Hibernate + Spring security + JSF. Problème d'authentification

**haile** · 02/04/2010, 13h43

Bonjour,
Dans le cadre d'un projet, j'utilise Spring security avec Hibernate et JSF (richfaces).
Donc pour pouvoir utiliser spring avec Hibernate, j'ai implémenté la classe UserDetailsService avec la méthode loadByUsername que voici :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
 
	public UserDetails loadUserByUsername(String username)
			throws UsernameNotFoundException, DataAccessException {
		LOG.debug("LoadByUsername : " + username);
		Utilisateur utilisateur = new Utilisateur();
		utilisateur.setUsername(username);
		List results = utilisateurDao.rechercherEq(utilisateur);
 
		if (results.size() < 1) {
			throw new UsernameNotFoundException(username + "not found");
		}
		return (UserDetails) results.get(0);
 
	}

Utilisateur implémente UserDetails.
J'ai donc ensuite injecté cette classe dans la conf spring (je le mets en entier, à toute fin utile) :

applicationContext-security.xml :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
 
 
	<global-method-security pre-post-annotations="enabled" />
 
	<http auto-config="true" use-expressions="true"
		access-denied-page="/index.jsp">
 
		<intercept-url pattern="/login.jsf" access="isAnonymous()"
			requires-channel="http" />
		<intercept-url pattern="/index.jsp" access="isAnonymous()"
			requires-channel="http" />
 
		<intercept-url pattern="/pages/administration/**" access="hasRole('ROLE_ADMIN')"
			requires-channel="http" />
		<intercept-url pattern="/pages/**" access="isAuthenticated()"
			requires-channel="http" />
 
		<form-login login-page="/login.jsf" default-target-url="/" />
		<logout logout-success-url="/login.jsf" />
 
	</http>
 
	<authentication-manager>
		<authentication-provider user-service-ref='myUserDetailsService' />
	</authentication-manager>
 
	<beans:bean id="myUserDetailsService"
		class="fr.haile.application.service.metier.impl.UtilisateurServiceImpl">
	</beans:bean>
 
	<beans:bean id="filterChainProxy"
		class="org.springframework.security.web.FilterChainProxy">
		<filter-chain-map path-type="ant">
			<filter-chain pattern="/**" filters="authenticationFilter" />
		</filter-chain-map>
	</beans:bean>
 
	<!-- filter -->
	<beans:bean id="authenticationFilter"
		class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
		<beans:property name="authenticationManager" ref="authenticationManager" />
		<beans:property name="authenticationSuccessHandler"
			ref="authenticationSuccessHandler" />
		<beans:property name="authenticationFailureHandler"
			ref="authenticationFailureHandler" />
		<beans:property name="postOnly" value="true" />
 
	</beans:bean>
 
 
	<!-- manager -->
	<beans:bean id="authenticationManager"
		class="org.springframework.security.authentication.ProviderManager">
		<beans:property name="providers">
			<beans:list>
				<beans:ref local="daoAuthenticationProvider" />
			</beans:list>
		</beans:property>
	</beans:bean>
 
 
	<beans:bean id="authenticationSuccessHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
		<beans:constructor-arg value="/pages/index.jsf" />
	</beans:bean>
	<beans:bean id="authenticationFailureHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
		<beans:constructor-arg value="/index.jsp" />
	</beans:bean>
 
 
<!--	 dao -->
	<beans:bean id="daoAuthenticationProvider"
		class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
		<beans:property name="userDetailsService" ref="myUserDetailsService" />
	</beans:bean>
</beans:beans>

Et enfin, j'ai déclaré le filtre dans le web.xml :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
<?xml version="1.0" encoding="UTF-8"?>
 
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
                       http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
 
[...]
	<!-- Spring security -->
	<listener>
		<listener-class>
			org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
	</listener>
[...]
 
 
	<!-- ###################### Filter definition ###################### -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
[...]
 
	<!-- ###################### Filter mapping ###################### -->
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>FORWARD</dispatcher>
		<dispatcher>REQUEST</dispatcher>
	</filter-mapping>
[...]
</web-app>

Mon formulaire de connexion est le suivant :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
<h:form id="login"  action="#{facesContext.externalContext.requestContextPath}/j_spring_security_check" method="post">
	        <rich:simpleTogglePanel>
	            <f:facet name="header">
	                <h:outputText value="#{msg.identifiant}" />
	            </f:facet>
	            <h:panelGrid columns="3">
 
	                <h:outputText value="#{msg.login}" />
	                <h:inputText id="j_username" required="true">
	                </h:inputText><h:message for="j_username" style="color: red"/>
 
	                <h:outputText value="#{msg.motDePasse}" />
	                <h:inputSecret id="j_password" required="true">
	                </h:inputSecret><h:message for="j_password"  style="color: red"/>
 
