authentication - can't navigate after success login and back to login page - spring security 3.2.7 -
i facing problem in spring security 3.2.7 jsf2.2, after success login redirect dashboard page, when want navigate other pages redirect me login page, how can save session
spring security xml config :
<!-- spring security configurations --> <security:global-method-security pre-post-annotations="enabled" authentication-manager-ref="authenticationmanager" proxy-target-class="true"/> <security:http auto-config="true" > <security:intercept-url pattern="/login*" access="is_authenticated_anonymously" /> <security:intercept-url pattern="/css/**" access="is_authenticated_anonymously" /> <security:intercept-url pattern="/font/**" access="is_authenticated_anonymously" /> <security:intercept-url pattern="/img/**" access="is_authenticated_anonymously" /> <security:intercept-url pattern="/js/**" access="is_authenticated_anonymously" /> <security:intercept-url pattern="/javax.faces.resource/**" access="is_authenticated_anonymously" /> <security:intercept-url pattern="/**" access="role_employee, role_admin, role_rh, role_manager"/> <security:intercept-url pattern="/employeesmanagement/*" access="role_employee, role_admin, role_rh, role_manager" /> <security:intercept-url pattern="/meetingsandtrainings/*" access="role_employee, role_admin, role_rh, role_manager" /> <security:form-login login-page="/login.xhtml" default-target-url="/dashboard.xhtml" /> <security:http-basic /> <!-- authentication-failure-url="/login.xhtml?failed=true" --> <security:logout logout-url="/logout" delete-cookies="true" logout-success-url="/login.xhtml" /> </security:http> <bean id="userdao" class="com.tds.erp.dao.impl.userdaoimpl" autowire="default" /> <bean id="userdetailsservice" class="com.tds.erp.services.impl.userdetailserviceimpl"> <property name="userdao" ref="userdao"></property> </bean> <bean id="daoauthenticationprovider" class="org.springframework.security.authentication.dao.daoauthenticationprovider"> <property name="userdetailsservice" ref="userdetailsservice"></property> </bean> <bean id="authenticationmanager" class="org.springframework.security.authentication.providermanager"> <constructor-arg ref="daoauthenticationprovider" /> </bean> <security:authentication-manager> <security:authentication-provider user-service-ref="userdetailsservice" > <!-- <security:password-encoder hash="bcrypt" /> --> </security:authentication-provider> </security:authentication-manager> loginmb.java
public string processuserauthentication(){ try { authentication request = new usernamepasswordauthenticationtoken(username, password); authentication result = authenticationmanager.authenticate(request); securitycontextholder .getcontext().setauthentication(result); } catch (authenticationexception e) { facescontext.getcurrentinstance().addmessage(null, new facesmessage(facesmessage.severity_error,e.getmessage(),"veuillez verifier votre email ou votre mot de passe")); e.printstacktrace(); system.out.println(e.getmessage()); return null; } return "success"; and navigation case in faces-config.xml
<navigation-rule> <display-name>/login.xhtml</display-name> <from-view-id>/login.xhtml</from-view-id> <navigation-case> <from-action>#{loginmb.processuserauthentication()}</from-action> <from-outcome>success</from-outcome> <to-view-id>/dashboard.xhtml</to-view-id> <redirect></redirect> </navigation-case> edit
after spring security debug found problem , understand after success login, there no session saved it's return login page
i did research in internet , found should implement custom authenticationsuccesshandler.
so please !
2015-06-10 14:31:40,971 debug [org.springframework.security.access.vote.affirmativebased] - <voter: org.springframework.security.access.vote.rolevoter@1829e40, returned: 1> 2015-06-10 14:31:40,971 debug [org.springframework.security.web.access.intercept.filtersecurityinterceptor] - <authorization successful> 2015-06-10 14:31:40,971 debug [org.springframework.security.web.access.intercept.filtersecurityinterceptor] - <runasmanager did not change authentication object> 2015-06-10 14:31:40,971 debug [org.springframework.security.web.filterchainproxy] - </dashboard reached end of additional filter chain; proceeding original chain> 2015-06-10 14:31:41,148 debug [org.springframework.security.web.access.exceptiontranslationfilter] - <chain processed normally> 2015-06-10 14:31:41,148 debug [org.springframework.security.web.context.httpsessionsecuritycontextrepository] - <securitycontext empty or contents anonymous - context not stored in httpsession.> 2015-06-10 14:31:41,148 debug [org.springframework.security.web.context.securitycontextpersistencefilter] - <securitycontextholder cleared, request processing completed> 2015-06-10 14:31:41,231 debug [org.springframework.security.web.filterchainproxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta @ position 1 of 11 in additional filter chain; firing filter: 'securitycontextpersistencefilter'> 2015-06-10 14:31:41,232 debug [org.springframework.security.web.context.httpsessionsecuritycontextrepository] - <httpsession returned null object spring_security_context> 2015-06-10 14:31:41,232 debug [org.springframework.security.web.context.httpsessionsecuritycontextrepository] - <no securitycontext available httpsession: org.apache.catalina.session.standardsessionfacade@180fe37. new 1 created.> 2015-06-10 14:31:41,232 debug [org.springframework.security.web.filterchainproxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta @ position 2 of 11 in additional filter chain; firing filter: 'webasyncmanagerintegrationfilter'> 2015-06-10 14:31:41,232 debug [org.springframework.security.web.filterchainproxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta @ position 3 of 11 in additional filter chain; firing filter: 'logoutfilter'> 2015-06-10 14:31:41,233 debug [org.springframework.security.web.filterchainproxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta @ position 4 of 11 in additional filter chain; firing filter: 'usernamepasswordauthenticationfilter'> 2015-06-10 14:31:41,233 debug [org.springframework.security.web.filterchainproxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta @ position 5 of 11 in additional filter chain; firing filter: 'basicauthenticationfilter'> 2015-06-10 14:31:41,233 debug [org.springframework.security.web.filterchainproxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta @ position 6 of 11 in additional filter chain; firing filter: 'requestcacheawarefilter'> 2015-06-10 14:31:41,233 debug [org.springframework.security.web.filterchainproxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta @ position 7 of 11 in additional filter chain; firing filter: 'securitycontextholderawarerequestfilter'> 2015-06-10 14:31:41,233 debug [org.springframework.security.web.filterchainproxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta @ position 8 of 11 in additional filter chain; firing filter: 'anonymousauthenticationfilter'>
Comments
Post a Comment