You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@myfaces.apache.org by Brad Smith <bg...@bendcable.com> on 2007/02/22 20:31:44 UTC
myfaces and acegi problem
Hello -
I have been trying to integrate acegi security (w/ Spring) and JSF as
described on the myfaces wiki page:
http://wiki.apache.org/myfaces/JSF_and_Acegi
The error I get is from tomcat is: "The requested resource
(/pmmWeb/j_acegi_security_check.html) is not available." where pmmWeb is
the web application context.
I do have /j_acegi_security_check.jsp in the faces-config.xml file and
in the application context file for acegi.
This application uses facelets as well.
Has anyone used the process described on the wiki page successfully with
facelets?
Thanks,
Brad Smith
Re: myfaces and acegi problem
Posted by Brad Smith <bg...@bendcable.com>.
Thanks Jeff. This changed the error message from tomcat generated to
facelets generated but does not solve the problem. The problem appears
to be related to the forward from the faces navigation not going through
the filter chain as expected.
Brad
On Thu, 2007-02-22 at 14:38 -0500, Jeff Bischoff wrote:
> Brad,
>
> What do your servlet mappings look like in your web.xml?
>
> Have to tried creating a blank j_acegi_security_check.html file, to
> "trick" your container? I don't know if that applies here or not.
Re: myfaces and acegi problem
Posted by Jeff Bischoff <jb...@klkurz.com>.
Brad,
What do your servlet mappings look like in your web.xml?
Have to tried creating a blank j_acegi_security_check.html file, to
"trick" your container? I don't know if that applies here or not.
Regards,
Jeff Bischoff
Kenneth L Kurz & Associates, Inc.
Brad Smith wrote:
> Hello -
>
> I have been trying to integrate acegi security (w/ Spring) and JSF as
> described on the myfaces wiki page:
>
> http://wiki.apache.org/myfaces/JSF_and_Acegi
>
> The error I get is from tomcat is: "The requested resource
> (/pmmWeb/j_acegi_security_check.html) is not available." where pmmWeb is
> the web application context.
>
> I do have /j_acegi_security_check.jsp in the faces-config.xml file and
> in the application context file for acegi.
>
> This application uses facelets as well.
>
> Has anyone used the process described on the wiki page successfully with
> facelets?
>
> Thanks,
>
> Brad Smith
>
Re: myfaces and acegi problem
Posted by Brad Smith <bg...@bendcable.com>.
I found a workable solution to this problem. Details of the problem and
the solution are in this thread on the acegi support forum:
http://forum.springframework.org/showthread.php?t=35343
Brad
On Thu, 2007-02-22 at 11:31 -0800, Brad Smith wrote:
> Hello -
>
> I have been trying to integrate acegi security (w/ Spring) and JSF as
> described on the myfaces wiki page:
>
> http://wiki.apache.org/myfaces/JSF_and_Acegi
>
Re: myfaces and acegi problem
Posted by Brad Smith <bg...@bendcable.com>.
Thanks Mick. It appears that you are using a solution that uses a
backing bean to perform authentication. While I may switch to that I
would like to see if I can solve the filter chain issue.
brad
On Thu, 2007-02-22 at 11:49 -0800, Mick Knutson wrote:
> I created my own logon.xhtml (facelets) and used this as my acegi
> context:
Re: myfaces and acegi problem
Posted by Mick Knutson <mi...@gmail.com>.
Opps.
In my logon.xhtml, here is where the controller is called:
<h:commandButton action="#{authenticationController.authenticate
}"
value="#{messages['label.button.logon']}"/>
On 2/23/07, Mick Knutson <mi...@gmail.com> wrote:
>
> To be honest, I am not sure how part of this works, it just works.
>
> I have this in my faces-config:
>
> <managed-bean>
> <managed-bean-name>authenticationController</managed-bean-name>
> <managed-bean-class>
> com.baselogic.tro.security.AuthenticationController</managed-bean-class>
> <managed-bean-scope>request</managed-bean-scope>
> <managed-property>
> <property-name>authenticationManager</property-name>
> <value>#{authenticationManager}</value>
> </managed-property>
> </managed-bean>
>
> But there is not a call as in the directions http://www.javakaffee.de/blog/2006/07/04/jsfacegi-authentication-with-a-backing-bean/
> for something like:
>
> <!--<navigation-rule>
> <from-view-id>/views/common/logon.xhtml</from-view-id>
> <navigation-case>
> <from-action>#{authenticationController.authenticate}</from-action>
> <from-outcome>success</from-outcome>
> <to-view-id>/views/secure/index.xhtml</to-view-id>
> <redirect/>
> </navigation-case>
> <navigation-case>
> <from-action>#{authenticationController.authenticate
> }</from-action>
> <from-outcome>failure</from-outcome>
> <to-view-id>/views/secure/index.xhtml</to-view-id>
> </navigation-case>
> </navigation-rule>
> <navigation-rule>
> <from-view-id>*</from-view-id>
> <navigation-case>
> <from-action>logout</from-action>
> <to-view-id>/views/common/logon.xhtml</to-view-id>
> <redirect/>
> </navigation-case>
> </navigation-rule>-->
>
>
> which as you can see, I have commented out.
