Good evening, I'm learning jsf, so I accompanied some videos of Leandro Costa on youtube, I found it well didactic and so on. At the end of the course it provides the source code, however as the project uses spring security in the login and it did not pass the sql script every page that I try to access gives the error HTTP Status 403 - Access to the requested resource has been denied. I have tried to create the bank manually, but without success. So I came to the conclusion that it is better to take the authentication to use the application.
spring-security.xml
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:b="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login.faces" access="permitAll" />
<intercept-url pattern="/restrict/**" access="isAuthenticated()" />
<intercept-url pattern="/public/**" access="permitAll"/>
<form-login login-page="/login.faces" authentication-failure-url="/login.faces?erro=true"
default-target-url="/restrict/home.faces"/>
<access-denied-handler error-page="/acessonegado.faces" />
</http>
<!-- NO PROJETO SEMERU PADRÃO FIZEMOS DESSA FORMA -->
<authentication-manager>
<authentication-provider>
<password-encoder hash="sha"/>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT Login, Senha, 'true' as enable FROM pessoa WHERE Login=?"
authorities-by-username-query="SELECT Login as username, Permissao as authority FROM pessoa WHERE Login=?"/>
</authentication-provider>
</authentication-manager>
<b:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
<b:property name="url" value="jdbc:mysql://localhost:3306/semeru_jsf_maven_db" />
<b:property name="driverClassName" value="com.mysql.jdbc.Driver" />
<b:property name="username" value="root" />
<b:property name="password" value="admin" />
</b:bean>
Web.xml
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>semeru_jsf_maven</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<!-- <welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>-->
</welcome-file-list>
<!-- Duração da sessão -->
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Configurações do tema do PrimeFaces -->
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>sam</param-value>
</context-param>
<!-- Filtros do Spring -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<!-- Configurações do JavaServer Faces -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Bloqueia o browser de acessar arquivos xhtml</display-name>
<web-resource-collection>
<web-resource-name>xhtml files</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<!-- Configurações do PrimeFaces -->
<servlet>
<servlet-name>Resource Servlet</servlet-name>
<servlet-class>org.primefaces.resource.ResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Resource Servlet</servlet-name>
<url-pattern>/primefaces_resource/*</url-pattern>
</servlet-mapping>