Home/ Questions/Q 9103821
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T01:43:18+00:00

Possible Duplicate: Spring Security Authentication is not working as expected in my configuration I

  • 0

Possible Duplicate:
Spring Security Authentication is not working as expected in my configuration

I tried integrating JSF and spring security i spent almost a day but there is no result

Developed an application using JSF,Spring MVC and Primfaces. I am almost done with my requirements, at the end i planned to integrate the spring security but i could n’t and i did enough search on net. I feel it may be bug in related framework.

If anyone of you came across the same please post the solution. I post my approach over here

Step 1:
Created Login.jsp(to have customized login page)
Step 2:
Added below code in my web.xml

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>

Step 3:

Created Springsecurity.xml

<sec:global-method-security
    secured-annotations="enabled" />
<sec:http auto-config="true" use-expressions="true"
    once-per-request="false">
    <sec:intercept-url pattern="pages/secured/**"
        access="ROLE_USER" />
    <sec:form-login login-page="/login.jsp"
        default-target-url="/pages/secured/products.xhtml"
        authentication-failure-url="/login.html?login_error=1" />
    <sec:logout logout-url="/logout" logout-success-url="/login.jsp" />
</sec:http>

<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider>
        <sec:user-service>
            <sec:user name="vijay" authorities="ROLE_USER" password="vijay"/>
        </sec:user-service>
    </sec:authentication-provider>
</sec:authentication-manager>

Executed the application and got the login.jsp as first page since i defind in web.xml. On login authentication its forwarding to the Products.xhtml but i could even access the rest of pages which all are comes under the secured folder with out logging in.

Please suggest a better approach or other alternatives.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    For your access attribute have your tried. Your first slash was missing in the pattern.

    <sec:intercept-url pattern="/pages/secured/**"
    access="hasRole('ROLE_USER')" />
    • 0