I'm implementing Spring Security in a project, however, I've come across some issues. I'm going through the context code, the part of web.xml
to Spring Security and how I put it on a page for you to see.
What happens is that Spring is not making any restrictions. I have only one user in the database with permission ROLE_GERENTE, however, Spring takes the login page to the restricted home without presenting the manager contents it should (see tag in the code below). It also keeps the login page URL ("public / home.jsf").
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http>
<intercept-url pattern="/restrito/**" access="ROLE_GERENTE"/>
<form-login
login-page="/publico/home.jsf"
always-use-default-target="true"
default-target-url="/publico/home.jsf"
authentication-failure-url="/publico/index.jsf?login_error=1" />
<logout/>
<remember-me/>
</http>
<authentication-manager>
<authentication-provider>
<!-- <password-encoder hash="md5"/> -->
<jdbc-user-service data-source-ref="Somore"
authorities-by-username-query="SELECT u.email, p.permissao FROM usuario u,
usuario_permissao p WHERE u.id = p.usuario AND u.email= ?"
users-by-username-query="SELECT email, senha, ativo FROM usuario WHERE email = ?" />
</authentication-provider>
</authentication-manager>
</b:beans>
applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<bean class="org.springframework.jndi.JndiObjectFactoryBean" id="Somore">
<property name="jndiName" >
<value>java:comp/env/jdbc/Somore</value>
</property>
</bean>
</beans>
web.xml
<!-- Spring Security -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
Restricted / home.xhtml
<?xml version="1.0" encoding="ISO-8859-1"?>
<ui:composition
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:sec="http://www.springframework.org/security/facelets/tags"
template="/resources/templates/template_restrito.xhtml">
<ui:define name="section">
<sec:ifAnyGranted roles="ROLE_GERENTE">
GERENTE<br />
</sec:ifAnyGranted>
</ui:define>
</ui:composition>
Login Dialog
<p:dialog resizable="false" reshowEffect="Puff" widgetVar="dlgLogar"
modal="true" showHeader="false" closeOnEscape="true" height="175" width="430">
<h:form id="login" method="post" action="${request.contextPath}/j_spring_security_check">
<p:panelGrid columns="2" styleClass="panelLogar">
<p:outputLabel value="Login"/>
<p:inputText styleClass="input" value="#{usuarioBean.usuarioSpring}" name="j_username"/>
<p:outputLabel value="Senha"/>
<p:password styleClass="input" maxlength="8" value="#{usuarioBean.senha}" name="j_password"/>
<p:outputLabel value="Lembre de mim"/>
<p:selectBooleanCheckbox name="_spring_security_remember_me"/>
<p:commandButton ajax="false" value="Logar" action="#{usuarioBean.logar}" style="width:105%;"/>
<p:commandButton ajax="false" value="Esqueci a senha" style="width:100%;" />
</p:panelGrid>
</h:form>
</p:dialog>
Jars