IdentifiantMot de passe
Mot de passe oublié ?Je m'inscris ! (gratuit)
Navigation

Inscrivez-vous gratuitement
pour pouvoir participer, suivre les réponses en temps réel, voter pour les messages, poser vos propres questions et recevoir la newsletter

Spring Java Discussion :

Hibernate + Spring security + JSF. Problème d'authentification


Sujet :

Spring Java

  1. 02/04/2010, 13h43 #1
    haile
    haile est déconnecté
    Membre à l'essai
    Profil pro
    Inscrit en
    Décembre 2008
    Messages
    13
    Détails du profil
    Informations personnelles :
    Localisation : France

    Informations forums :
    Inscription : Décembre 2008
    Messages : 13
    Points : 14
    Points
    14
    Par défaut Hibernate + Spring security + JSF. Problème d'authentification
    Bonjour,
    Dans le cadre d'un projet, j'utilise Spring security avec Hibernate et JSF (richfaces).
    Donc pour pouvoir utiliser spring avec Hibernate, j'ai implémenté la classe UserDetailsService avec la méthode loadByUsername que voici :

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
     
	public UserDetails loadUserByUsername(String username)
			throws UsernameNotFoundException, DataAccessException {
		LOG.debug("LoadByUsername : " + username);
		Utilisateur utilisateur = new Utilisateur();
		utilisateur.setUsername(username);
		List results = utilisateurDao.rechercherEq(utilisateur);
 
		if (results.size() < 1) {
			throw new UsernameNotFoundException(username + "not found");
		}
		return (UserDetails) results.get(0);
 
	}
    Utilisateur implémente UserDetails.
    J'ai donc ensuite injecté cette classe dans la conf spring (je le mets en entier, à toute fin utile) :

    applicationContext-security.xml :

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
     
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
 
 
	<global-method-security pre-post-annotations="enabled" />
 
	<http auto-config="true" use-expressions="true"
		access-denied-page="/index.jsp">
 
		<intercept-url pattern="/login.jsf" access="isAnonymous()"
			requires-channel="http" />
		<intercept-url pattern="/index.jsp" access="isAnonymous()"
			requires-channel="http" />
 
		<intercept-url pattern="/pages/administration/**" access="hasRole('ROLE_ADMIN')"
			requires-channel="http" />
		<intercept-url pattern="/pages/**" access="isAuthenticated()"
			requires-channel="http" />
 
		<form-login login-page="/login.jsf" default-target-url="/" />
		<logout logout-success-url="/login.jsf" />
 
	</http>
 
	<authentication-manager>
		<authentication-provider user-service-ref='myUserDetailsService' />
	</authentication-manager>
 
	<beans:bean id="myUserDetailsService"
		class="fr.haile.application.service.metier.impl.UtilisateurServiceImpl">
	</beans:bean>
 
	<beans:bean id="filterChainProxy"
		class="org.springframework.security.web.FilterChainProxy">
		<filter-chain-map path-type="ant">
			<filter-chain pattern="/**" filters="authenticationFilter" />
		</filter-chain-map>
	</beans:bean>
 
	<!-- filter -->
	<beans:bean id="authenticationFilter"
		class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
		<beans:property name="authenticationManager" ref="authenticationManager" />
		<beans:property name="authenticationSuccessHandler"
			ref="authenticationSuccessHandler" />
		<beans:property name="authenticationFailureHandler"
			ref="authenticationFailureHandler" />
		<beans:property name="postOnly" value="true" />
 
	</beans:bean>
 
 
	<!-- manager -->
	<beans:bean id="authenticationManager"
		class="org.springframework.security.authentication.ProviderManager">
		<beans:property name="providers">
			<beans:list>
				<beans:ref local="daoAuthenticationProvider" />
			</beans:list>
		</beans:property>
	</beans:bean>
 
 
	<beans:bean id="authenticationSuccessHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
		<beans:constructor-arg value="/pages/index.jsf" />
	</beans:bean>
	<beans:bean id="authenticationFailureHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
		<beans:constructor-arg value="/index.jsp" />
	</beans:bean>
 
 
<!--	 dao -->
	<beans:bean id="daoAuthenticationProvider"
		class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
		<beans:property name="userDetailsService" ref="myUserDetailsService" />
	</beans:bean>
</beans:beans>
    Et enfin, j'ai déclaré le filtre dans le web.xml :

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
     
<?xml version="1.0" encoding="UTF-8"?>
 
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
                       http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
 
[...]
	<!-- Spring security -->
	<listener>
		<listener-class>
			org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
	</listener>
[...]
 
