[SOLVED] Spring Security and View could not be restored
chkiron Oct 20, 2010 7:26 PMHi, all!
Since friday night I am stuck with this problem.
I have an application that needed authentication. Having worked with Spring Security before, I used it to provide login security for my application.
All works fine: it intercepts the user, displays the login form and after that redirects the user to the application's main screen. However, if i log out and after that log in again, I receive an error:
ERROR [[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
javax.faces.application.ViewExpiredException: viewId:/pages/common/home.jsf - View /pages/common/home.jsf could not be restored.
I have tried several different approaches, but none has worked for me.
I am using JSF 1.2, RichFaces 3.3.2, Jboss 4.2.3, Spring 2.5.4, S. Security 2.0.4.
my index.jsp, the starting point of the application:
{code:xml}
<%@ page session="false"%>
<%
response.sendRedirect("pages/common/home.jsf");
%>
{code}
My web.xml:
{code:xml}
<?xml version="1.0"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<description>Descritor web do Sistema da Apalurj</description>
<!-- ======================================
SPRING
======================================
Loading Application Bean's. -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:META-INF/contextoSpring.xml</param-value>
</context-param>
<!-- ======================================
SEGURANÇA
====================================== -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ======================================
RICHFACES
====================================== -->
<context-param>
<param-name>org.richfaces.SKIN</param-name>
<!--<param-value>blueSky</param-value>-->
<param-value>deepMarine</param-value>
</context-param>
<!-- ======================================
JSF
====================================== -->
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config.xml,
/WEB-INF/faces-beans.xml,
/WEB-INF/faces-navegacao.xml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PARTIAL_STATE_SAVING_METHOD</param-name>
<param-value>false</param-value>
</context-param>
<!-- ======================================
FACELETS
======================================
Use Documents Saved as *.xhtml -->
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>facelets.SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<!-- Optional JSF-RI Parameters to Help Debug -->
<context-param>
<param-name>com.sun.faces.validateXml</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.verifyObjects</param-name>
<param-value>false</param-value>
</context-param>
<filter>
<display-name>RichFaces Filter</display-name>
<filter-name>richfaces</filter-name>
<filter-class>org.ajax4jsf.Filter</filter-class>
<init-param>
<param-name>createTempFiles</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>maxRequestSize</param-name>
<param-value>10000000</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>richfaces</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Faces Servlet -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Faces Servlet Mapping -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<filter>
<filter-name>filtroAntiCache</filter-name>
<filter-class>br.org.apalurj.infra.FiltroAntiCache</filter-class>
</filter>
<filter-mapping>
<filter-name>filtroAntiCache</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
<!-- ======================================
GERAL
======================================
Welcome files -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
{code}
My spring security configuration:
{code:xml}
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<http auto-config="true" >
<intercept-url pattern="/**/*.js" filters="none" access="ROLE_OPER,ROLE_ADMIN,ROLE_ANONYMOUS"/>
<intercept-url pattern="/**/*.png" filters="none" access="ROLE_OPER,ROLE_ADMIN,ROLE_ANONYMOUS"/>
<intercept-url pattern="/**/*.css" filters="none" access="ROLE_OPER,ROLE_ADMIN,ROLE_ANONYMOUS"/>
<intercept-url pattern="/**/*.gif" filters="none" access="ROLE_OPER,ROLE_ADMIN,ROLE_ANONYMOUS"/>
<intercept-url pattern="/**/*.jpg" filters="none" access="ROLE_OPER,ROLE_ADMIN,ROLE_ANONYMOUS"/>
<intercept-url pattern="/login.jsp*" filters="none"/>
<intercept-url pattern="/**" access="ROLE_OPER,ROLE_ADMIN" />
<form-login authentication-failure-url="/login.jsp?login_error=1"
default-target-url="/login.jsp"
login-page="/login.jsp"/>
<logout logout-success-url="/login.jsp" />
</http>
<authentication-provider>
<password-encoder hash="md5" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT login as username, senha as password, flgAtivo as enabled FROM Usuario U where login=?"
authorities-by-username-query="SELECT login as username, case idPerfil when 1 then 'ROLE_ADMIN' when 2 then 'ROLE_OPER' END as authority FROM Usuario U where login=?" />
</authentication-provider>
</beans:beans>
{code}
Among the several attempts to solve this problem, I tried:
web.xml:
{code:xml}
...
<context-param>
<param-name>org.ajax4jsf.handleViewExpiredOnClient</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.enableRestoreView11Compatibility</param-name>
<param-value>true</param-value>
</context-param>
...
{codel}
And in the application's main page:
{code:xml}
...
<script type="text/javaScript">
A4J.AJAX.onExpired= function(){
alert('aaa');
}
A4J.AJAX.onError= function(){
alert('bbb');
}
</script>
...
{codel}
to no avail. Instead of an error, I get a weird xml page.
Does anyone have a clue for me? I am without ideas. I am almost sure that the problem is in session management, but I could not work it out to build a proper configuration.
thank you in advance!
PS: i am unable to properly format the post with code:xml...
------------------------------------------------------------------------------------------------------------------------
20/10/2010
I solved the problem. It occurred because I called Spring Security's logout URL in an Ajax method (rich:menu). I put it in a html form, action poiting to logout URL and when the user clicks in the menu, I submit the form through java script.