	                <h:commandButton value="Login"/>
 
	            </h:panelGrid>
 
	        </rich:simpleTogglePanel>
</h:form>

Le problème, c'est que c'est tellement sécurisé que ça ne se connecte pas

J'arrive sur la page de connexion, j'entre les bons identifiants, j'essaie de me connecter, ça charge, et... je reste sur la page de login, pas moyen d'avoir accès aux autres.
Voici ce qu'affiche le logger :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - Converted URL to lowercase, from: '/login.jsf'; to: '/login.jsf'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - Candidate is: '/login.jsf'; pattern is /**; matched=true
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 1 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@5f7d3f'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Converted URL to lowercase, from: '/login.jsf'; to: '/login.jsf'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/login.jsf'; pattern is /login.jsf; matched=true
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.c.ChannelProcessing~      - Request: FilterInvocation: URL: /login.jsf; ConfigAttributes: [REQUIRES_INSECURE_CHANNEL]
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 2 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@eb840f'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@178feba. A new one will be created.
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 3 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@11ce2ad'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 4 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@16602cb'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 5 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4178d0'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 6 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@62be97'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@cee41f'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@190efc'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.AnonymousAuthentica~      - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 26A885C1C0EC952F9C34E6BA5DE86E3A; Granted Authorities: ROLE_ANONYMOUS'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 9 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@126fef6'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 10 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@12cfd62'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf at position 11 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@af4627'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Converted URL to lowercase, from: '/login.jsf'; to: '/login.jsf'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/login.jsf'; pattern is /login.jsf; matched=true
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.FilterSecurityInt~      - Secure object: FilterInvocation: URL: /login.jsf; Attributes: [isAnonymous()]
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.FilterSecurityInt~      - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 26A885C1C0EC952F9C34E6BA5DE86E3A; Granted Authorities: ROLE_ANONYMOUS
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.a.v.AffirmativeBased          - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@140243b, returned: 1
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.FilterSecurityInt~      - Authorization successful
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.FilterSecurityInt~      - RunAsManager did not change Authentication object
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy            - /login.jsf reached end of additional filter chain; proceeding with original chain
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.ExceptionTranslatio~      - Chain processed normally
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - SecurityContext contents are anonymous - context will not be stored in HttpSession. 
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.c.SecurityContextPers~      - SecurityContextHolder now cleared, as request processing completed
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - Candidate is: '/css/style.css'; pattern is /**; matched=true
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 1 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@5f7d3f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /login.jsf; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /index.jsp; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /pages/administration/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /pages/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 2 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@eb840f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@178feba. A new one will be created.
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 3 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@11ce2ad'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 4 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@16602cb'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 5 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4178d0'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 6 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@62be97'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@cee41f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@190efc'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.AnonymousAuthentica~      - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 26A885C1C0EC952F9C34E6BA5DE86E3A; Granted Authorities: ROLE_ANONYMOUS'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 9 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@126fef6'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 10 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@12cfd62'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 11 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@af4627'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /login.jsf; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /index.jsp; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /pages/administration/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /pages/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.FilterSecurityInt~      - Public object - authentication not attempted
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css reached end of additional filter chain; proceeding with original chain
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - SecurityContext contents are anonymous - context will not be stored in HttpSession. 
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.ExceptionTranslatio~      - Chain processed normally
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.SecurityContextPers~      - SecurityContextHolder now cleared, as request processing completed
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - Candidate is: '/css/style.css'; pattern is /**; matched=true
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 1 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@5f7d3f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /login.jsf; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /index.jsp; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /pages/administration/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~      - Candidate is: '/css/style.css'; pattern is /pages/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 2 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@eb840f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@178feba. A new one will be created.
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 3 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@11ce2ad'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 4 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@16602cb'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 5 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4178d0'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 6 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@62be97'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@cee41f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@190efc'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.AnonymousAuthentica~      - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 26A885C1C0EC952F9C34E6BA5DE86E3A; Granted Authorities: ROLE_ANONYMOUS'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 9 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@126fef6'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 10 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@12cfd62'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css at position 11 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@af4627'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /login.jsf; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /index.jsp; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /pages/administration/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~      - Candidate is: '/css/style.css'; pattern is /pages/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.FilterSecurityInt~      - Public object - authentication not attempted
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy            - /css/style.css reached end of additional filter chain; proceeding with original chain
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~      - SecurityContext contents are anonymous - context will not be stored in HttpSession. 
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.ExceptionTranslatio~      - Chain processed normally
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.SecurityContextPers~      - SecurityContextHolder now cleared, as request processing completed

J'ai sûrement manqué quelque chose dans la conf (ou autre part), mais je ne vois pas quoi. Si un quelqu'un de plus expérimenté que moi pouvait m'apporter un peu d'aide, ça serait sympa

Merci.

Hibernate + Spring security + JSF. Problème d'authentification

Spring Java

Mode arborescent

Discussions similaires

Partager

Partager