>
> Did you try this with the correct schema? If you don't care that there can
> only be 1 target uri, then this works great.
>
>
>
>
>
> On 2/23/07, Brad Smith <bg...@bendcable.com> wrote:
> >
> > Thanks Mick. Am I reading this configuration correctly in that you do
> > not use the authenticationProcessingFilter bean? I also do not see where
> > the custom authenticationController bean is being called.
> >
> > Brad
> >
> >
> > On Thu, 2007-02-22 at 11:49 -0800, Mick Knutson wrote:
> > > I created my own logon.xhtml (facelets) and used this as my acegi
> > > context:
> > >
> > > <?xml version="1.0" encoding="UTF-8"?>
> > > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
> > > " http://www.springframework.org/dtd/spring-beans-2.0.dtd">
> > >
> > > <beans>
> > >
> > > <bean id="acegiFilterChainProxy" class="
> > > org.acegisecurity.util.FilterChainProxy">
> > > <property name="filterInvocationDefinitionSource">
> > > <value>
> > > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> > > PATTERN_TYPE_APACHE_ANT
> > >
> > /**=httpSessionContextIntegrationFilter,securityRequestFilter,exceptionTranslationFilter,filterSecurityInterceptor
> >
> > > </value>
> > > </property>
> > > </bean>
> > >
> > > <bean id="authenticationController"
> > > class="com.baselogic.tro.security.AuthenticationController "
> > > scope="session">
> > > <property name="authenticationManager">
> > > <ref bean="authenticationManager"/>
> > > </property>
> > > </bean>
> > >
> > > <bean id="authenticationManager"
> > > class="org.acegisecurity.providers.ProviderManager ">
> > > <property name="providers">
> > > <list>
> > > <ref local="daoAuthenticationProvider"/>
> > > </list>
> > > </property>
> > > </bean>
> > >
> > >
> > > <bean id="daoAuthenticationProvider"
> > > class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
> > > <property name="userDetailsService" ref="jdbcDaoImpl"/>
> > > </bean>
> > >
> > > <!-- specify the JDBC DAO Impl, note the reference to "dataSource"
> > > -->
> > > <bean id="jdbcDaoImpl"
> > > class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl ">
> > > <property name="dataSource">
> > > <ref bean="dataSource"/>
> > > </property>
> > > <property name="usersByUsernameQuery">
> > > <value>
> > > SELECT username,password,account_enabled FROM user
> > > WHERE username = ?
> > > </value>
> > > </property>
> > > <property name="authoritiesByUsernameQuery">
> > > <value>
> > > select u.username, r.role_name
> > > from user u, role r, user_role ur
> > > where u.username=?
> > > and u.username = ur.username
> > > and ur.role_name = r.role_name
> > > </value>
> > > </property>
> > > </bean>
> > >
> > >
> > > <!--<bean id="authenticationProcessingFilter"
> > > class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter ">
> > > <property name="filterProcessesUrl">
> > > <value>/j_acegi_security_check.jsp</value>
> > > </property>
> > > <property name="authenticationFailureUrl">
> > > <value>/views/common/logon.jsf?login_error=1</value>
> > > </property>
> > > <property name="defaultTargetUrl">
> > > <value>/views/secure/index.jsf</value>
> > > </property>
> > > <property name="authenticationManager">
> > > <ref bean="authenticationManager"/>
> > > </property>
> > > </bean>-->
> > >
> > > <bean id="httpSessionContextIntegrationFilter"
> > >
> > > class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
> > > <property name="context">
> > >
> > > <value>org.acegisecurity.context.SecurityContextImpl </value>
> > > </property>
> > > </bean>
> > >
> > > <bean id="securityRequestFilter"
> > > class="
> > org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter "/>
> > >
> > > <bean id="exceptionTranslationFilter"
> > > class="org.acegisecurity.ui.ExceptionTranslationFilter">
> > > <property name="authenticationEntryPoint">
> > > <bean class="
> > > org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
> > > <property name="loginFormUrl">
> > > <value>/views/common/logon.jsf</value>
> > > </property>
> > > <property name="forceHttps">
> > > <value>false</value>
> > > </property>
> > > </bean>
> > > </property>
> > > <property name="accessDeniedHandler">
> > > <bean
> > > class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
> > > <property name="errorPage">
> > > <value>/views/common/error.jsf</value>
> > > </property>
> > > </bean>
> > > </property>
> > > </bean>
> > >
> > > <!-- Required (mk) -->
> > > <bean id="filterSecurityInterceptor"
> > > class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
> > > <property name="authenticationManager">
> > > <ref bean="authenticationManager"/>
> > > </property>
> > > <property name="accessDecisionManager">
> > > <!--
> > > The AffirmativeBased voter allows access if at least one
> > > voter votes
> > > to grant access. Use the UnanimousBased voter if you only
> > > want to
> > > grant access if no voter votes to deny access. -->
> > > <bean class=" org.acegisecurity.vote.AffirmativeBased">
> > > <property name="decisionVoters">
> > > <list>
> > > <bean
> > > class=" org.acegisecurity.vote.RoleVoter">
> > > <!-- Reset the role prefix to "", default
> > > is ROLE_ -->
> > > <property name="rolePrefix">
> > > <value></value>
> > > </property>
> > > </bean>
> > > <!--
> > > The authenticated voter grant access if e.g.