 
	<!-- ###################### Filter definition ###################### -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
[...]
 
	<!-- ###################### Filter mapping ###################### -->
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>FORWARD</dispatcher>
		<dispatcher>REQUEST</dispatcher>
	</filter-mapping>
[...]
</web-app>
    Mon formulaire de connexion est le suivant :

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
     
<h:form id="login"  action="#{facesContext.externalContext.requestContextPath}/j_spring_security_check" method="post">
	        <rich:simpleTogglePanel>
	            <f:facet name="header">
	                <h:outputText value="#{msg.identifiant}" />
	            </f:facet>
	            <h:panelGrid columns="3">
 
	                <h:outputText value="#{msg.login}" />
	                <h:inputText id="j_username" required="true">
	                </h:inputText><h:message for="j_username" style="color: red"/>
 
	                <h:outputText value="#{msg.motDePasse}" />
	                <h:inputSecret id="j_password" required="true">
	                </h:inputSecret><h:message for="j_password"  style="color: red"/>
 
	                <h:commandButton value="Login"/>
 
	            </h:panelGrid>
 
	        </rich:simpleTogglePanel>
</h:form>
    Le problème, c'est que c'est tellement sécurisé que ça ne se connecte pas J'arrive sur la page de connexion, j'entre les bons identifiants, j'essaie de me connecter, ça charge, et... je reste sur la page de login, pas moyen d'avoir accès aux autres.
    Voici ce qu'affiche le logger :
    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
     
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - Converted URL to lowercase, from: '/login.jsf'; to: '/login.jsf'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - Candidate is: '/login.jsf'; pattern is /**; matched=true
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 1 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@5f7d3f'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Converted URL to lowercase, from: '/login.jsf'; to: '/login.jsf'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/login.jsf'; pattern is /login.jsf; matched=true
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.c.ChannelProcessing~      - Request: FilterInvocation: URL: /login.jsf; ConfigAttributes: [REQUIRES_INSECURE_CHANNEL]
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 2 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@eb840f'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@178feba. A new one will be created.
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 3 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@11ce2ad'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 4 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@16602cb'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 5 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4178d0'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 6 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@62be97'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@cee41f'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@190efc'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.AnonymousAuthentica~      - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 26A885C1C0EC952F9C34E6BA5DE86E3A; Granted Authorities: ROLE_ANONYMOUS'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 9 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@126fef6'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 10 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@12cfd62'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 11 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@af4627'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Converted URL to lowercase, from: '/login.jsf'; to: '/login.jsf'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/login.jsf'; pattern is /login.jsf; matched=true
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.FilterSecurityInt~      - Secure object: FilterInvocation: URL: /login.jsf; Attributes: [isAnonymous()]
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.FilterSecurityInt~      - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 26A885C1C0EC952F9C34E6BA5DE86E3A; Granted Authorities: ROLE_ANONYMOUS
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.a.v.AffirmativeBased          - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@140243b, returned: 1
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.FilterSecurityInt~      - Authorization successful
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.FilterSecurityInt~      - RunAsManager did not change Authentication object
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf reached end of additional filter chain; proceeding with original chain
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.ExceptionTranslatio~      - Chain processed normally
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - SecurityContext contents are anonymous - context will not be stored in HttpSession. 
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.c.SecurityContextPers~      - SecurityContextHolder now cleared, as request processing completed
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - Candidate is: '/css/style.css'; pattern is /**; matched=true
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 1 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@5f7d3f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /login.jsf; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /index.jsp; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /pages/administration/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /pages/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 2 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@eb840f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@178feba. A new one will be created.
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 3 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@11ce2ad'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 4 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@16602cb'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 5 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4178d0'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 6 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@62be97'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@cee41f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@190efc'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.AnonymousAuthentica~      - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 26A885C1C0EC952F9C34E6BA5DE86E3A; Granted Authorities: ROLE_ANONYMOUS'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 9 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@126fef6'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 10 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@12cfd62'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 11 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@af4627'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /login.jsf; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /index.jsp; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /pages/administration/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /pages/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.FilterSecurityInt~      - Public object - authentication not attempted
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css reached end of additional filter chain; proceeding with original chain
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - SecurityContext contents are anonymous - context will not be stored in HttpSession. 
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.ExceptionTranslatio~      - Chain processed normally
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.SecurityContextPers~      - SecurityContextHolder now cleared, as request processing completed
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - Candidate is: '/css/style.css'; pattern is /**; matched=true
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 1 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@5f7d3f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /login.jsf; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /index.jsp; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /pages/administration/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /pages/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 2 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@eb840f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@178feba. A new one will be created.
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 3 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@11ce2ad'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 4 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@16602cb'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 5 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4178d0'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 6 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@62be97'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@cee41f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@190efc'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.AnonymousAuthentica~      - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 26A885C1C0EC952F9C34E6BA5DE86E3A; Granted Authorities: ROLE_ANONYMOUS'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 9 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@126fef6'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 10 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@12cfd62'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 11 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@af4627'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /login.jsf; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /index.jsp; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /pages/administration/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /pages/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.FilterSecurityInt~      - Public object - authentication not attempted
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css reached end of additional filter chain; proceeding with original chain
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - SecurityContext contents are anonymous - context will not be stored in HttpSession. 
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.ExceptionTranslatio~      - Chain processed normally
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.SecurityContextPers~      - SecurityContextHolder now cleared, as request processing completed
    J'ai sûrement manqué quelque chose dans la conf (ou autre part), mais je ne vois pas quoi. Si un quelqu'un de plus expérimenté que moi pouvait m'apporter un peu d'aide, ça serait sympa

