StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSpring Security cannot redirect the page after authentication
primarykey
Id
11981115
data
AcceptedAnswerId
0
AnswerCount
1
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2012-08-16T05:22:52.987
FavoriteCount
2
LastActivityDate
2014-06-06T09:00:45.453
LastEditDate
2012-08-16T11:06:05.490
LastEditorUserId
157882
OwnerUserId
975987
ParentId
0
PostTypeId
1
Score
0
ViewCount
4311
LastEditorDisplayName
text
Body
I have a JSF project with spring security installed, I use the forward method to do the login. But I cannot redirect the page to secured.xhtml in AuthenticationBean.java. Seems like the "forward()" method causes this. But the authentication is successfully done without exception, I just can't redirect the page. Without the forward method, I'm able to successfully redirect the page. So, help? web.xml: <pre><code><?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <context-param> <param-name>javax.faces.PROJECT_STAGE</param-name> <param-value>Development</param-value> </context-param> <servlet> <servlet-name>Faces Servlet</servlet-name> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>*.xhtml</url-pattern> </servlet-mapping> <session-config> <session-timeout> 30 </session-timeout> </session-config> <welcome-file-list> <welcome-file>index.xhtml</welcome-file> </welcome-file-list> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring-security.xml </param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> </web-app> </code></pre> spring-security.xml <pre><code><?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <security:http auto-config="true" use-expressions="true" access-denied-page="/denied.xhtml"> <security:intercept-url pattern="/login.xhtml" access="permitAll"/> <security:intercept-url pattern="/secured.xhtml" access="hasRole('ROLE_ADMIN')"/> <security:form-login login-page="/login.xhtml" authentication-failure-url="/login.xhtml?error=true" default-target-url="/"/> <security:logout invalidate-session="true" logout-success-url="/index.xhtml" logout-url="/logout.xhtml"/> </security:http> <security:authentication-manager> <security:authentication-provider user-service-ref="customUserDetailsService"> <security:password-encoder ref="passwordEncoder"/> </security:authentication-provider> </security:authentication-manager> <bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/> <bean id="customUserDetailsService" class="com.triune.services.CustomUserDetailsService"/> </beans> </code></pre> CustomUserDetailService.java (This is never called) <pre><code>package com.triune.services; import java.util.ArrayList; import java.util.Collection; import java.util.List; import com.triune.dao.UserDAO; import com.triune.entities.LoginCredential; import org.springframework.dao.DataAccessException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.transaction.annotation.Transactional; @Transactional(readOnly = true) public class CustomUserDetailsService implements UserDetailsService { private UserDAO userDAO = new UserDAO(); @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { UserDetails user = null; try { LoginCredential dbUser = userDAO.searchDatabase(username); user = new User( dbUser.getUsername(), dbUser.getPassword().toLowerCase(), true, true, true, true, getAuthorities(dbUser.getAccess()) ); } catch (Exception e) { throw new UsernameNotFoundException("Error in retrieving user"); } return user; } public Collection<GrantedAuthority> getAuthorities(Integer access) { List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(2); authList.add(new SimpleGrantedAuthority("ROLE_USER")); if ( access.compareTo(1) == 0) { authList.add(new SimpleGrantedAuthority("ROLE_ADMIN")); } return authList; } } </code></pre> AuthenticationBean.java (this is called by the login page) <pre><code>package com.triune.beans; import java.io.IOException; import java.io.Serializable; import javax.enterprise.context.SessionScoped; import javax.faces.context.ExternalContext; import javax.faces.context.FacesContext; import javax.inject.Named; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; @Named("authenticationBean") @SessionScoped public class AuthenticationBean implements Serializable { public String doLogin() throws IOException, ServletException { ExternalContext context = FacesContext.getCurrentInstance().getExternalContext(); RequestDispatcher dispatcher = ((ServletRequest)context.getRequest()).getRequestDispatcher("j_spring_security_check"); dispatcher.forward((ServletRequest)context.getRequest(), (ServletResponse)context.getResponse()); FacesContext.getCurrentInstance().responseComplete(); return "secured.xhtml"; } public String doLogout() { FacesContext.getCurrentInstance().getExternalContext().invalidateSession(); return "index.xhtml"; } } </code></pre> login.xhtml (simple login page) <pre><code><?xml version='1.0' encoding='UTF-8' ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html" xmlns:p="http://primefaces.org/ui"> <h:head> <title>Login Page</title> </h:head> <h:body> <h1>Login Please</h1> This is a really simple login page. <h:form id="loginForm" prependId="false"> <h:panelGroup> Username : <p:inputText id="j_username" required="true"/> </h:panelGroup> <h:panelGroup> Password : <p:inputText id="j_password" required="true"/> </h:panelGroup> <h:panelGroup> <p:commandButton type="submit" id="login" action="#{authenticationBean.doLogin()}" value="login"/> </h:panelGroup> </h:form> </h:body> </html> </code></pre>
Tags
<jsf-2><spring-security>
Title
Spring Security cannot redirect the page after authentication
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USBalusC
UserOwnerUserId
1. USWilliam
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POSpring Security cannot redirect the page after authentication
 UserUserId
 USuser1777054
 VoteTypeVoteTypeId
 VTFavorite
2. VO
 singulars
 PostPostId
 POSpring Security cannot redirect the page after authentication
 UserUserId
 UScaner.mirzabey
 VoteTypeVoteTypeId
 VTFavorite
CommentsPostId
1. COYou can use html <form> tag and post it to j_spring_security_check and use the default-target-url attribute to point to the secured.xhtml. If you would like to use JSF `<h:form>` tag then look at this answer http://stackoverflow.com/questions/11742283/spring-custom-jsf-login-page-always-bad-credentials/
 singulars
 PostPostId
 POSpring Security cannot redirect the page after authentication
 UserUserId
 USRavi

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.