> > > IS_AUTHENTICATED_FULLY is an attribute -->
> > > <bean class="
> > > org.acegisecurity.vote.AuthenticatedVoter"/>
> > > </list>
> > > </property>
> > > </bean>
> > > </property>
> > > <property name="objectDefinitionSource">
> > > <value>
> > > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> > > PATTERN_TYPE_APACHE_ANT
> > > /pages/**=IS_AUTHENTICATED_FULLY
> > > /pages/company/**=/permissions/permission1
> > > /**/admin/**=ROLE_ADMINISTRATOR
> > > /**/secure/**=ROLE_USER
> > > </value>
> > > </property>
> > > <property name="observeOncePerRequest" value="false"/>
> > > </bean>
> > >
> > > <bean id="passwordEncoder"
> > >
> > > class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
> > >
> > > </beans>
> > >
> > >
> > >
> > >
> > >
> > > I also had to ensure this was my web.xml mapping:
> > >
> > > <filter>
> > > <filter-name>Acegi Filter Chain Proxy</filter-name>
> > >
> > > <filter-class> org.acegisecurity.util.FilterToBeanProxy</filter-class>
> > > <init-param>
> > > <!--<param-name>targetClass</param-name>
> > > <param-value>acegiFilterChainProxy</param-value>-->
> > > <param-name>targetBean</param-name>
> > > <param-value>acegiFilterChainProxy</param-value>
> > > </init-param>
> > > </filter>
> > >
> > >
> > >
> >
> >
> >
>
>
> --
> ---
> Thanks,
> Mick Knutson
>
> http://www.baselogic.com
> http://www.blincmagazine.com
> http://www.djmick.com
> http://www.myspace.com/djmick_dot_com
> http://www.thumpradio.com
> ---
>
--
---
Thanks,
Mick Knutson
http://www.baselogic.com
http://www.blincmagazine.com
http://www.djmick.com
http://www.myspace.com/djmick_dot_com
http://www.thumpradio.com
---
Re: myfaces and acegi problem
Posted by Mick Knutson <mi...@gmail.com>.
To be honest, I am not sure how part of this works, it just works.
I have this in my faces-config:
<managed-bean>
<managed-bean-name>authenticationController</managed-bean-name>
<managed-bean-class>
com.baselogic.tro.security.AuthenticationController</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
<managed-property>
<property-name>authenticationManager</property-name>
<value>#{authenticationManager}</value>
</managed-property>
</managed-bean>
But there is not a call as in the directions
http://www.javakaffee.de/blog/2006/07/04/jsfacegi-authentication-with-a-backing-bean/for
something like:
<!--<navigation-rule>
<from-view-id>/views/common/logon.xhtml</from-view-id>
<navigation-case>
<from-action>#{authenticationController.authenticate
}</from-action>
<from-outcome>success</from-outcome>
<to-view-id>/views/secure/index.xhtml</to-view-id>
<redirect/>
</navigation-case>
<navigation-case>
<from-action>#{authenticationController.authenticate
}</from-action>
<from-outcome>failure</from-outcome>
<to-view-id>/views/secure/index.xhtml</to-view-id>
</navigation-case>
</navigation-rule>
<navigation-rule>
<from-view-id>*</from-view-id>
<navigation-case>
<from-action>logout</from-action>
<to-view-id>/views/common/logon.xhtml</to-view-id>
<redirect/>
</navigation-case>
</navigation-rule>-->
which as you can see, I have commented out.
Did you try this with the correct schema? If you don't care that there can
only be 1 target uri, then this works great.
