Home/ Questions/Q 8095997
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T21:19:06+00:00

I use Spring Security 3 and JSF2 Primefaces. Then, I create a index.xhtml for

  • 0

I use Spring Security 3 and JSF2 Primefaces. Then, I create a index.xhtml for welcome page and login.xhtml for login page

When I access the root web site, it redirect me to login.xhtml page. Why not?

How to set the welcome page to index.xhtml

This is web.xml

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
</filter-mapping>
<welcome-file-list>
    <welcome-file>index.xhtml</welcome-file>
</welcome-file-list>

This is spring-security.xml

<global-method-security secured-annotations="enabled"
    jsr250-annotations="enabled" />

<!-- Resource Security -->
<http access-denied-page="/accessDenied.jsp">
    <intercept-url pattern="/pages/**" access="ROLE_ADMIN" />


    <form-login login-page="/login.jsf" default-target-url="/pages/index.jsf" />


    <logout logout-success-url="/login.jsf" invalidate-session="true" />
    <session-management invalid-session-url="/login.jsf">
        <concurrency-control max-sessions="10"
            error-if-maximum-exceeded="true" />
    </session-management>
</http>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    For a basic application with JSF, Spring and Spring-Security, you need to configure your web.xml as follows:

    <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       
         xmlns="http://java.sun.com/xml/ns/javaee" 
         xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID"  
         version="3.0">

<welcome-file-list>
  <welcome-file>pages/index.jsf</welcome-file>
</welcome-file-list>
<servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>/WEB-INF/applicationContext*.xml</param-value>
</context-param>
<listener>
  <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
  <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

    and also configure faces-config.xml as follows:

    <?xml version="1.0" encoding="UTF-8"?>
<faces-config
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd"
    version="2.0">

     <application>
       <el-resolver>org.springframework.web.jsf.el.SpringBeanFacesELResolver</el-resolver>
     </application>

 </faces-config>

    and your applicationContext-security.xml as follows:

    <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
      xmlns:beans="http://www.springframework.org/schema/beans"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd">

  <global-method-security secured-annotations="enabled"
jsr250-annotations="enabled" />     
  <http auto-config="true" >
     <intercept-url pattern="/login.jsf*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
     <intercept-url pattern="/pages/*" access="ROLE_USER,ROLE_ADMIN" />
     <intercept-url pattern="/pages/super/**" access="ROLE_ADMIN" />
     <access-denied-handler error-page="/accessDenied.jsf" />
     <form-login login-page='/login.jsf' default-target-url='/pages/index.jsf'
    always-use-default-target='true'/>
     <logout logout-success-url="/" logout-url="/j_spring_security_logout" invalidate-session="true" />
     <session-management invalid-session-url="/login.jsf">
        <concurrency-control max-sessions="10"
        error-if-maximum-exceeded="true" />
     </session-management>
 </http>
  <authentication-manager>
    <authentication-provider>
      <user-service>
        <user name="ravi" password="password" authorities="ROLE_USER, ROLE_ADMIN" />
      </user-service>
    </authentication-provider>
  </authentication-manager>
</beans:beans>

    Finally, if you have any spring beans, your applicationContext.xml for annotation based configuration will be:

    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:context="http://www.springframework.org/schema/context"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
     http://www.springframework.org/schema/beans/spring-beans.xsd
     http://www.springframework.org/schema/context
     http://www.springframework.org/schema/context/spring-context.xsd">

   <context:annotation-config/>
   <context:component-scan base-package="com.examples" />

 </beans>

    and annotate your beans like this:

    @Component 
@Scope("request")

    So with all these in place along with your pages there should be no problem.

    • 0