Spring Security

Bom dia Pessoal!!
Estou tentando implementar uma aplicação web usando JPA + Spring 3.0 + Spring-security e JSF 2.0 com primefaces.
Estou com dificuldades em relação ao Spring security, não sei oque acontece mas não funciona.

fica dando o seguinte erro.

The requested resource (/j_spring_security_check) is not available.

segue meu web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee                          http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
	<display-name>Athena</display-name>
	
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>/WEB-INF/spring.xml
					/WEB-INF/spring-security.xml
		</param-value>
	</context-param>
	<context-param>
        <param-name>primefaces.THEME</param-name>
        <param-value>dot-luv</param-value>
    </context-param>
	<context-param>
		<param-name>javax.faces.PROJECT_STAGE</param-name>
		<param-value>Development</param-value>
	</context-param>

	<!-- Ativa os escopos web para os beans no Spring -->
	<listener>
		<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
	</listener>
	
	<listener>
    	<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
	</listener>
	
	<filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/pages/*</url-pattern>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
	

	<servlet>
		<servlet-name>Faces Servlet</servlet-name>
		<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>

	<servlet-mapping>
		<servlet-name>Faces Servlet</servlet-name>
		<url-pattern>/faces/*</url-pattern>
	</servlet-mapping>
	
	<servlet-mapping>
		<servlet-name>Faces Servlet</servlet-name>
		<url-pattern>*.jsf</url-pattern>
	</servlet-mapping>
	<servlet>
        <servlet-name>Resource Servlet</servlet-name>
        <servlet-class>org.primefaces.resource.ResourceServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>Resource Servlet</servlet-name>
        <url-pattern>/primefaces_resource/*</url-pattern>
    </servlet-mapping>
	
	<filter>
		<filter-name>ViewFilter</filter-name>
		<filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
	</filter>
	
	<filter-mapping>
		<filter-name>ViewFilter</filter-name>
		<url-pattern>*.jsf</url-pattern>
	</filter-mapping>
	
	<welcome-file-list>
		<welcome-file>index.html</welcome-file>
	</welcome-file-list>

</web-app>

o meu Sring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
      http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
      http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
	
  <http auto-config="true" use-expressions="true" access-denied-page="/accessDenied.jsf">
	
  <intercept-url pattern="/login*" access="permitAll" />
        <intercept-url pattern="/pages/home*" access="hasRole('ROLE_USER')" />      
        <form-login login-page="/login.jsf"
                        login-processing-url="/j_spring_security_check"
                        default-target-url="/pages/home.jsf"
                        authentication-failure-url="/login.jsf?error=true" />
                        
        <logout invalidate-session="true" logout-success-url="/login.jsf" />
    </http>
    <authentication-manager>
        <authentication-provider user-service-ref="securityService" />
    </authentication-manager>	  
		
	<beans:bean id="loggerListener" class="org.springframework.security.access.event.LoggerListener" />
	
</beans:beans>

o meu form de login

<form action="../../j_spring_security_check" method="post">
<table>
  <tr>
  <td><h:outputText value="Usuário" /></td>
  <td><h:inputText id="j_username" /></td>
  <td><h:outputText value="Password" /></td>
  <td><h:inputText id="j_password" /></td>
  <td><input type="submit" value="Login" /> </td>
  </tr>
  </table>
</form>

O meu managedbean

package com.athena.jsf;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;

import com.athena.service.EmployeeService;

@Component
@Scope("session")
public class EmployeeBBean extends BasicBean{

	private static final long serialVersionUID = -2422590793735780959L;
	
	@Autowired
	EmployeeService employeeService;
	
	public EmployeeBBean() {
	}
}

Já vi vários tutoriais mas a maioria usa autenticação com usuários pré-definidos, eu estou tentando utilizar com acesso ao BD. mas não tá dando muito certo não.

Bom dia Rocha.

As aplicações q desenvolvo e mantenho atualmente foram implementas igual ao teu cenário mas utilizo certificado digital para autenticar o cliente. Não tenho um página d login pois o navegador faz a autenticação com o certificado digital.

Se esta dando o erro depois que vc entra com o login e a senha há grande probabilidade do erro ser por causa da URL.

O “/j_spring_security_check” é uma URL virtual que será capturada pelo filtro do Security, por isso penso que esteja estranho como vc configurou em teu projeto.

“As you may guess, the j_spring_security_check URL doesn’t map to
anything physical in our application. This is a special URL that is watched for by the
UsernamePasswordAuthenticationFilter to handle form-based login. In fact, there
are several of these special URLs that cover specific global behavior in Spring Security.”
by Spring Security 3, Peter Mularien

em login-processing-url="/j_spring_security_check" vc tá falando qual url deve ser processada para autenticar o cliente e esta ñ é a msm q vc colocou no formulário de login.

Vou verificar um pouco mais aq e se encontrar algo conclusivo post depois .

[]'s
t++

4 Respostas

Topicos relacionados