Home/ Questions/Q 7645805
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T10:02:19+00:00

I’m just getting started with Spring Security 3.1 and I haven’t found a way

  • 0

I’m just getting started with Spring Security 3.1 and I haven’t found a way to implment it on top of a JSF 2.1 web app. I currently have:

A web.xml with:

    <context-param>
    <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext-business.xml
                     /WEB-INF/applicationContext-security.xml
       </param-value>


<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

   <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

And my applicationContext-security.xml:

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
                http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                http://www.springframework.org/schema/security 
                http://www.springframework.org/schema/security/spring-security-3.1.xsd">



<http pattern="/resources/**" security="none" />

<http use-expressions="true">
<intercept-url pattern="/administracion/departamentos/**" access="recursoshumanos" />
<intercept-url pattern="/administracion/derechos/**" access="recursoshumanos" />
<intercept-url pattern="/administracion/diasfestivos/**" access="recursoshumanos" />
<intercept-url pattern="/administracion/dias/**" access="recursoshumanos" />
<intercept-url pattern="/administracion/solicitudes/**" access="recursoshumanos" />
<intercept-url pattern="/administracion/empleados/**" access="recursoshumanos" />

</http>


<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="rod" password="koala" authorities="recursoshumanos" />
            <user name="dianne" password="emu" authorities="jefe" />
            <user name="scott" password="wombat" authorities="jefe" />
        </user-service>
    </authentication-provider>
</authentication-manager>

I’m guessing this example would work with a regular .jsp but I’m probably missing additional steps to make it work with JSF, unfortunately, I haven’t been able to find a fully working example so far. What do i need to do? Thanks!

Edit: The problem is that i can still navigate freely to the secured areas of the application without needing to log in.

Edit: BTW, I just noticed that a filter to the root of the web app does indeed trigger the authentication mechanism. It still fails everywhere else though.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Authorities should start with

    ROLE_

    Have a look here Spring Security FAQ and SO

    • 0