For the past days I’ve been trying like crazy to create a custom login page using spring security, but I did not find a working example nor figured it out by myself how to validate the form using spring, and believe me, I tried eveything, every example related I could possibly found on google.
The form loads ok, everythins is in place, all I need is to get Spring Security to authenticate the credentials against a database when I click the “Login” button.
Let me explain by breaking it into parts.
So, I have a login form:
<h:form>
<p:panelGrid columns="2">
<p:outputLabel for="j_username" value="Usuário:"/>
<p:inputText id="j_username"
title="Preencha com o seu usuário (login)."
required="true"
requiredMessage="O campo usuário é obrigatório."
value="#{loginBean.usuario}"/>
<p:outputLabel for="j_password" value="Senha:"/>
<p:password id="j_password"
title="Preencha com a sua senha."
required="true"
requiredMessage="O campo senha é obrigatório."
value="#{loginBean.senha}"/>
<p:inputText type="hidden"/>
<p:panelGrid columns="2" styleClass="customPanelgridTable">
<p:outputLabel for="_spring_security_remember_me" value="Lembrar senha? "/>
<p:selectBooleanCheckbox id="_spring_security_remember_me"
value="#{loginBean.lembrar_me}"/>
</p:panelGrid>
<f:facet name="footer">
<p:commandButton value="Entrar"
actionListener="#{loginBean.doLogin}"/>
</f:facet>
</p:panelGrid>
</h:form>
And I need the method “doLogin” to validate the credentials using Spring Security.
My LoginBean:
@Named
@SessionScoped
public class LoginBean implements Serializable {
private static final long serialVersionUID = 1L;
private String usuario, senha;
private boolean lembrar_me = false;
public String getUsuario() {
return usuario;
}
public void setUsuario(String usuario) {
this.usuario = usuario;
}
public String getSenha() {
return senha;
}
public void setSenha(String senha) {
this.senha = senha;
}
public boolean isLembrar_me() {
return lembrar_me;
}
public void setLembrar_me(boolean lembrar_me) {
this.lembrar_me = lembrar_me;
}
public void doLogin() {
//Spring validation...
}
}
How can I do that?
applicationContext.xml
<http security="none" pattern="/javax.faces.resource/**" />
<http security="none" pattern="/static/**"/>
<http auto-config="true" use-expressions="true"
access-denied-page="/public/login.xhtml">
<intercept-url pattern="/public/**" access="permitAll"/>
<intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')"/>
<intercept-url pattern="/login.xhtml" access="permitAll"/>
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<form-login login-page="/public/login.xhtml"
authentication-failure-url="/public/login.xhtml?erro=true"
default-target-url="/secure/secure.xhtml"/>
</http>
<beans:bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
<beans:property name="url" value="jdbc:mysql://localhost:3306/gde" />
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver" />
<beans:property name="username" value="root" />
<beans:property name="password" value="" />
</beans:bean>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="teste" password="teste" authorities="ROLE_USER"/>
</user-service>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT USUARIO as username, ISATIVO as enabled FROM usuario WHERE USUARIO=?"
authorities-by-username-query="SELECT USUARIO as username, AUTORIZACOES as authority FROM usuario_tipo_usuario WHERE USUARIO=?"
/>
</authentication-provider>
</authentication-manager>
Any help is much appreciated, I’m stuck with this for days!!!
Since you want the nifty ajax features of primefaces, you can not use the UsernamePasswordAuthenticationFilter provided by spring security. Try invoking the AuthenticationManager directly, then (The Authentication Manager and the Namespace explains how you can obtain a reference to it).