On 2/23/07, Brad Smith <bg...@bendcable.com> wrote:
>
> Thanks Mick. Am I reading this configuration correctly in that you do
> not use the authenticationProcessingFilter bean? I also do not see where
> the custom authenticationController bean is being called.
>
> Brad
>
>
> On Thu, 2007-02-22 at 11:49 -0800, Mick Knutson wrote:
> > I created my own logon.xhtml (facelets) and used this as my acegi
> > context:
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
> > " http://www.springframework.org/dtd/spring-beans-2.0.dtd">
> >
> > <beans>
> >
> > <bean id="acegiFilterChainProxy" class="
> > org.acegisecurity.util.FilterChainProxy">
> > <property name="filterInvocationDefinitionSource">
> > <value>
> > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> > PATTERN_TYPE_APACHE_ANT
> >
> /**=httpSessionContextIntegrationFilter,securityRequestFilter,exceptionTranslationFilter,filterSecurityInterceptor
> > </value>
> > </property>
> > </bean>
> >
> > <bean id="authenticationController"
> > class="com.baselogic.tro.security.AuthenticationController"
> > scope="session">
> > <property name="authenticationManager">
> > <ref bean="authenticationManager"/>
> > </property>
> > </bean>
> >
> > <bean id="authenticationManager"
> > class="org.acegisecurity.providers.ProviderManager ">
> > <property name="providers">
> > <list>
> > <ref local="daoAuthenticationProvider"/>
> > </list>
> > </property>
> > </bean>
> >
> >
> > <bean id="daoAuthenticationProvider"
> > class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
> > <property name="userDetailsService" ref="jdbcDaoImpl"/>
> > </bean>
> >
> > <!-- specify the JDBC DAO Impl, note the reference to "dataSource"
> > -->
> > <bean id="jdbcDaoImpl"
> > class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl ">
> > <property name="dataSource">
> > <ref bean="dataSource"/>
> > </property>
> > <property name="usersByUsernameQuery">
> > <value>
> > SELECT username,password,account_enabled FROM user
> > WHERE username = ?
> > </value>
> > </property>
> > <property name="authoritiesByUsernameQuery">
> > <value>
> > select u.username, r.role_name
> > from user u, role r, user_role ur
> > where u.username=?
> > and u.username = ur.username
> > and ur.role_name = r.role_name
> > </value>
> > </property>
> > </bean>
> >
> >
> > <!--<bean id="authenticationProcessingFilter"
> > class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter ">
> > <property name="filterProcessesUrl">
> > <value>/j_acegi_security_check.jsp</value>
> > </property>
> > <property name="authenticationFailureUrl">
> > <value>/views/common/logon.jsf?login_error=1</value>
> > </property>
> > <property name="defaultTargetUrl">
> > <value>/views/secure/index.jsf</value>
> > </property>
> > <property name="authenticationManager">
> > <ref bean="authenticationManager"/>
> > </property>
> > </bean>-->
> >
> > <bean id="httpSessionContextIntegrationFilter"
> >
> > class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
> > <property name="context">
> >
> > <value>org.acegisecurity.context.SecurityContextImpl</value>
> > </property>
> > </bean>
> >
> > <bean id="securityRequestFilter"
> > class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
> >
> > <bean id="exceptionTranslationFilter"
> > class="org.acegisecurity.ui.ExceptionTranslationFilter">
> > <property name="authenticationEntryPoint">
> > <bean class="
> > org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
> > <property name="loginFormUrl">
> > <value>/views/common/logon.jsf</value>
> > </property>
> > <property name="forceHttps">
> > <value>false</value>
> > </property>
> > </bean>
> > </property>
> > <property name="accessDeniedHandler">
> > <bean
> > class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
> > <property name="errorPage">
> > <value>/views/common/error.jsf</value>
> > </property>
> > </bean>
> > </property>
> > </bean>
> >
> > <!-- Required (mk) -->
> > <bean id="filterSecurityInterceptor"
> > class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
> > <property name="authenticationManager">
> > <ref bean="authenticationManager"/>
> > </property>
> > <property name="accessDecisionManager">
> > <!--
> > The AffirmativeBased voter allows access if at least one
> > voter votes
> > to grant access. Use the UnanimousBased voter if you only
> > want to
> > grant access if no voter votes to deny access. -->
> > <bean class="org.acegisecurity.vote.AffirmativeBased">
> > <property name="decisionVoters">
> > <list>
> > <bean
> > class="org.acegisecurity.vote.RoleVoter">
> > <!-- Reset the role prefix to "", default
> > is ROLE_ -->
> > <property name="rolePrefix">
> > <value></value>
> > </property>
> > </bean>
> > <!--
> > The authenticated voter grant access if e.g.
