RE: Spring FilterSecurityInterceptor not been called for myfaces forwards

Mon, 11 Jan 2010 23:43:32 -0800 

Hi Michael,

Following are the servlet mappings:

<servlet-mapping>
                <servlet-name>Faces Servlet</servlet-name>
                <url-pattern>*.faces</url-pattern>
        </servlet-mapping>

        <servlet-mapping>
                <servlet-name>Faces Servlet</servlet-name>
                <url-pattern>*.jspx</url-pattern>
        </servlet-mapping>

        <!-- Persistent Faces Servlet Mapping -->
        <servlet-mapping>
                <servlet-name>Persistent Faces Servlet</servlet-name>
                <url-pattern>*.iface</url-pattern>
        </servlet-mapping>

The navigation case in faces-config.xml is:

<navigation-rule>
                <navigation-case>
                        <from-outcome>OPERATION_LANDING</from-outcome>
                        
<to-view-id>/jsp/operations/user/operationsLanding.iface</to-view-id>
                </navigation-case>
</navigation-rule>

This has been configured as per the icefaces documentation. If we disregard 
spring security filter issue the forward happens properly. Spring security 
filter gets invoked once after the return "OPERATION_LANDING" from within the 
action method has been executed. The strange part is that the URL is still the 
previous one.

It is strange because when using jsp:forward from index.jsp to login.jsp spring 
security filter gets both the URL's.

What could be the issue?

Regards,
Madhav


From: Michael Kurz [mailto:michi.k...@gmx.at] 
>Hi,
>
>which mapping do you use for your faces servlet: postfix (like *.jsf) or 
>prefix (like /faces/*)? Maybe the "real" JSF urls are not listed in your 
>intercepter config.
>
>regards
>Michael
>
>Madhav Bhargava schrieb:
> Hi All,
> 
> I am using myfaces 1.1, icefaces 1.8.1, spring 2.5.6, spring security -2.0.5, 
> WAS 6.0 (app server)
> 
> I have configured spring security for my JSF application along with 
> SiteMinder as an external authentication mechanism. It works fine till a 
> forward happens from within myfaces.
> 
> Here is my spring servlet filter chain declaration:
> <filter>
>                 <description>
>                                 Spring delegating filter which will initiate 
> the spring
>                                 security filter chain
>                 </description>
>                 <display-name>springSecurityFilterChain</display-name>
>                 <filter-name>springSecurityFilterChain</filter-name>
>                 <filter-class>
>                                 
> org.springframework.web.filter.DelegatingFilterProxy
>                 </filter-class>
> </filter>
> 
> <filter-mapping>
>                 <filter-name>springSecurityFilterChain</filter-name>
>                 <url-pattern>/*</url-pattern>
>                 <dispatcher>FORWARD</dispatcher>
>                 <dispatcher>REQUEST</dispatcher>
> </filter-mapping>
> 
> And in my spring application context I have followed the advice from spring 
> forums and done necessary settings:
> Excerpt is:
> 
> <security:http
>                 entry-point-ref="preAuthenticatedProcessingFilterEntryPoint" 
> once-per-request="false">
>                 <security:intercept-url pattern="/index.jsp" filters="none" />
>                 <security:intercept-url pattern="/login.jsp" filters="none" />
>                 <security:intercept-url pattern="/authenticationservlet" 
> filters="none"/>
>                 <security:intercept-url pattern="**/jsp/common/**" 
> filters="none"/>
>                 <security:intercept-url pattern="/**/css/**" filters="none"/>
>                 <security:intercept-url pattern="/**/*.js" filters="none"/>
>                 <security:intercept-url pattern="/images/**" filters="none"/>
>                 <security:intercept-url pattern="/**/secure/**" 
> access="ROLE_USER" />
>                 <security:intercept-url pattern="/**/operations/**" 
> access="ROLE_OPERATIONS"/>
>                 <security:intercept-url pattern="/**" 
> access="IS_AUTHENTICATED_ANONYMOUSLY" />
> </security:http>
> 
> Now when I forward a request from index.jsp to login.jsp then the spring 
> filters are called with the login.jsp URL even though the browser shows the 
> old URL.
> 
> However when from within an action method a navigation case is handled then 
> it is not intercepted by the spring filters at all. However if I give a 
> <redirect/> then it is properly intercepted with the correct URL as expected.
> 
> What can be the reason?
> 
> Regards,
> Madhav
> 


**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely 
for the use of the addressee(s). If you are not the intended recipient, please 
notify the sender by e-mail and delete the original message. Further, you are 
not 
to copy, disclose, or distribute this e-mail or its contents to any other 
person and 
any such actions are unlawful. This e-mail may contain viruses. Infosys has 
taken 
every reasonable precaution to minimize this risk, but is not liable for any 
damage 
you may sustain as a result of any virus in this e-mail. You should carry out 
your 
own virus checks before opening the e-mail or attachment. Infosys reserves the 
right to monitor and review the content of all messages sent to or from this 
e-mail 
address. Messages sent to or from this e-mail address may be stored on the 
Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***

Reply via email to