    Merci.
    Répondre avec citation Répondre avec citation   0  0
  2. 06/04/2010, 10h42 #2
    haile
    haile est déconnecté
    Membre à l'essai
    Profil pro
    Inscrit en
    Décembre 2008
    Messages
    13
    Détails du profil
    Informations personnelles :
    Localisation : France

    Informations forums :
    Inscription : Décembre 2008
    Messages : 13
    Points : 14
    Points
    14
    Par défaut
    J'ai réussi à résoudre le problème...
    J'ai juste changé un peu le formulaire de login :
    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
     
   <form name="login"  action="#{facesContext.externalContext.requestContextPath}/j_spring_security_check" method="post">
	        <rich:simpleTogglePanel>
	            <f:facet name="header">
	                <h:outputText value="#{msg.identifiant}" />
	            </f:facet>
	            <h:panelGrid columns="3">
 
	                <h:outputText value="#{msg.login}" />
	                <h:inputText id="j_username" required="true">
	                </h:inputText><h:message for="j_username" style="color: red"/>
 
	                <h:outputText value="#{msg.motDePasse}" />
	                <h:inputSecret id="j_password" required="true">
	                </h:inputSecret><h:message for="j_password"  style="color: red"/>
 
	                <h:commandButton value="Login"/>
 
	            </h:panelGrid>
	        </rich:simpleTogglePanel>
        </form>
    Et ça fonctionne. Pourquoi ça ne fonctionnait pas, ça j'avoue que je ne sais pas trop. Il doit y avoir une explication logique, mais ça m'échappe...
    Répondre avec citation Répondre avec citation   0  0
  3. 23/06/2011, 14h36 #3
    poitou82
    poitou82 est déconnecté
    Nouveau membre du Club
    Inscrit en
    Octobre 2010
    Messages
    33
    Détails du profil
    Informations forums :
    Inscription : Octobre 2010
    Messages : 33
    Points : 27
    Points
    27
    Par défaut [Authentication Failed] Java+Spring+Hibernate
    Bonjour,

    J'ai le même problème que vous et j'aurai bien besoin de votre aide;
    En effet, je reste toujours sur ma page login malgré que je rentre le login et le password correctement il me signale le message d'erreur que j'ai défini lorsque on rentre des faux identifiants!!!

    Si tu es intéressé, je peux vous filer les fichiers de config pour en examiner ensemble le problème vu que je suis là-dessus depuis presque un mois;

    Merci
    Répondre avec citation Répondre avec citation   0  0
  4. 23/06/2011, 15h11 #4
    Jacobian
    Jacobian est déconnecté
    Membre actif Avatar de Jacobian
    Inscrit en
    Février 2008
    Messages
    425
    Détails du profil
    Informations forums :
    Inscription : Février 2008
    Messages : 425
    Points : 245
    Points
    245
    Par défaut
    lorsque tu utilise h:form = HTML alors l'application essaye d'utiliser les ressource sécurisé avant qu'il soit authentifier c'est pour ça que ta une redirection vers la page de login:

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    <h:form>
..........
</h:form>

ça se transforme en:	