> > IS_AUTHENTICATED_FULLY is an attribute -->
> > <bean class="
> > org.acegisecurity.vote.AuthenticatedVoter"/>
> > </list>
> > </property>
> > </bean>
> > </property>
> > <property name="objectDefinitionSource">
> > <value>
> > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> > PATTERN_TYPE_APACHE_ANT
> > /pages/**=IS_AUTHENTICATED_FULLY
> > /pages/company/**=/permissions/permission1
> > /**/admin/**=ROLE_ADMINISTRATOR
> > /**/secure/**=ROLE_USER
> > </value>
> > </property>
> > <property name="observeOncePerRequest" value="false"/>
> > </bean>
> >
> > <bean id="passwordEncoder"
> >
> > class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
> >
> > </beans>
> >
> >
> >
> >
> >
> > I also had to ensure this was my web.xml mapping:
> >
> > <filter>
> > <filter-name>Acegi Filter Chain Proxy</filter-name>
> >
> > <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
> > <init-param>
> > <!--<param-name>targetClass</param-name>
> > <param-value>acegiFilterChainProxy</param-value>-->
> > <param-name>targetBean</param-name>
> > <param-value>acegiFilterChainProxy</param-value>
> > </init-param>
> > </filter>
> >
> >
> >
>
>
>
--
---
Thanks,
Mick Knutson
http://www.baselogic.com
http://www.blincmagazine.com
http://www.djmick.com
http://www.myspace.com/djmick_dot_com
http://www.thumpradio.com
---
Re: myfaces and acegi problem
Posted by Brad Smith <bg...@bendcable.com>.
Thanks Mick. Am I reading this configuration correctly in that you do
not use the authenticationProcessingFilter bean? I also do not see where
the custom authenticationController bean is being called.
Brad
On Thu, 2007-02-22 at 11:49 -0800, Mick Knutson wrote:
> I created my own logon.xhtml (facelets) and used this as my acegi
> context:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
> " http://www.springframework.org/dtd/spring-beans-2.0.dtd">
>
> <beans>
>
> <bean id="acegiFilterChainProxy" class="
> org.acegisecurity.util.FilterChainProxy">
> <property name="filterInvocationDefinitionSource">
> <value>
> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> PATTERN_TYPE_APACHE_ANT
> /**=httpSessionContextIntegrationFilter,securityRequestFilter,exceptionTranslationFilter,filterSecurityInterceptor
> </value>
> </property>
> </bean>
>
> <bean id="authenticationController"
> class="com.baselogic.tro.security.AuthenticationController"
> scope="session">
> <property name="authenticationManager">
> <ref bean="authenticationManager"/>
> </property>
> </bean>
>
> <bean id="authenticationManager"
> class="org.acegisecurity.providers.ProviderManager ">
> <property name="providers">
> <list>
> <ref local="daoAuthenticationProvider"/>
> </list>
> </property>
> </bean>
>
>
> <bean id="daoAuthenticationProvider"
> class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
> <property name="userDetailsService" ref="jdbcDaoImpl"/>
> </bean>
>
> <!-- specify the JDBC DAO Impl, note the reference to "dataSource"
> -->
> <bean id="jdbcDaoImpl"
> class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl ">
> <property name="dataSource">
> <ref bean="dataSource"/>
> </property>
> <property name="usersByUsernameQuery">
> <value>
> SELECT username,password,account_enabled FROM user
> WHERE username = ?
> </value>
> </property>
> <property name="authoritiesByUsernameQuery">
> <value>
> select u.username, r.role_name
> from user u, role r, user_role ur
> where u.username=?
