Pessoal,
Estou com um problema estranho, tenho uma aplicação que configurei o Spring Security (assim como em outras que já tenho) para fazer o login, porém a aplicação é JSF + Primefaces + CDI + Hibernate + EJB
O problema:
[color=red]- O login funciona N vezes e depois não loga mais.
[/color]
Já mudei o número de sessões, já fiz de tudo, e o estranho é que "aparentemente" está igual já tenho em outras aplicações, não consigo descobrir o que está errado.
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:sec="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:task="http://www.springframework.org/schema/task" xmlns:util="http://www.springframework.org/schema/util"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<sec:http pattern="/javax.faces.resource/**" security="none" />
<sec:http pattern="/resources/**" security="none" />
<sec:http auto-config="true" use-expressions="true">
<sec:intercept-url pattern="/login.jsf" access="isAnonymous()" />
<sec:intercept-url pattern="/private/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER', 'ROLE_JOB')" />
<sec:form-login login-page="/login.jsf"
authentication-failure-url="/login.jsf?erro=true"
authentication-success-handler-ref="successHandler"
always-use-default-target="true" />
<sec:access-denied-handler error-page="/public/AcessoNegado.xhtml" />
<sec:logout invalidate-session="true"
delete-cookies="JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE"
logout-success-url="/login.jsf" logout-url="/security_logout" />
<sec:session-management invalid-session-url="/login.jsf?session=1">
<sec:concurrency-control max-sessions="5"
error-if-maximum-exceeded="true" />
</sec:session-management>
</sec:http>
<sec:authentication-manager>
<sec:authentication-provider>
<sec:password-encoder hash="md5" />
<sec:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT username, password, enable FROM usuario WHERE username=?"
authorities-by-username-query="SELECT usuario_username as username, autorizacoes_nome as authority FROM usuario_aut_rel WHERE usuario_username=?" />
</sec:authentication-provider>
</sec:authentication-manager>
<beans:bean id="successHandler"
class="com.horizonte.fiscal.security.AcessoAutorizadoListener" />
<task:annotation-driven />
<beans:bean id="jobFirstDeploy" class="com.horizonte.fiscal.jobs.JobFirstDeploy" />
<!-- auto-explicativo -->
<beans:bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="url"
value="jdbc:mysql://127.0.0.1:3306/BANCO_DADOS" />
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver" />
<beans:property name="username" value="root" />
<beans:property name="password" value="*****" />
</beans:bean>
</beans:beans>
...
<!-- Para ouvir o criar/encerrar sessao -->
<listener>
<listener-class>com.horizonte.fiscal.security.SessionListener</listener-class>
</listener>
<!-- Para ouvir a sessao no Spring Security -->
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<!-- Filtros do Spring Security 3 -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
...
<form action="j_spring_security_check" method="post" id="formLogin" >
<p:panelGrid styleClass="grid-ui-cadastro rounded-box"
style="width:100%; margin-bottom:10px;" >
<p:row>
<p:column>
<h:outputLabel for="j_username"
value="#{msg['label.login.username']}:" />
<h:outputLabel style="color:red;" value=" *" />
</p:column>
<p:column>
<h:inputText id="j_username" required="true" maxlength="20"
styleClass="form-control" />
</p:column>
</p:row>
<p:row>
<p:column>
<h:outputLabel for="j_password"
value="#{msg['label.login.password']}:" />
<h:outputLabel style="color:red;" value=" *" />
</p:column>
<p:column>
<h:inputSecret id="j_password" required="true" maxlength="20"
styleClass="form-control" />
</p:column>
</p:row>
<p:row>
<p:column>
</p:column>
<p:column style="text-align:right;">
<p:commandButton id="btnLogarUsuario" value="Login" onclick="$('#formLogin').submit()"
immediate="true" styleClass="btn" type="submit" />
</p:column>
</p:row>
</p:panelGrid>
</form>
<h:outputLink class="button-link btn-logout"
value="#{request.contextPath}/security_logout" id="botaoLogout"
title="logout">
<h:outputText value="Sair do Sistema Aqui" />
</h:outputLink>
Ele varia, as vezes loga 3 vezes, as vezes loga 4 vezes.
Alguém teria alguma ideia do que pode estar acontecendo?