Hibernate + Spring security + JSF. Problème d'authentification
Bonjour,
Dans le cadre d'un projet, j'utilise Spring security avec Hibernate et JSF (richfaces).
Donc pour pouvoir utiliser spring avec Hibernate, j'ai implémenté la classe UserDetailsService avec la méthode loadByUsername que voici :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
LOG.debug("LoadByUsername : " + username);
Utilisateur utilisateur = new Utilisateur();
utilisateur.setUsername(username);
List results = utilisateurDao.rechercherEq(utilisateur);
if (results.size() < 1) {
throw new UsernameNotFoundException(username + "not found");
}
return (UserDetails) results.get(0);
} |
Utilisateur implémente UserDetails.
J'ai donc ensuite injecté cette classe dans la conf spring (je le mets en entier, à toute fin utile) :
applicationContext-security.xml :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security pre-post-annotations="enabled" />
<http auto-config="true" use-expressions="true"
access-denied-page="/index.jsp">
<intercept-url pattern="/login.jsf" access="isAnonymous()"
requires-channel="http" />
<intercept-url pattern="/index.jsp" access="isAnonymous()"
requires-channel="http" />
<intercept-url pattern="/pages/administration/**" access="hasRole('ROLE_ADMIN')"
requires-channel="http" />
<intercept-url pattern="/pages/**" access="isAuthenticated()"
requires-channel="http" />
<form-login login-page="/login.jsf" default-target-url="/" />
<logout logout-success-url="/login.jsf" />
</http>
<authentication-manager>
<authentication-provider user-service-ref='myUserDetailsService' />
</authentication-manager>
<beans:bean id="myUserDetailsService"
class="fr.haile.application.service.metier.impl.UtilisateurServiceImpl">
</beans:bean>
<beans:bean id="filterChainProxy"
class="org.springframework.security.web.FilterChainProxy">
<filter-chain-map path-type="ant">
<filter-chain pattern="/**" filters="authenticationFilter" />
</filter-chain-map>
</beans:bean>
<!-- filter -->
<beans:bean id="authenticationFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationSuccessHandler"
ref="authenticationSuccessHandler" />
<beans:property name="authenticationFailureHandler"
ref="authenticationFailureHandler" />
<beans:property name="postOnly" value="true" />
</beans:bean>
<!-- manager -->
<beans:bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="daoAuthenticationProvider" />
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="authenticationSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:constructor-arg value="/pages/index.jsf" />
</beans:bean>
<beans:bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:constructor-arg value="/index.jsp" />
</beans:bean>
<!-- dao -->
<beans:bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="myUserDetailsService" />
</beans:bean>
</beans:beans> |
Et enfin, j'ai déclaré le filtre dans le web.xml :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
[...]
<!-- Spring security -->
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
[...]
<!-- ###################### Filter definition ###################### -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
[...]
<!-- ###################### Filter mapping ###################### -->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
[...]
</web-app> |
Mon formulaire de connexion est le suivant :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
<h:form id="login" action="#{facesContext.externalContext.requestContextPath}/j_spring_security_check" method="post">
<rich:simpleTogglePanel>
<f:facet name="header">
<h:outputText value="#{msg.identifiant}" />
</f:facet>
<h:panelGrid columns="3">
<h:outputText value="#{msg.login}" />
<h:inputText id="j_username" required="true">
</h:inputText><h:message for="j_username" style="color: red"/>
<h:outputText value="#{msg.motDePasse}" />
<h:inputSecret id="j_password" required="true">
</h:inputSecret><h:message for="j_password" style="color: red"/>
<h:commandButton value="Login"/>
</h:panelGrid>
</rich:simpleTogglePanel>
</h:form> |
Le problème, c'est que c'est tellement sécurisé que ça ne se connecte pas :mrgreen: J'arrive sur la page de connexion, j'entre les bons identifiants, j'essaie de me connecter, ça charge, et... je reste sur la page de login, pas moyen d'avoir accès aux autres.
Voici ce qu'affiche le logger :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - Converted URL to lowercase, from: '/login.jsf'; to: '/login.jsf'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - Candidate is: '/login.jsf'; pattern is /**; matched=true
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - /login.jsf at position 1 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@5f7d3f'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~ - Converted URL to lowercase, from: '/login.jsf'; to: '/login.jsf'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~ - Candidate is: '/login.jsf'; pattern is /login.jsf; matched=true
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.c.ChannelProcessing~ - Request: FilterInvocation: URL: /login.jsf; ConfigAttributes: [REQUIRES_INSECURE_CHANNEL]
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - /login.jsf at position 2 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@eb840f'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.c.HttpSessionSecurity~ - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.c.HttpSessionSecurity~ - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@178feba. A new one will be created.
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - /login.jsf at position 3 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@11ce2ad'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - /login.jsf at position 4 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@16602cb'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - /login.jsf at position 5 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4178d0'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - /login.jsf at position 6 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@62be97'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - /login.jsf at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@cee41f'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - /login.jsf at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@190efc'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.AnonymousAuthentica~ - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 26A885C1C0EC952F9C34E6BA5DE86E3A; Granted Authorities: ROLE_ANONYMOUS'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - /login.jsf at position 9 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@126fef6'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - /login.jsf at position 10 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@12cfd62'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - /login.jsf at position 11 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@af4627'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~ - Converted URL to lowercase, from: '/login.jsf'; to: '/login.jsf'
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~ - Candidate is: '/login.jsf'; pattern is /login.jsf; matched=true
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.FilterSecurityInt~ - Secure object: FilterInvocation: URL: /login.jsf; Attributes: [isAnonymous()]
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.FilterSecurityInt~ - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 26A885C1C0EC952F9C34E6BA5DE86E3A; Granted Authorities: ROLE_ANONYMOUS
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.a.v.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@140243b, returned: 1
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.FilterSecurityInt~ - Authorization successful
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.i.FilterSecurityInt~ - RunAsManager did not change Authentication object
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.FilterChainProxy - /login.jsf reached end of additional filter chain; proceeding with original chain
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.a.ExceptionTranslatio~ - Chain processed normally
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.c.HttpSessionSecurity~ - SecurityContext contents are anonymous - context will not be stored in HttpSession.
[Application] 2010-04-02 13:41:25 DEBUG - o.s.s.w.c.SecurityContextPers~ - SecurityContextHolder now cleared, as request processing completed
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - Candidate is: '/css/style.css'; pattern is /**; matched=true
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 1 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@5f7d3f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~ - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~ - Candidate is: '/css/style.css'; pattern is /login.jsf; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~ - Candidate is: '/css/style.css'; pattern is /index.jsp; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~ - Candidate is: '/css/style.css'; pattern is /pages/administration/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~ - Candidate is: '/css/style.css'; pattern is /pages/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 2 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@eb840f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~ - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~ - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@178feba. A new one will be created.
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 3 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@11ce2ad'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 4 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@16602cb'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 5 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4178d0'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 6 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@62be97'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@cee41f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@190efc'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.AnonymousAuthentica~ - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 26A885C1C0EC952F9C34E6BA5DE86E3A; Granted Authorities: ROLE_ANONYMOUS'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 9 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@126fef6'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 10 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@12cfd62'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 11 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@af4627'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~ - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~ - Candidate is: '/css/style.css'; pattern is /login.jsf; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~ - Candidate is: '/css/style.css'; pattern is /index.jsp; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~ - Candidate is: '/css/style.css'; pattern is /pages/administration/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~ - Candidate is: '/css/style.css'; pattern is /pages/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.FilterSecurityInt~ - Public object - authentication not attempted
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css reached end of additional filter chain; proceeding with original chain
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~ - SecurityContext contents are anonymous - context will not be stored in HttpSession.
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.ExceptionTranslatio~ - Chain processed normally
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.SecurityContextPers~ - SecurityContextHolder now cleared, as request processing completed
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - Candidate is: '/css/style.css'; pattern is /**; matched=true
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 1 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@5f7d3f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~ - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~ - Candidate is: '/css/style.css'; pattern is /login.jsf; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~ - Candidate is: '/css/style.css'; pattern is /index.jsp; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~ - Candidate is: '/css/style.css'; pattern is /pages/administration/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.DefaultFilterInvo~ - Candidate is: '/css/style.css'; pattern is /pages/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 2 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@eb840f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~ - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~ - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@178feba. A new one will be created.
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 3 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@11ce2ad'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 4 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@16602cb'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 5 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4178d0'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 6 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@62be97'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@cee41f'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@190efc'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.AnonymousAuthentica~ - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 26A885C1C0EC952F9C34E6BA5DE86E3A; Granted Authorities: ROLE_ANONYMOUS'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 9 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@126fef6'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 10 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@12cfd62'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css at position 11 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@af4627'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~ - Converted URL to lowercase, from: '/css/style.css'; to: '/css/style.css'
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~ - Candidate is: '/css/style.css'; pattern is /login.jsf; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~ - Candidate is: '/css/style.css'; pattern is /index.jsp; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~ - Candidate is: '/css/style.css'; pattern is /pages/administration/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.e.ExpressionBasedFi~ - Candidate is: '/css/style.css'; pattern is /pages/**; matched=false
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.i.FilterSecurityInt~ - Public object - authentication not attempted
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.FilterChainProxy - /css/style.css reached end of additional filter chain; proceeding with original chain
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.HttpSessionSecurity~ - SecurityContext contents are anonymous - context will not be stored in HttpSession.
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.a.ExceptionTranslatio~ - Chain processed normally
[Application] 2010-04-02 13:41:26 DEBUG - o.s.s.w.c.SecurityContextPers~ - SecurityContextHolder now cleared, as request processing completed |
J'ai sûrement manqué quelque chose dans la conf (ou autre part), mais je ne vois pas quoi. Si un quelqu'un de plus expérimenté que moi pouvait m'apporter un peu d'aide, ça serait sympa :)
Merci.
[Authentication Failed] Java+Spring+Hibernate
Bonjour,
J'ai le même problème que vous et j'aurai bien besoin de votre aide;
En effet, je reste toujours sur ma page login malgré que je rentre le login et le password correctement il me signale le message d'erreur que j'ai défini lorsque on rentre des faux identifiants!!!
Si tu es intéressé, je peux vous filer les fichiers de config pour en examiner ensemble le problème vu que je suis là-dessus depuis presque un mois;
Merci
[Authentication Failed] Java+Spring+Hibernate
Merci pour ta réponse; mais mon application est un peu différente de la tienne; en effet je n'ai pas un formulaire c.a.d un fichier html mais plutot un fichier zul qui ressemble beaucoup au html sauf que j'ai défini une fonction de verification login sur le bouton login dans une classe java; tu trouveras comme suit :
mon formulaire d'authentification :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
<window id="loginWin" title="Login to the Trans Mig Audit" border="normal" width="400px"
use="fr.cs.tma.ui.LoginViewCtrl">
<grid>
<rows>
<row>
<label value="Username:"/>
<textbox id="username" name="j_username" constraint="no empty"/>
</row>
<row>
<label value="Password:"/>
<textbox type="password" id="password" name="j_password" constraint="no empty"/>
</row>
<row spans="2" align="center"><cell>
<vlayout>
<button id="login" label="login" width="100px" onClick="loginWin.onOK()" />
<label id="msgError" style="color:red; font-weight:italic"/>
</vlayout>
</cell>
</row>
</rows>
</grid>
</window> |
et ma classe java :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
public class LoginViewCtrl extends Window {
public void onCreate() {
Label msgLbl = (Label)getFellow("loginWin").getFellow("msgError");
String errorCode = Executions.getCurrent().getParameter("login_error");
if("true".equals(errorCode)){
msgLbl.setValue("Bad Username or/and Password. Retry Please.");
}else{
msgLbl.setValue("");
}
}
public void onOK() {
Textbox usernameTxt = (Textbox)getFellow("loginWin").getFellow("username");
Textbox passwordTxt = (Textbox)getFellow("loginWin").getFellow("password");
String username = usernameTxt.getValue();
String password = passwordTxt.getValue();
Executions.sendRedirect("/j_spring_security_check?j_username="+username+"&j_password="+password);
}
} |
voilà je travaille avec hibernate v3 et spring 3
Please Help me!
merci.
