Home/ Questions/Q 7056987
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T03:55:57+00:00

I’m trying implement a custom login page to use in my JSF 2.0 application.

  • 0

I’m trying implement a custom login page to use in my JSF 2.0 application. I’m using spring security 3.0.5 and after user logins, the page isn’t redirect correctly. Instead of going to the page requested (localhost:8080/erp-web), it is going to this:

http://localhost:8080/erp-web/javax.faces.resource/forms/forms.js.xhtml?ln=primefaces&v=2.2.1

This is my jsf page:

<h:form prependId="false">
    <h:panelGroup layout="block" class="hrgi-dialog-content hrgi-div-form clearfix">
        <p:focus/>            
        <h:outputLabel for="j_username"/>
        <p:inputText id="j_username" value="#{loginBean.usuario}" required="true"/>
        <h:outputLabel for="j_password"/>
        <h:inputSecret id="j_password" value="#{loginBean.senha}" required="true"/>
        <h:commandButton id="submit" type="submit" value="OK" action="#{loginBean.submit}"/>
    </h:panelGroup>
</h:form>

This is the bean used:

public class LoginBean {

    private String usuario;
    private String senha;

    public String submit() throws IOException, ServletException {
        ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
        RequestDispatcher dispatcher = ((ServletRequest) context.getRequest()).getRequestDispatcher("/j_spring_security_check");
        dispatcher.forward((ServletRequest) context.getRequest(), (ServletResponse) context.getResponse());
        FacesContext.getCurrentInstance().responseComplete();
        return null;
    }

/*getters and setters here*/

}

Finally this is my spring security config file:

<http auto-config="true">
    <intercept-url pattern="/login.xhtml*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/**" access="ROLE_CADASTRADOR,ROLE_ADMINISTRADOR,ROLE_VENDEDOR,ROLE_BANCO"/>
    <form-login login-page="/login.xhtml"/>
    <session-management>
        <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
    </session-management>
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider ref="daoAuthenticationProvider"/>
</authentication-manager>

<bean:bean id="daoAuthenticationProvider"
           class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"
           scope="singleton">
    <bean:property name="userDetailsService" ref="detalhadorDeUsuarios"/>
    <bean:property name="passwordEncoder" ref="passwordEncoder"/>
</bean:bean>

<bean:bean id="detalhadorDeUsuarios" class="com.hrgi.web.seguranca.DetalhadorDeUsuarios"
           scope="singleton">
    <bean:property name="recuperador" ref="funcionarioDao"/>
</bean:bean>

<bean:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"
           scope="singleton">
    <bean:constructor-arg name="strength" value="256"/>
</bean:bean>

<bean:bean id="loginBean" class="com.hrgi.web.seguranca.LoginBean" scope="request"/>


<bean:bean id="loggerListener"
      class="org.springframework.security.authentication.event.LoggerListener" />

Here is what I receive as response:
after login app is redirecting to wrong place

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should add js/css resource to unrestricted, something like

    <intercept-url pattern="/**/*.css*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**/*.js*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

    The problem is spring security intercepts your request for js file required by login page and enforces authentication. When it’s done it redirects to the most recent restricted URL, javascript in your case.

    • 0