> and u.username = ur.username
> and ur.role_name = r.role_name
> </value>
> </property>
> </bean>
>
>
> <!--<bean id="authenticationProcessingFilter"
> class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter ">
> <property name="filterProcessesUrl">
> <value>/j_acegi_security_check.jsp</value>
> </property>
> <property name="authenticationFailureUrl">
> <value>/views/common/logon.jsf?login_error=1</value>
> </property>
> <property name="defaultTargetUrl">
> <value>/views/secure/index.jsf</value>
> </property>
> <property name="authenticationManager">
> <ref bean="authenticationManager"/>
> </property>
> </bean>-->
>
> <bean id="httpSessionContextIntegrationFilter"
>
> class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
> <property name="context">
>
> <value>org.acegisecurity.context.SecurityContextImpl</value>
> </property>
> </bean>
>
> <bean id="securityRequestFilter"
> class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter "/>
>
> <bean id="exceptionTranslationFilter"
> class="org.acegisecurity.ui.ExceptionTranslationFilter">
> <property name="authenticationEntryPoint">
> <bean class="
> org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
> <property name="loginFormUrl">
> <value>/views/common/logon.jsf</value>
> </property>
> <property name="forceHttps">
> <value>false</value>
> </property>
> </bean>
> </property>
> <property name="accessDeniedHandler">
> <bean
> class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
> <property name="errorPage">
> <value>/views/common/error.jsf</value>
> </property>
> </bean>
> </property>
> </bean>
>
> <!-- Required (mk) -->
> <bean id="filterSecurityInterceptor"
> class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
> <property name="authenticationManager">
> <ref bean="authenticationManager"/>
> </property>
> <property name="accessDecisionManager">
> <!--
> The AffirmativeBased voter allows access if at least one
> voter votes
> to grant access. Use the UnanimousBased voter if you only
> want to
> grant access if no voter votes to deny access. -->
> <bean class="org.acegisecurity.vote.AffirmativeBased">
> <property name="decisionVoters">
> <list>
> <bean
> class="org.acegisecurity.vote.RoleVoter">
> <!-- Reset the role prefix to "", default
> is ROLE_ -->
> <property name="rolePrefix">
> <value></value>
> </property>
> </bean>
> <!--
> The authenticated voter grant access if e.g.
> IS_AUTHENTICATED_FULLY is an attribute -->
> <bean class="
> org.acegisecurity.vote.AuthenticatedVoter"/>
> </list>
> </property>
> </bean>
> </property>
> <property name="objectDefinitionSource">
> <value>
> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> PATTERN_TYPE_APACHE_ANT
> /pages/**=IS_AUTHENTICATED_FULLY
> /pages/company/**=/permissions/permission1
> /**/admin/**=ROLE_ADMINISTRATOR
> /**/secure/**=ROLE_USER
> </value>
> </property>
> <property name="observeOncePerRequest" value="false"/>
> </bean>
>
> <bean id="passwordEncoder"
>
> class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
>
> </beans>
>
>
>
>
>
> I also had to ensure this was my web.xml mapping:
>
> <filter>
> <filter-name>Acegi Filter Chain Proxy</filter-name>
>
> <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
> <init-param>
> <!--<param-name>targetClass</param-name>
> <param-value>acegiFilterChainProxy</param-value>-->
> <param-name>targetBean</param-name>
> <param-value>acegiFilterChainProxy</param-value>
> </init-param>
> </filter>
>
>
>
Re: myfaces and acegi problem
Posted by Brad Smith <bg...@bendcable.com>.
Thanks Cristi -
I have looked at this and may use it. However, I wanted to try to get
the example on myfaces wiki working if possible since the form access is
for development purposes and will be replaced by a Siteminder based
system in production. The Siteminder authentication provided in Acegi
will fall back to a form under certain circumstances.
Brad
On Fri, 2007-02-23 at 08:49 +0200, Cristi Toth wrote:
> Hi to you all!
>
> You might wanna check this out, it's very simple and effective!
> http://www.javakaffee.de/blog/2006/07/04/jsfacegi-authentication-with-a-backing-bean/
>
>
Re: myfaces and acegi problem
Posted by Cristi Toth <cr...@gmail.com>.
Hi to you all!
You might wanna check this out, it's very simple and effective!
http://www.javakaffee.de/blog/2006/07/04/jsfacegi-authentication-with-a-backing-bean/
On 2/22/07, Mick Knutson <mi...@gmail.com> wrote:
>
> I created my own logon.xhtml (facelets) and used this as my acegi context:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
> " http://www.springframework.org/dtd/spring-beans-2.0.dtd">
>
> <beans>
>
> <bean id="acegiFilterChainProxy" class="
> org.acegisecurity.util.FilterChainProxy">
> <property name="filterInvocationDefinitionSource">
> <value>
> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> PATTERN_TYPE_APACHE_ANT
>
> /**=httpSessionContextIntegrationFilter,securityRequestFilter,exceptionTranslationFilter,filterSecurityInterceptor
> </value>
> </property>
> </bean>
>
> <bean id="authenticationController"
> class="com.baselogic.tro.security.AuthenticationController"
> scope="session">
> <property name="authenticationManager">
> <ref bean="authenticationManager"/>
> </property>
> </bean>
>
> <bean id="authenticationManager"
> class="org.acegisecurity.providers.ProviderManager ">
> <property name="providers">
> <list>
> <ref local="daoAuthenticationProvider"/>
> </list>
> </property>
> </bean>
>
>
> <bean id="daoAuthenticationProvider" class="
> org.acegisecurity.providers.dao.DaoAuthenticationProvider">
> <property name="userDetailsService" ref="jdbcDaoImpl"/>
> </bean>
>
> <!-- specify the JDBC DAO Impl, note the reference to "dataSource" -->
> <bean id="jdbcDaoImpl" class="
> org.acegisecurity.userdetails.jdbc.JdbcDaoImpl ">
> <property name="dataSource">
> <ref bean="dataSource"/>
> </property>
> <property name="usersByUsernameQuery">
> <value>
> SELECT username,password,account_enabled FROM user WHERE
> username = ?