<form id="j_id_jsp_730696170_1" name="j_id_jsp_730696170_1" 
      method="post" action="/jsfTags/index.faces;jsessionid=77A193112398D3884EA1D25FE2A0ED92" 
      enctype="application/x-www-form-urlencoded">
</form>
    /jsfTags/ il est sécurisé
    Répondre avec citation Répondre avec citation   0  0
  5. 23/06/2011, 15h31 #5
    poitou82
    poitou82 est déconnecté
    Nouveau membre du Club
    Inscrit en
    Octobre 2010
    Messages
    33
    Détails du profil
    Informations forums :
    Inscription : Octobre 2010
    Messages : 33
    Points : 27
    Points
    27
    Par défaut [Authentication Failed] Java+Spring+Hibernate
    Merci pour ta réponse; mais mon application est un peu différente de la tienne; en effet je n'ai pas un formulaire c.a.d un fichier html mais plutot un fichier zul qui ressemble beaucoup au html sauf que j'ai défini une fonction de verification login sur le bouton login dans une classe java; tu trouveras comme suit :

    mon formulaire d'authentification :
    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
     
	<window id="loginWin" title="Login to the Trans Mig Audit" border="normal" width="400px"
				use="fr.cs.tma.ui.LoginViewCtrl">
		<grid>
			<rows>
				<row>
					<label value="Username:"/>
					<textbox id="username" name="j_username" constraint="no empty"/>
				</row>
				<row>
					<label value="Password:"/>
					<textbox type="password" id="password" name="j_password" constraint="no empty"/>
				</row>
				<row spans="2" align="center"><cell>
					<vlayout>
						<button id="login" label="login" width="100px" onClick="loginWin.onOK()" />
						<label id="msgError" style="color:red; font-weight:italic"/>
					</vlayout>
				</cell>
				</row>
			</rows>
		</grid>
 
	</window>
    et ma classe java :

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
     
public class LoginViewCtrl extends Window {
 
	public void onCreate() {
		Label msgLbl = (Label)getFellow("loginWin").getFellow("msgError");
		String errorCode = Executions.getCurrent().getParameter("login_error");
 
		if("true".equals(errorCode)){
			msgLbl.setValue("Bad Username or/and Password. Retry Please.");
		}else{
			msgLbl.setValue("");
		}
	}
 
	public void onOK() {
		Textbox usernameTxt = (Textbox)getFellow("loginWin").getFellow("username");
		Textbox passwordTxt = (Textbox)getFellow("loginWin").getFellow("password");
 
		String username = usernameTxt.getValue();
		String password = passwordTxt.getValue();
 
		Executions.sendRedirect("/j_spring_security_check?j_username="+username+"&j_password="+password);
	}
 
}
    voilà je travaille avec hibernate v3 et spring 3

    Please Help me!

    merci.
    Répondre avec citation Répondre avec citation   0  0
  6. 23/06/2011, 15h35 #6
    Jacobian
    Jacobian est déconnecté
    Membre actif Avatar de Jacobian
    Inscrit en
    Février 2008
    Messages
    425
    Détails du profil
    Informations forums :
    Inscription : Février 2008
    Messages : 425
    Points : 245
    Points
    245
    Par défaut
    tes bloquer a quel niveaux ??
    Répondre avec citation Répondre avec citation   0  0
ActualitésFAQs SpringTutoriels SpringLivres Spring
« Discussion précédente | Discussion suivante »

Discussions similaires

  1. [Sécurité] JSF problème pour authentification
    Par isnake dans le forum Java EE
    Réponses: 0
    Dernier message: 04/03/2012, 17h51
  2. Erreur d'instanciation de Bean + Hibernate Spring Tomcat JSF
    Par curieuseInformatique dans le forum Frameworks Web
    Réponses: 0
    Dernier message: 08/09/2011, 17h45
  3. Intégration GWT-maven-spring-hibernate-spring security-smartGWT
    Par hugo123 dans le forum GWT et Vaadin
    Réponses: 40
    Dernier message: 04/05/2011, 00h12
  4. [Article] Intégration GWT-maven-spring-hibernate-spring security-smartGWT
    Par hugo123 dans le forum Maven
    Réponses: 0
    Dernier message: 01/12/2009, 11h14

Partager

Partager
  • Envoyer la discussion sur Viadeo
  • Envoyer la discussion sur Twitter
  • Envoyer la discussion sur Google
  • Envoyer la discussion sur Facebook
  • Envoyer la discussion sur Digg
  • Envoyer la discussion sur Delicious
  • Envoyer la discussion sur MySpace
  • Envoyer la discussion sur Yahoo