Clever Geek Handbook

Can't navigate after successful login and return to login page - spring security 3.2.7

I ran into an issue in spring security 3.2.7 with JSF2.2, after successful login it is redirected to the Dashboard page, but when I want to go to other pages it redirects me to the login page, so how to save this session

spring security xml config:

    <!-- Spring Security configurations -->
    <security:global-method-security pre-post-annotations="enabled"  authentication-manager-ref="authenticationManager" proxy-target-class="true"/> 
    <security:http auto-config="true"   >
        <security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/font/**" access="IS_AUTHENTICATED_ANONYMOUSLY"  />
        <security:intercept-url pattern="/img/**" access="IS_AUTHENTICATED_ANONYMOUSLY"  />
        <security:intercept-url pattern="/js/**" access="IS_AUTHENTICATED_ANONYMOUSLY"  />
        <security:intercept-url pattern="/javax.faces.resource/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/**" access="ROLE_EMPLOYEE, ROLE_ADMIN, ROLE_RH, ROLE_MANAGER"/>

        <security:intercept-url pattern="/employeesManagement/*" access="ROLE_EMPLOYEE, ROLE_ADMIN, ROLE_RH, ROLE_MANAGER" />
        <security:intercept-url pattern="/meetingsAndTrainings/*" access="ROLE_EMPLOYEE, ROLE_ADMIN, ROLE_RH, ROLE_MANAGER" />

        <security:form-login login-page="/login.xhtml"
            default-target-url="/dashboard.xhtml"  />

        <security:http-basic />
        <!-- authentication-failure-url="/login.xhtml?failed=true" -->
        <security:logout logout-url="/logout" delete-cookies="true"
            logout-success-url="/login.xhtml" />


    </security:http>

    <bean id="userDao" class="com.tds.erp.dao.impl.UserDaoImpl"
        autowire="default" />

    <bean id="userDetailsService" class="com.tds.erp.services.impl.UserDetailServiceImpl">
        <property name="userDao" ref="userDao"></property>
    </bean>


        <bean id="daoAuthenticationProvider"
        class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="userDetailsService"></property>

    </bean>

    <bean id="authenticationManager"
        class="org.springframework.security.authentication.ProviderManager">
        <constructor-arg ref="daoAuthenticationProvider" />

    </bean>

    <security:authentication-manager>


        <security:authentication-provider user-service-ref="userDetailsService" >
<!--            <security:password-encoder hash="bcrypt" /> -->
        </security:authentication-provider>
    </security:authentication-manager>

loginMB.java

public String processUserAuthentication(){

        try {
            Authentication request = new UsernamePasswordAuthenticationToken(username, password);
            Authentication result = authenticationManager.authenticate(request);
            SecurityContextHolder .getContext().setAuthentication(result);

        } catch (AuthenticationException e) {
            FacesContext.getCurrentInstance().addMessage(null, 
                    new FacesMessage(FacesMessage.SEVERITY_ERROR,e.getMessage(),"Veuillez verifier votre Email ou votre mot de passe"));
            e.printStackTrace();
            System.out.println(e.getMessage());         
            return null;

        }

        return "success";

and a nav case in faces-config.xml

<navigation-rule>
<display-name>/login.xhtml</display-name>
<from-view-id>/login.xhtml</from-view-id>

<navigation-case>
    <from-action>#{loginMB.processUserAuthentication()}</from-action>
    <from-outcome>success</from-outcome>
    <to-view-id>/dashboard.xhtml</to-view-id>

    <redirect></redirect>
</navigation-case>

EDIT

after spring security debugging I found this issue and I understand that after login success the session is not saved, so it usually returns to the login page

I did some research on the internet and I found that I have to implement a custom AuthenticationSuccessHandler.

so help please!

2015-06-10 14:31:40,971 DEBUG [org.springframework.security.access.vote.AffirmativeBased] - <Voter: org.springframework.security.access.vote.RoleVoter@1829e40, returned: 1>
2015-06-10 14:31:40,971 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - <Authorization successful>
2015-06-10 14:31:40,971 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - <RunAsManager did not change Authentication object>
2015-06-10 14:31:40,971 DEBUG [org.springframework.security.web.FilterChainProxy] - </dashboard reached end of additional filter chain; proceeding with original chain>
2015-06-10 14:31:41,148 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] - <Chain processed normally>
2015-06-10 14:31:41,148 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.>
2015-06-10 14:31:41,148 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] - <SecurityContextHolder now cleared, as request processing completed>
2015-06-10 14:31:41,231 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'>
2015-06-10 14:31:41,232 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <HttpSession returned null object for SPRING_SECURITY_CONTEXT>
2015-06-10 14:31:41,232 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@180fe37. A new one will be created.>
2015-06-10 14:31:41,232 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'>
2015-06-10 14:31:41,232 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'>
2015-06-10 14:31:41,233 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'>
2015-06-10 14:31:41,233 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'>
2015-06-10 14:31:41,233 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'>
2015-06-10 14:31:41,233 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'>
2015-06-10 14:31:41,233 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'>
+3


source to share


No one has answered this question yet

Check out similar questions:



More articles:


All Articles