> </value>
> </property>
> <property name="authoritiesByUsernameQuery">
> <value>
> select u.username, r.role_name
> from user u, role r, user_role ur
> where u.username=?
> and u.username = ur.username
> and ur.role_name = r.role_name
> </value>
> </property>
> </bean>
>
>
> <!--<bean id="authenticationProcessingFilter" class="
> org.acegisecurity.ui.webapp.AuthenticationProcessingFilter ">
> <property name="filterProcessesUrl">
> <value>/j_acegi_security_check.jsp</value>
> </property>
> <property name="authenticationFailureUrl">
> <value>/views/common/logon.jsf?login_error=1</value>
> </property>
> <property name="defaultTargetUrl">
> <value>/views/secure/index.jsf</value>
> </property>
> <property name="authenticationManager">
> <ref bean="authenticationManager"/>
> </property>
> </bean>-->
>
> <bean id="httpSessionContextIntegrationFilter"
> class="
> org.acegisecurity.context.HttpSessionContextIntegrationFilter">
> <property name="context">
> <value>org.acegisecurity.context.SecurityContextImpl</value>
> </property>
> </bean>
>
> <bean id="securityRequestFilter" class="
> org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter "/>
>
> <bean id="exceptionTranslationFilter" class="
> org.acegisecurity.ui.ExceptionTranslationFilter">
> <property name="authenticationEntryPoint">
> <bean class="
> org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
> <property name="loginFormUrl">
> <value>/views/common/logon.jsf</value>
> </property>
> <property name="forceHttps">
> <value>false</value>
> </property>
> </bean>
> </property>
> <property name="accessDeniedHandler">
> <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
> <property name="errorPage">
> <value>/views/common/error.jsf</value>
> </property>
> </bean>
> </property>
> </bean>
>
> <!-- Required (mk) -->
> <bean id="filterSecurityInterceptor" class="
> org.acegisecurity.intercept.web.FilterSecurityInterceptor">
> <property name="authenticationManager">
> <ref bean="authenticationManager"/>
> </property>
> <property name="accessDecisionManager">
> <!--
> The AffirmativeBased voter allows access if at least one voter
> votes
> to grant access. Use the UnanimousBased voter if you only want
> to
> grant access if no voter votes to deny access. -->
> <bean class="org.acegisecurity.vote.AffirmativeBased">
> <property name="decisionVoters">
> <list>
> <bean class="org.acegisecurity.vote.RoleVoter">
> <!-- Reset the role prefix to "", default is
> ROLE_ -->
> <property name="rolePrefix">
> <value></value>
> </property>
> </bean>
> <!--
> The authenticated voter grant access if e.g.
> IS_AUTHENTICATED_FULLY is an attribute -->
> <bean class="
> org.acegisecurity.vote.AuthenticatedVoter"/>
> </list>
> </property>
> </bean>
> </property>
> <property name="objectDefinitionSource">
> <value>
> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> PATTERN_TYPE_APACHE_ANT
> /pages/**=IS_AUTHENTICATED_FULLY
> /pages/company/**=/permissions/permission1
> /**/admin/**=ROLE_ADMINISTRATOR
> /**/secure/**=ROLE_USER
> </value>
> </property>
> <property name="observeOncePerRequest" value="false"/>
> </bean>
>
> <bean id="passwordEncoder"
> class="org.acegisecurity.providers.encoding.Md5PasswordEncoder
> "/>
>
> </beans>
>
>
>
>
>
> I also had to ensure this was my web.xml mapping:
>
> <filter>
> <filter-name>Acegi Filter Chain Proxy</filter-name>
> <filter-class>org.acegisecurity.util.FilterToBeanProxy
> </filter-class>
> <init-param>
> <!--<param-name>targetClass</param-name>
> <param-value>acegiFilterChainProxy</param-value>-->
> <param-name>targetBean</param-name>
> <param-value>acegiFilterChainProxy</param-value>
> </init-param>
> </filter>
>
>
>
>
> On 2/22/07, Brad Smith <bgsmith@bendcable.com > wrote:
> >
> > Hello -
> >
> > I have been trying to integrate acegi security (w/ Spring) and JSF as
> > described on the myfaces wiki page:
> >
> > http://wiki.apache.org/myfaces/JSF_and_Acegi
> >
> > The error I get is from tomcat is: "The requested resource
> > (/pmmWeb/j_acegi_security_check.html) is not available." where pmmWeb is
> > the web application context.
