English 中文(简体)
如何在 jsf 模板中使用 jsf [login.jsf] 格式的弹簧安全
原标题:how to using spring security with format jsf [login.jsf] in jsf templates

i ve problem when integrated jsf 2.0, springframeork 3.0.2 and primefaces
in this case i m using spring security [login.jsp] for authentication user and it works, but i wanna change it to jsf page [login.jsf include in jsf templates].

i means : when application running, The first page is displayed first home page template [home.jsf] with login.jsf in it

anyone give me suggest for this problem...:D
thx agung

<%强>web.xml 

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Production</param-value>
</context-param>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/app-config.xml</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.FACELETS_LIBRARIES</param-name>
    <param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<servlet>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/app-config.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <url-pattern>*.htm</url-pattern>
</servlet-mapping>
<welcome-file-list>
    <welcome-file>faces/index.jsp</welcome-file>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>

<强度 > 安全性.xml 

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<http realm="Project Realm" auto-config="true" use-expressions="true">
    <intercept-url pattern="/auth/**" filters="none"/>
    <intercept-url pattern="/admin/**" access="hasRole( ROLE_ADMIN )"/>
    <intercept-url pattern="/users/**" access="hasRole( ROLE_USER )"/>
    <intercept-url pattern="/**" access="hasAnyRole( ROLE_ADMIN , ROLE_USER )"/>

    <form-login login-page="/auth/login.jsp" authentication-failure-url="/auth/login.jsp?login_error=1"/>
    <logout logout-success-url="/auth/login.jsp"/>
    <remember-me />
</http>

<authentication-manager>
    <authentication-provider>
        <password-encoder hash="md5"/>
        <jdbc-user-service data-source-ref="dataSource" />
    </authentication-provider>
</authentication-manager>

</b:beans>

jsf 页面,带有模板,临时Home.xhtml 

<?xml version= 1.0  encoding= UTF-8  ?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml"
  xmlns:p="http://primefaces.org/ui"
  xmlns:ui="http://java.sun.com/jsf/facelets"
  xmlns:h="http://java.sun.com/jsf/html"
  style="overflow: hidden">

<h:head>

    <title>Facelets Template</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <link href="./../resources/css/default.css" rel="stylesheet" type="text/css" />
    <link href="./../resources/css/userCssLayout.css" rel="stylesheet" type="text/css" />
    <link href="./../resources/css/layout.css" rel="stylesheet" type="text/css" />

</h:head>

<h:body>

    <div id="top">
        <ui:insert name="top">

        </ui:insert>
    </div>
    <div>
        <div id="left">
            <ui:insert name="left"></ui:insert>
        </div>
        <div>
            <div id="right">
                <ui:insert name="right"></ui:insert>
            </div>
            <div id="content" class="right_content">
                <table style="width: 100%;">
                    <tbody>
                        <tr align="left">
                            <td width="0%"></td>
                            <td>
                                <ui:include src="./../userPage/userMenubar.xhtml"/>
                            </td>
                            <td>
                                <ui:include src="./../pageLogin/userLogin.xhtml"/>
                            </td>
                        </tr>
                    </tbody>
                </table>
                <ui:insert name="content">


                </ui:insert>
            </div>
        </div>
    </div>
    <div id="bottom">
        <ui:insert name="bottom"></ui:insert>
    </div>

</h:body>

<强 > index.jsp 

<% response.sendRedirect("userPage/home.jsf"); %>

< 强力 > 用户 Login. xhtml 

<?xml version= 1.0  encoding= UTF-8  ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
  xmlns:p="http://primefaces.org/ui"
  xmlns:h="http://java.sun.com/jsf/html">
<h:head>
    <title>Facelet Title</title>
</h:head>
<h:body>
    <h:form style="height: 50px; font-size: 10px;">
        <p:toolbar>  
            <p:toolbarGroup align="left">  
                <p:separator />  

                <h:outputText value="Username : "/>
                <p:inputText value="#{memberBean.selected.username}"/>

                <h:outputText value="Password : "/>
                <p:password value="#{memberBean.selected.password2}" feedback="false"/>

                <p:commandButton value="Login" actionListener="#{memberBean.cek()}"/>

                <p:commandButton type="button" title="Save" icon="ui-icon-disk"/>  

            </p:toolbarGroup>  

            <p:toolbarGroup align="right">  
                <p:menuButton value="Options">  
                    <p:menuitem value="Home" url="http://www.primefaces.org" />  
                    <p:menuitem value="ShowCase"  
                                url="http://www.primefaces.org/showcase" />  
                    <p:menuitem value="TouchFaces"  
                                url="http://www.primefaces.org/showcase/touch" />  
                </p:menuButton>  
            </p:toolbarGroup>  

        </p:toolbar>

    </h:form>
</h:body>
</html>
最佳回答

可能听起来微不足道, 但是您是否尝试用 security. xml 中的 login. jsf 路径替换 login. jssp? 您必须排除被截取的 URL 中所需的文件 。 当然, 请在不使用此行的情况下测试它 :

<intercept-url pattern="/**" access="hasAnyRole( ROLE_ADMIN , ROLE_USER )"/>

上行实际上不是一个好主意, 它会屏蔽您的 css 文件、 javascript 、 登录页面可能需要的图像。 我宁愿限制对特定区域的访问, 并默认情况下保持资源的可访问性 。

还铭记登录页在某些情况下可能装载千次----破损脚本、内部服务器状况监测等。 平面 Jsp 页面应更快处理。

时间:2012-05-21 12:48:37
问题回答

暂无回答


上一篇:
下一篇:


相关问题
Signed executables under Linux

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...

时间:2009-11-14 01:34:19 回答:10 展示:1
MALICIOUS_CODE EI_EXPOSE_REP Medium

I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...

时间:2009-11-14 00:40:10 回答:5 展示:1
XSS on jsbin.com

Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...

时间:2009-11-14 00:18:21 回答:1 展示:1
Make md5 strong

Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...

时间:2009-11-13 18:59:37 回答:5 展示:1
Why running a service as Local System is bad on windows?

I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...

时间:2009-11-13 16:51:19 回答:5 展示:1
Brute-force/DoS prevention in PHP [closed]

I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...

时间:2009-11-13 05:37:34 回答:5 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全