How to disable spring security

0

Good evening, I'm learning jsf, so I accompanied some videos of Leandro Costa on youtube, I found it well didactic and so on. At the end of the course it provides the source code, however as the project uses spring security in the login and it did not pass the sql script every page that I try to access gives the error HTTP Status 403 - Access to the requested resource has been denied. I have tried to create the bank manually, but without success. So I came to the conclusion that it is better to take the authentication to use the application.

spring-security.xml

<b:beans xmlns="http://www.springframework.org/schema/security"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:b="http://www.springframework.org/schema/beans"
     xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <http auto-config="true" use-expressions="true">
    <intercept-url pattern="/login.faces" access="permitAll" />
    <intercept-url pattern="/restrict/**" access="isAuthenticated()" />
    <intercept-url pattern="/public/**" access="permitAll"/>

    <form-login login-page="/login.faces" authentication-failure-url="/login.faces?erro=true"
                default-target-url="/restrict/home.faces"/>     
    <access-denied-handler error-page="/acessonegado.faces" />
</http>                

<!-- NO PROJETO SEMERU PADRÃO FIZEMOS DESSA FORMA -->  
<authentication-manager>
    <authentication-provider>
        <password-encoder hash="sha"/>
        <jdbc-user-service data-source-ref="dataSource"
                           users-by-username-query="SELECT Login, Senha, 'true' as enable FROM pessoa WHERE Login=?"
                           authorities-by-username-query="SELECT Login as username, Permissao as authority  FROM pessoa WHERE Login=?"/>               
    </authentication-provider>
</authentication-manager>

<b:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
    <b:property name="url" value="jdbc:mysql://localhost:3306/semeru_jsf_maven_db" />
    <b:property name="driverClassName" value="com.mysql.jdbc.Driver" />
    <b:property name="username" value="root" />
    <b:property name="password" value="admin" />
</b:bean>

Web.xml

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
     id="WebApp_ID" version="2.5">

<display-name>semeru_jsf_maven</display-name>

<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
    <!--        <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>-->
</welcome-file-list>

<!-- Duração da sessão -->

<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring-security.xml
    </param-value>
</context-param>  

<!-- Configurações do tema do PrimeFaces -->
<context-param>  
    <param-name>primefaces.THEME</param-name>  
    <param-value>sam</param-value>  
</context-param>         

<!-- Filtros do Spring  -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

    <!-- Configurações do JavaServer Faces -->

<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>

<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.faces</url-pattern>
</servlet-mapping>

<security-constraint>
    <display-name>Bloqueia o browser de acessar arquivos xhtml</display-name>
    <web-resource-collection>
        <web-resource-name>xhtml files</web-resource-name>
        <url-pattern>*.xhtml</url-pattern>
    </web-resource-collection>
    <auth-constraint/>
</security-constraint>

<!-- Configurações do PrimeFaces -->

<servlet>
    <servlet-name>Resource Servlet</servlet-name>
    <servlet-class>org.primefaces.resource.ResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Resource Servlet</servlet-name>
    <url-pattern>/primefaces_resource/*</url-pattern>
</servlet-mapping>

    
asked by anonymous 09.11.2015 / 02:15

1 answer

0

I have commented on the excerpts that activate the spring security of your web.xml trying to explain what each section is responsible for doing, it is important to point out that although spring security will be disabled with this web.xml, the application may be using this context in several places and not work properly.

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
     id="WebApp_ID" version="2.5">

<display-name>semeru_jsf_maven</display-name>

<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
    <!--        <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>-->
</welcome-file-list>

<!-- Duração da sessão -->

<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>

<!-- Este parâmetro refere-se ao contexto do Spring
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring-security.xml
    </param-value>
</context-param>  -->

<!-- Configurações do tema do PrimeFaces -->
<context-param>  
    <param-name>primefaces.THEME</param-name>  
    <param-value>sam</param-value>  
</context-param>         

<!-- Estes filtros são responsáveis por interceptar qualquer request e direcioná-lo para o Spring
Filtros do Spring  
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>
-->

    <!-- Configurações do JavaServer Faces -->

<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>

<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.faces</url-pattern>
</servlet-mapping>

<!-- Aqui como explicado abaixo, é responsável por blqouear acesso ao xhtml caso o usuário não esteja autenticado
<security-constraint>
    <display-name>Bloqueia o browser de acessar arquivos xhtml</display-name>
    <web-resource-collection>
        <web-resource-name>xhtml files</web-resource-name>
        <url-pattern>*.xhtml</url-pattern>
    </web-resource-collection>
    <auth-constraint/>
</security-constraint>
-->

<!-- Configurações do PrimeFaces -->

<servlet>
    <servlet-name>Resource Servlet</servlet-name>
    <servlet-class>org.primefaces.resource.ResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Resource Servlet</servlet-name>
    <url-pattern>/primefaces_resource/*</url-pattern>
</servlet-mapping>

I hope I have helped.

    
09.11.2015 / 11:10