Can't navigate after successful login and return to login page - spring security 3.2.7
I ran into an issue in spring security 3.2.7 with JSF2.2, after successful login it is redirected to the Dashboard page, but when I want to go to other pages it redirects me to the login page, so how to save this session
spring security xml config:
<!-- Spring Security configurations -->
<security:global-method-security pre-post-annotations="enabled" authentication-manager-ref="authenticationManager" proxy-target-class="true"/>
<security:http auto-config="true" >
<security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/font/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/img/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/js/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/javax.faces.resource/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/**" access="ROLE_EMPLOYEE, ROLE_ADMIN, ROLE_RH, ROLE_MANAGER"/>
<security:intercept-url pattern="/employeesManagement/*" access="ROLE_EMPLOYEE, ROLE_ADMIN, ROLE_RH, ROLE_MANAGER" />
<security:intercept-url pattern="/meetingsAndTrainings/*" access="ROLE_EMPLOYEE, ROLE_ADMIN, ROLE_RH, ROLE_MANAGER" />
<security:form-login login-page="/login.xhtml"
default-target-url="/dashboard.xhtml" />
<security:http-basic />
<!-- authentication-failure-url="/login.xhtml?failed=true" -->
<security:logout logout-url="/logout" delete-cookies="true"
logout-success-url="/login.xhtml" />
</security:http>
<bean id="userDao" class="com.tds.erp.dao.impl.UserDaoImpl"
autowire="default" />
<bean id="userDetailsService" class="com.tds.erp.services.impl.UserDetailServiceImpl">
<property name="userDao" ref="userDao"></property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"></property>
</bean>
<bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<constructor-arg ref="daoAuthenticationProvider" />
</bean>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService" >
<!-- <security:password-encoder hash="bcrypt" /> -->
</security:authentication-provider>
</security:authentication-manager>
loginMB.java
public String processUserAuthentication(){
try {
Authentication request = new UsernamePasswordAuthenticationToken(username, password);
Authentication result = authenticationManager.authenticate(request);
SecurityContextHolder .getContext().setAuthentication(result);
} catch (AuthenticationException e) {
FacesContext.getCurrentInstance().addMessage(null,
new FacesMessage(FacesMessage.SEVERITY_ERROR,e.getMessage(),"Veuillez verifier votre Email ou votre mot de passe"));
e.printStackTrace();
System.out.println(e.getMessage());
return null;
}
return "success";
and a nav case in faces-config.xml
<navigation-rule>
<display-name>/login.xhtml</display-name>
<from-view-id>/login.xhtml</from-view-id>
<navigation-case>
<from-action>#{loginMB.processUserAuthentication()}</from-action>
<from-outcome>success</from-outcome>
<to-view-id>/dashboard.xhtml</to-view-id>
<redirect></redirect>
</navigation-case>
EDIT
after spring security debugging I found this issue and I understand that after login success the session is not saved, so it usually returns to the login page
I did some research on the internet and I found that I have to implement a custom AuthenticationSuccessHandler.
so help please!
2015-06-10 14:31:40,971 DEBUG [org.springframework.security.access.vote.AffirmativeBased] - <Voter: org.springframework.security.access.vote.RoleVoter@1829e40, returned: 1>
2015-06-10 14:31:40,971 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - <Authorization successful>
2015-06-10 14:31:40,971 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - <RunAsManager did not change Authentication object>
2015-06-10 14:31:40,971 DEBUG [org.springframework.security.web.FilterChainProxy] - </dashboard reached end of additional filter chain; proceeding with original chain>
2015-06-10 14:31:41,148 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] - <Chain processed normally>
2015-06-10 14:31:41,148 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.>
2015-06-10 14:31:41,148 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] - <SecurityContextHolder now cleared, as request processing completed>
2015-06-10 14:31:41,231 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'>
2015-06-10 14:31:41,232 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <HttpSession returned null object for SPRING_SECURITY_CONTEXT>
2015-06-10 14:31:41,232 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@180fe37. A new one will be created.>
2015-06-10 14:31:41,232 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'>
2015-06-10 14:31:41,232 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'>
2015-06-10 14:31:41,233 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'>
2015-06-10 14:31:41,233 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'>
2015-06-10 14:31:41,233 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'>
2015-06-10 14:31:41,233 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'>
2015-06-10 14:31:41,233 DEBUG [org.springframework.security.web.FilterChainProxy] - </javax.faces.resource/theme.css.xhtml?ln=primefaces-delta at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'>
+3
source to share
No one has answered this question yet
Check out similar questions: