuff. It is all in your Spring Security configuration.

Mark
 
Juan Manuel Diaz
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Mark, you are right, I made it work using a form like:



The above code is just a dummy code, but is the base that I used to made it works. But the problem with that form was that use <form> tag instead <h:form> tag from jsf core libraries results in a warning in the final html page, the warning said that I am using a tag (<form>) not described in my taglibs. So I try the loginBean way, using some pasted code from a forum. The LoginBean approach worked but had two problems, the first one is when that the spring authentication process is not doing well, I can realise about that because I could access to resources authorised for admin role users only with a user which has only user role.

Last night I was reading some documentation, and I understood that I don't understand what I am doing!! hehehehe So I propose to put some things clear:

- JSF/Richfaces are my MVC framework
- Spring security is my framework for authentication and authorisation.

So if I take the approach of think on they individually, why my navigation rules established on my faces-config.xml doesn't works properly? Why when I put an <h:commandLink> with an action pointed to a from-outcome tag in my navigation rule and I clicked on it the rendered page looks ugly and the url showed in my browser looks like: http://localhost:8080/barmanagement//faces/home.xhtml when it must be pointing to /faces/admin/admin_home.xhtm.

I suppose that I am doing something wrong but I dont know what, so I need some kind of roadmap to properly configure my webapp and have a few example links some secured and some other not to see how spring works in that cases.

You could see my current web.xml, faces-config.xml, applicationSecurity-context.xml and login.xhmtl files in the bellow link to a spanish forum post.

http://www.forosdelweb.com/f45/integracion-spring-security-3-jsf2-richfaces-4-hibernate-910209/

Regards and thanks,
JM

PS: I hope to be clear, but my English don't help! hehehe

 
Mark Spritzler
ranger
Posts: 17347
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You don't have to use Spring's form tags.

What do you know have in this tag in your Spring security?

<form-login />

As long as your submit action is "j_spring_security_check" and the two input text fields are "j_username" and "j_password", it doesn't matter what tags you use. This is all about the JSP/Servlet spec here, which JSF conforms to.


for


<form-login />
you need to set the login page url in that tag, and also there is an attribute in order to send it to a page when they unsuccessfully login.

Hope that helps.

Mark
 
Juan Manuel Diaz
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Mark, I did that!, I put my login.xhtml page inside the <form-login > tag but I can not find a propper way to authenticate the user... I try with a backing bean but does not work. What I need to know is what is the correct way of do that! For the moment, I live the <form-login /> tag empty and i am using the spring form login, wich is ugly but it works.

Another thing that I dont know how to manage it is the links inside the pages, because when I use a commandLink or a commandButton with an action defined in my faces-config.xml, the resultant url is not filtered by spring (i.e.: a common user have access to an admin page), the url is malformmed (http://localhost:8080/barmanagement//faces/home.xhtml) and style looks ugly.

Regards,
JM
 
Mark Spritzler
ranger
Posts: 17347
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Try this solution here.

http://technology-for-human.blogspot.com/2011/01/jsf-2-with-spring-3-protection-with.html

Thanks

Mark
 
Juan Manuel Diaz
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I was reading that post!! hehehe

Thanks.
JM
 
Juan Manuel Diaz
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok, I follow the above page and everything works great!!

Regards and thanks,!

JM
 
Mark Spritzler
ranger
Posts: 17347
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Juan Manuel Diaz wrote:Ok, I follow the above page and everything works great!!

Regards and thanks,!

JM



Sweet.

Mark
 
reply
    Bookmark Topic Watch Topic
  • New Topic