Two problems:
Problem 1:
I’ve got the following in my applicaitonContext-security.xml file:
<security:http auto-config="true" access-denied-page="/denied.jsf" servlet-api-provision="false">
<security:intercept-url pattern="/denied.jsf" filters="none" />
<security:intercept-url pattern="/login.jsf" filters="none" />
<security:intercept-url pattern="/redirect.html" filters="none" />
<security:intercept-url pattern="/images/**" filters="none" />
<security:intercept-url pattern="/a4j_resource/**" filters="none" />
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<security:form-login login-page="/login.jsf" authentication-failure-url="/login.jsf" default-target-url="/redirect.html" />
<security:logout />
</security:http>
but when I go to http://localhost:8080/summary/projects.jsf I don’t get redirected to the login.jsf page. Any ideas.
Problem 2:
In the projects.xhtml page I have
<rich:comboBox value="#{projectUiService.coordinatorSelected}" directInputSuggestions="true" defaultLabel="Enter Co-ordinator" >
On the getCoordinatorSelected method I have @RolesAllowed("READ_PROJECT") but all I get is the error:
AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
How do I get Spring to redirect to the logon page when a user is not logged in, and how do I get it to redirect to the denied.jsf page if the user does not have the correct rights?
I’ve looked around for the last 6 hrs and tried loads of logging, but can not find a solution. Any pointers would be appreciated.
Thanks
Solved!
@[Maksym Demidas] was correct. Inherited an application which used a combination of Spring 2.5 and 3. Sorted out all dependencies to Spring 3 and updated security xml file as:
Now all works fine.