Databases
StackOverflow2013
Postsdbo
POJSF - Spring Security Integration issue
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POJSF - Spring Security Integration issue
    primarykey
    data
    text
    <p>The Servlet 2.4+ API allows us to use the <code>&lt;dispatcher&gt;</code> tag within the <code>&lt;filter-mapping&gt;</code> tag with values like <code>FORWARD</code> to intercept requests being internally forwarded to other resources. For one servlet forwarding to another, the spring security constraints work fine. </p> <pre><code>&lt;filter-mapping&gt; &lt;filter-name&gt;springSecurityFilterChain&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;dispatcher&gt;FORWARD&lt;/dispatcher&gt; &lt;dispatcher&gt;REQUEST&lt;/dispatcher&gt; &lt;/filter-mapping&gt; </code></pre> <p><strong>Problem:</strong> The security filter does NOT seem to intercept the internal forwards with <strong>JSF Actions</strong></p> <p>JSF seems to 'forward' the request to the target view (page) while using JSF actions (navigation case). This causes the URL to be one step behind the actual URL of the page.</p> <p>A side effect of this is that the spring security constraint (which is tied to the URL) does not take effect until the next action.</p> <p><strong>Example:</strong> Current page URL: <a href="http://host/myapp/page1.xhtml" rel="nofollow">http://host/myapp/page1.xhtml</a> (page1.xhtml has an action that navigates to page2 which is protected)</p> <p>On submit, the request is submitted to the server which renders page2.xhtml but the URL still remains as <a href="http://host/myapp/page1.xhtml" rel="nofollow">http://host/myapp/page1.xhtml</a>. Spring Security does not intercept and protect page2.xhtml</p> <p>This can be overcome by specifying the following:</p> <pre><code>&lt;navigation-case&gt; &lt;from-outcome&gt;page2&lt;/from-outcome&gt; &lt;to-view-id&gt;/page2.xhtml&lt;/to-view-id&gt; &lt;redirect/&gt; &lt;!--REDIRECT, INSTEAD OF FORWARD--&gt; &lt;/navigation-case&gt; </code></pre> <p><strong>Redirects is NOT the way we want to achieve this. Is there a better way of getting Spring Security to work with JSF?</strong></p> <p><strong>EDIT:</strong> (relevent snippet of the spring config xml)</p> <pre><code>&lt;http use-expressions="true" once-per-request="false"&gt; &lt;intercept-url pattern="/index.xhtml" access="permitAll" /&gt; &lt;intercept-url pattern="/page1.xhtml" access="isAuthenticated()" /&gt; &lt;intercept-url pattern="/page2.xhtml" access="hasRole('supervisor')" /&gt; &lt;intercept-url pattern="/page3.xhtml" access="hasRole('teller')" /&gt; &lt;form-login login-page="/login.html" default-target-url="/page1.xhtml"/&gt; &lt;/http&gt; &lt;authentication-manager&gt; &lt;authentication-provider&gt; &lt;user-service&gt; &lt;user name="rod" password="rod" authorities="supervisor, user" /&gt; &lt;user name="dianne" password="dianne" authorities="teller, user" /&gt; &lt;user name="scott" password="scott" authorities="supervisor" /&gt; &lt;user name="peter" password="peter" authorities="user" /&gt; &lt;/user-service&gt; &lt;/authentication-provider&gt; &lt;/authentication-manager&gt; </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USRyan Fernandes
    1. USRyan Fernandes
    plurals
    1. PL
      singulars
      1. LTLinked
    2. PL
      singulars
      1. LTLinked
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POJSF - Spring Security Integration issue
      1. This table or related slice is empty.
      1. VTUpMod
    1. COCan you also post your applicationContext.xml
      singulars
      1. POJSF - Spring Security Integration issue
      1. USRavi
    2. CO@Ravi edited the question with the content from the appcontext.xml Any ideas?
      singulars
      1. POJSF - Spring Security Integration issue
      1. USRyan Fernandes
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload