problème persistant avec acegi
débutante en j2e,je travaille avec jsf et glassfish V2,je veux sécuriser avec acegi.
ça fait plusieurs jours deja,j'ai ecrit un code apparemment correct(j'ai consulté moult tutos et forums),j'essaieça ne MARCHE PAS.ça affiche acegilogin.jsp?login_error=1 avec le message "bad credentials",même si le login/pass sont bons !
voici le stack :
Citation:
java.lang.ClassNotFoundException: org.acegisecurity.BadCredentialsException
at org.apache.felix.framework.searchpolicy.R4SearchPolicyCore.findClass(R4SearchPolicyCore.java:198)
at org.apache.felix.framework.searchpolicy.R4SearchPolicy.findClass(R4SearchPolicy.java:45)
at org.apache.felix.framework.searchpolicy.ContentClassLoader.loadClass(ContentClassLoader.java:109)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:604)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1575)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1496)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1732)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
at org.apache.catalina.session.StandardSession.readRemainingObject(StandardSession.java:1835)
at org.apache.catalina.session.StandardSession.readObject(StandardSession.java:1767)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1849)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
at org.apache.catalina.session.StandardSession.deserialize(StandardSession.java:1106)
at org.apache.catalina.session.StandardManager.readSessions(StandardManager.java:513)
at com.sun.enterprise.web.WebModule.loadSessions(WebModule.java:1432)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:2207)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1890)
at com.sun.enterprise.web.WebApplication.start(WebApplication.java:85)
at com.sun.enterprise.v3.server.ApplicationLifecycle.start(ApplicationLifecycle.java:560)
at com.sun.enterprise.v3.server.ApplicationLifecycle.start(ApplicationLifecycle.java:547)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:189)
at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:329)
at com.sun.enterprise.v3.admin.CommandRunner$2.execute(CommandRunner.java:302)
at com.sun.enterprise.v3.admin.CommandRunner.doCommand(CommandRunner.java:312)
at com.sun.enterprise.v3.admin.CommandRunner.doCommand(CommandRunner.java:119)
at com.sun.enterprise.v3.admin.CommandRunner.doCommand(CommandRunner.java:99)
at org.glassfish.deployment.admin.ReDeployCommand.execute(ReDeployCommand.java:94)
at com.sun.enterprise.v3.admin.CommandRunner$2.execute(CommandRunner.java:297)
at com.sun.enterprise.v3.admin.CommandRunner.doCommand(CommandRunner.java:312)
at com.sun.enterprise.v3.admin.CommandRunner.doCommand(CommandRunner.java:119)
at com.sun.enterprise.v3.admin.CommandRunner.doCommand(CommandRunner.java:99)
at com.sun.enterprise.v3.admin.AdminAdapter.doCommand(AdminAdapter.java:250)
at com.sun.enterprise.v3.admin.AdminAdapter.service(AdminAdapter.java:176)
at com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:147)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:180)
at com.sun.grizzly.http.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:633)
at com.sun.grizzly.http.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:570)
at com.sun.grizzly.http.DefaultProcessorTask.process(DefaultProcessorTask.java:827)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:152)
at com.sun.enterprise.v3.services.impl.GlassfishProtocolChain.executeProtocolFilter(GlassfishProtocolChain.java:71)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:103)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:89)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:67)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:56)
at com.sun.grizzly.util.WorkerThreadImpl.processTask(WorkerThreadImpl.java:325)
at com.sun.grizzly.util.WorkerThreadImpl.run(WorkerThreadImpl.java:184)
voici le web.xml
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
| <?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value> WEB-INF/applicationContextSecurity.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config.xml</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.validateXml</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.verifyObjects</param-name>
<param-value>false</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.acegisecurity.ui.session.HttpSessionEventPublisher
</listener-class>
</listener>
<filter>
<filter-name>Acegi Security Filter</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Acegi Security Filter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<filter-name>UploadFilter</filter-name>
<filter-class>com.sun.webui.jsf.util.UploadFilter</filter-class>
<init-param>
<description>The maximum allowed upload size in bytes. If this is set to a negative value, there is no maximum. The default value is 1000000.</description>
<param-name>maxSize</param-name>
<param-value>1000000</param-value>
</init-param>
<init-param>
<description>The size (in bytes) of an uploaded file which, if it is exceeded, will cause the file to be written directly to disk instead of stored in memory. Files smaller than or equal to this size will be stored in memory. The default value is 4096.</description>
<param-name>sizeThreshold</param-name>
<param-value>4096</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UploadFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<init-param>
<param-name>javax.faces.LIFECYCLE_ID</param-name>
<param-value>com.sun.faces.lifecycle.PARTIAL</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>ExceptionHandlerServlet</servlet-name>
<servlet-class>com.sun.errorhandler.ExceptionHandler</servlet-class>
<init-param>
<param-name>errorHost</param-name>
<param-value>localhost</param-value>
</init-param>
<init-param>
<param-name>errorPort</param-name>
<param-value>24444</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>ThemeServlet</servlet-name>
<servlet-class>com.sun.webui.theme.ThemeServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ExceptionHandlerServlet</servlet-name>
<url-pattern>/error/ExceptionHandler</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ThemeServlet</servlet-name>
<url-pattern>/theme/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/ajouterOffreFournisseur.jsp</welcome-file>
</welcome-file-list>
<error-page>
<exception-type>javax.servlet.ServletException</exception-type>
<location>/error/ExceptionHandler</location>
</error-page>
<error-page>
<exception-type>java.io.IOException</exception-type>
<location>/error/ExceptionHandler</location>
</error-page>
<error-page>
<exception-type>javax.faces.FacesException</exception-type>
<location>/error/ExceptionHandler</location>
</error-page>
<error-page>
<exception-type>com.sun.rave.web.ui.appbase.ApplicationException</exception-type>
<location>/error/ExceptionHandler</location>
</error-page>
<jsp-config>
<jsp-property-group>
<url-pattern>*.jspf</url-pattern>
<is-xml>true</is-xml>
</jsp-property-group>
</jsp-config>
</web-app> |
applicationContextSecurity.xml:
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
| <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<!-- ======================== FILTER CHAIN ======================= -->
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/error/*=#NONE#
/back*=#NONE#
/assets/**=httpSessionContextIntegrationFilter
/j_acegi_security_check=httpSessionContextIntegrationFilter,formAuthenticationProcessingFilter
/**=httpSessionContextIntegrationFilter,exceptionTranslationFilter
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref bean="formLoginAuthenticationEntryPoint" />
</property>
</bean>
<!-- ================= formLoginAuthenticationEntryPoint ================ -->
<bean id="formLoginAuthenticationEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/acegilogin.jsp" />
<property name="forceHttps" value="false" />
</bean>
<bean id="formAuthenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationFailureUrl">
<value>/faces/acegilogin.jsp?login_error=1</value>
</property>
<property name="defaultTargetUrl">
<value>/faces/acceuil.jsp</value>
</property>
<property name="filterProcessesUrl">
<value>/j_acegi_security_check</value>
</property>
</bean>
<!-- ===================== authenticationManager ======================= -->
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="authenticationProvider"/>
</list>
</property>
</bean>
<!-- ===================== authenticationProvider ==================== -->
<bean id="authenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref bean="userDetailsService"/>
</property>
</bean>
<!-- ===================== userDetailsService ==================== -->
<bean id="userDetailsService" class="Acegi.UserDetailsServiceImpl">
<constructor-arg ref="userRepository" />
</bean>
<bean id="userRepository" class="Acegi.UserDaoImpl">
</bean>
</beans> |
la page acegilogin.jsp :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
<%@
taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
<%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<html>
<head>
<title>System Login</title>
</head>
<body>
<f:view>
<h:form>
<h:panelGrid columns="2">
<h:outputLabel value="User Name" for="j_username" />
<h:inputText id="j_username"
value="#{LoginBacking.userId}" size="40" maxlength="80"></h:inputText>
<h:outputLabel value="Password" for="j_password" />
<h:inputText id="j_password"
value="#{LoginBacking.password}" size="40" maxlength="80"
></h:inputText>
</h:panelGrid>
<h:commandButton action="login" value="Login" />
<h:messages id="messages" layout="table" globalOnly="true"
showSummary="true" showDetail="false" />
</h:form>
</f:view>
</body>
</html> |
faces-config.xml:
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| <managed-bean>
<managed-bean-name>LoginBacking</managed-bean-name>
<managed-bean-class>Acegi.LoginBacking</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
</managed-bean>
<navigation-rule>
<from-view-id>/acegilogin.jsp</from-view-id>
<navigation-case>
<from-outcome>login</from-outcome>
<to-view-id>/j_acegi_security_check</to-view-id>
<redirect/>
</navigation-case>
</navigation-rule>
</faces-config> |
LogingBacking.java
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
| package Acegi;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.faces.event.ActionEvent;
import org.acegisecurity.ui.AbstractProcessingFilter;
public class LoginBacking {
// properties
private String userId;
private String password;
/**
* default empty constructor
*/
public LoginBacking() {
Exception ex = (Exception) FacesContext
.getCurrentInstance()
.getExternalContext()
.getSessionMap()
.get(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY);
if (ex != null)
FacesContext.getCurrentInstance().addMessage(
null,
new FacesMessage(FacesMessage.SEVERITY_ERROR, ex
.getMessage(), ex.getMessage()));
}
public String send() {
// do real logic
return ("success");
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
} |
UserDetailsServiceImpl :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
| org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.springframework.dao.DataAccessException;
public class UserDetailsServiceImpl implements UserDetailsService {
private UserDao userDao;
public UserDetailsServiceImpl(UserDao userDao) {
this.userDao = userDao;
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
AppUser user = userDao.findUser(username);
if (user == null)
throw new UsernameNotFoundException("User not found: " + username);
else {
return makeAcegiUser(user);
}
}
private org.acegisecurity.userdetails.User makeAcegiUser(AppUser user) {
return new org.acegisecurity.userdetails.User(user.getLogin(), user
.getPassword(), true, true, true, true,
makeGrantedAuthorities(user));
}
private GrantedAuthority[] makeGrantedAuthorities(AppUser user) {
GrantedAuthority[] result = new GrantedAuthority[user.getRoles().size()];
int i = 0;
for (String role : user.getRoles()) {
result[i++] = new GrantedAuthorityImpl(role);
}
return result;
}
} |
UserDaoImpl :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
import java.util.HashSet;
import java.util.Set;
public class UserDaoImpl implements UserDao {
public AppUser findUser(String userName) {
AppUser appUser = null;
Set<String> roles = new HashSet<String>();
if (userName.equals("john")) {
roles.add("ROLE_URLACCESS");
appUser = new AppUser("john", "John", "Turner", "john", roles);
} else if (userName.equals("jim")) {
appUser = new AppUser("jim", "Jim", "Daniel", "jim", roles);
} else if (userName.equals("tina")) {
roles.add("ROLE_ALLACCESS");
appUser = new AppUser("tina", "Tina", "Joseph", "tina", roles);
}
return appUser;
}
} |
AppUser :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
| import java.io.Serializable;
import java.util.Set;
public class AppUser implements Serializable {
private String firstName;
private String lastName;
private String login;
private String password;
private Set<String> roles;
public AppUser() {
}
public AppUser(String login, String firstName, String lastName,
String password, Set<String> roles) {
this.login = login;
this.firstName = firstName;
this.lastName = lastName;
this.password = password;
this.roles = roles;
assert !roles.isEmpty();
}
public void setLogin(String login) {
this.login = login;
}
public String getLogin() {
return login;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public void setPassword(String password) {
this.password = password;
}
public String getPassword() {
return password;
}
public String toString() {
return firstName + " " + lastName;
}
public String getFullName() {
return toString();
}
public boolean isPasswordValid(String password) {
return getPassword().equals(password);
}
boolean hasRole(String role) {
return roles.contains(role);
}
public Set<String> getRoles() {
return roles;
}
public void setRoles(Set<String> roles) {
this.roles = roles;
}
} |
voilà tout mon code!! maintenant si quelqu'un veut bien me sauver la vie svp,je lui serais très reconnaissante !! merci d'avance !
