[quote=Ev3rton]Olá,
No site do spring security há uma sugestão de caminhos para os iniciantes, dê uma olhada:
http://static.springsource.org/spring-security/site/start-here.html
[ ]'s[/quote]
Ola Everton
Obrigado pela ajuda. Visitei o site que vc indicou… Mas me de bem com este tutorial:
http://javasemcafe.blogspot.com.br/2011/05/java-ee-6-seguranca-com-spring-security.html
Bem simples e pratico. A ideia de criar inicialmente um tutorial com um simples projeto sem banco de dados, foi excelente. Parabéns andii.brunetta !
Segui os passos no tutorial, para implementar o spring com BD.
Criei um projeto simples, para fins de aprendizado, apenas para testar dois tipos de acesso: admin e user
Na tabela, criei os seguintes campos: username, password, enable, authority.
Após varias tentativas, estou com dificuldades para faze-lo funcionar.
Após executar o projeto, quando eu digito um login/senha correto, surge a pagina de falha.xhtml "Login/Senha incorretos".
Depois do primeiro login, mesmo digitando login/senha, surgi o erro "HTTP Status 404", na seguinte URL:
http://localhost:8282/SpringSecurityBD/faces/j_spring_security_check
Acredito que seja alguma configuração nas navegações.
Alguém poderia me ajudar ?
Segue meus arquivos XML:
WEB.XML
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
1
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
<!-- Spring security -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Fim spring security -->
</web-app>
applicationContext
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
</beans:beans>
security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" access-denied-page="/faces/negado.xhtml" use-expressions="true" >
<intercept-url pattern="/faces/admin/**" access="ROLE_ADMIN" />
<intercept-url pattern="/faces/comum/*" access="ROLE_USER" />
<logout invalidate-session="true" logout-success-url="/faces/index.xhtml" logout-url="/logout" />
<form-login
login-page="/faces/login.xhtml"
authentication-failure-url="/faces/falha.xhtml"
default-target-url="/faces/home.xhtml"
username-parameter="username"
password-parameter="password" />
</http>
<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
<beans:property name="url" value="jdbc:mysql://localhost:3306/sistemabd" />
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver" />
<beans:property name="username" value="root" />
<beans:property name="password" value="root" />
</beans:bean>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT username, password, 'enable' as enabled FROM users WHERE username=?"
authorities-by-username-query="SELECT username, authority FROM users WHERE username=?"
/>
</authentication-provider>
</authentication-manager>
</beans:beans>
rootContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
<!-- Root Context: defines shared resources visible to all other web components -->
<import resource="applicationContext.xml"/>
</beans>