> >
> > I do have /j_acegi_security_check.jsp in the faces-config.xml file and
> > in the application context file for acegi.
> >
> > This application uses facelets as well.
> >
> > Has anyone used the process described on the wiki page successfully with
> > facelets?
> >
> > Thanks,
> >
> > Brad Smith
> >
> >
> >
>
>
> --
> ---
> Thanks,
> Mick Knutson
>
> http://www.baselogic.com
> http://www.blincmagazine.com
> http://www.djmick.com
> http://www.myspace.com/djmick_dot_com
> http://www.thumpradio.com
> ---
Re: myfaces and acegi problem
Posted by Mick Knutson <mi...@gmail.com>.
I created my own logon.xhtml (facelets) and used this as my acegi context:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans-2.0.dtd">
<beans>
<bean id="acegiFilterChainProxy" class="
org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,securityRequestFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<bean id="authenticationController"
class="com.baselogic.tro.security.AuthenticationController"
scope="session">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
</bean>
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="
org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="jdbcDaoImpl"/>
</bean>
<!-- specify the JDBC DAO Impl, note the reference to "dataSource" -->
<bean id="jdbcDaoImpl" class="
org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource"/>
</property>
<property name="usersByUsernameQuery">
<value>
SELECT username,password,account_enabled FROM user WHERE
username = ?
</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>
select u.username, r.role_name
from user u, role r, user_role ur
where u.username=?
and u.username = ur.username
and ur.role_name = r.role_name
</value>
</property>
</bean>
<!--<bean id="authenticationProcessingFilter" class="
org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="filterProcessesUrl">
<value>/j_acegi_security_check.jsp</value>
</property>
<property name="authenticationFailureUrl">
<value>/views/common/logon.jsf?login_error=1</value>
</property>
<property name="defaultTargetUrl">
<value>/views/secure/index.jsf</value>
</property>
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
</bean>-->
<bean id="httpSessionContextIntegrationFilter"
class="
org.acegisecurity.context.HttpSessionContextIntegrationFilter">
<property name="context">
<value>org.acegisecurity.context.SecurityContextImpl</value>
</property>
</bean>
<bean id="securityRequestFilter" class="
org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
<bean id="exceptionTranslationFilter" class="
org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="
org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/views/common/logon.jsf</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage">
<value>/views/common/error.jsf</value>
</property>
</bean>
</property>
</bean>
<!-- Required (mk) -->
<bean id="filterSecurityInterceptor" class="
org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<!--
The AffirmativeBased voter allows access if at least one voter
votes
to grant access. Use the UnanimousBased voter if you only want
to
grant access if no voter votes to deny access. -->
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter">
<!-- Reset the role prefix to "", default is
ROLE_ -->
<property name="rolePrefix">
<value></value>
</property>
</bean>
<!--
The authenticated voter grant access if e.g.
IS_AUTHENTICATED_FULLY is an attribute -->
<bean class="
org.acegisecurity.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/pages/**=IS_AUTHENTICATED_FULLY
/pages/company/**=/permissions/permission1
/**/admin/**=ROLE_ADMINISTRATOR
/**/secure/**=ROLE_USER
</value>
</property>
<property name="observeOncePerRequest" value="false"/>
</bean>
<bean id="passwordEncoder"
class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
</beans>
I also had to ensure this was my web.xml mapping:
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy
</filter-class>
<init-param>
<!--<param-name>targetClass</param-name>
<param-value>acegiFilterChainProxy</param-value>-->
<param-name>targetBean</param-name>
<param-value>acegiFilterChainProxy</param-value>
</init-param>
</filter>
On 2/22/07, Brad Smith <bg...@bendcable.com> wrote:
>
> Hello -
>
> I have been trying to integrate acegi security (w/ Spring) and JSF as
> described on the myfaces wiki page:
>
> http://wiki.apache.org/myfaces/JSF_and_Acegi
>
> The error I get is from tomcat is: "The requested resource
> (/pmmWeb/j_acegi_security_check.html) is not available." where pmmWeb is
> the web application context.
>
> I do have /j_acegi_security_check.jsp in the faces-config.xml file and
> in the application context file for acegi.
>
> This application uses facelets as well.
>
> Has anyone used the process described on the wiki page successfully with
> facelets?
>
> Thanks,
>
> Brad Smith
>
>
>
--
---
Thanks,
Mick Knutson
http://www.baselogic.com
http://www.blincmagazine.com
http://www.djmick.com
http://www.myspace.com/djmick_dot_com
http://www.thumpradio.com
---