10 Replies Latest reply on Apr 12, 2011 10:13 PM by turocabrera

    richfaces and spring-security

    turocabrera

      Hi, I am working with spring-security and richfaces. I am have a error when I use the uploadFile component.

       

      WARN org.apache.myfaces.renderkit.html.util.DefaultAddResource - MyFaces special javascript could not be retrieved from request-map.

       

      my configuration of spring security this :

       

                          <security:intercept-url pattern="/a4j_3_3_2.sr1/**" access="PERMISSION_ANONYMOUS_USER"/>                                   

                         <security:intercept-url pattern="/a4j_3_2_0.sr1-snapshot*/**" access="PERMISSION_ANONYMOUS_USER"/>

                         <security:intercept-url pattern="/a4j_3_2_0.sr1-snapshotorg*/**" access="PERMISSION_ANONYMOUS_USER"/>                  

                         <security:intercept-url pattern="/a4j/**" access="PERMISSION_ANONYMOUS_USER"/>

                         <security:intercept-url pattern="/richfaces/**" access="PERMISSION_ANONYMOUS_USER"/>

       

       

      Buenas, estoy trabajando con spring security and richfaces. Y me surgio un error cuando intrete usar el componente rich:uploadFile.

       

       

      WARN org.apache.myfaces.renderkit.html.util.DefaultAddResource - MyFaces special javascript could not be retrieved from request-map.

       

       

      entiendo que este problema puedo resolverlo agregando el filtro de aj4 al filtro de spring. pero no se como hacerlo.

      no se si esta linea sera correcta en el filterchain.

       

       

                          <security:intercept-url pattern="/a4j_3_3_2.sr1/**" access="PERMISSION_ANONYMOUS_USER"/>                                   

                         <security:intercept-url pattern="/a4j_3_2_0.sr1-snapshot*/**" access="PERMISSION_ANONYMOUS_USER"/>

                         <security:intercept-url pattern="/a4j_3_2_0.sr1-snapshotorg*/**" access="PERMISSION_ANONYMOUS_USER"/>                  

                         <security:intercept-url pattern="/a4j/**" access="PERMISSION_ANONYMOUS_USER"/>

                         <security:intercept-url pattern="/richfaces/**" access="PERMISSION_ANONYMOUS_USER"/>

        • 1. richfaces and spring-security
          boy18nj

          your code warning shows you are using MyFaces...

          • 2. richfaces and spring-security
            turocabrera

            yes, I am used myfaces and richfaces. But, I want use only rich. On the road, I finding this errors.  I am not, know how correct this error in spring-security.

             

            without the dependencies of myfaces. I get this error:

             

            [ERROR] Digester - Parse Error at line 2 column 14: Document root element "faces-config", must match DOCTYPE root "null". <org.xml.sax.SAXParseException: Document root element "faces-config", must match DOCTYPE root "null".>org.xml.sax.SAXParseException: Document root element "faces-config", must match DOCTYPE root "null".

                    at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:195)

                    at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:131)

                    at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:384)

                    at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:318)

                    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:256)

                    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook(XMLNSDocumentScannerImpl.java:626)

                    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:3103)

                    at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:922)

                    at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648)

                    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)

                    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:511)

                    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:808)

                    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)

                    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:119)

                    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205)

                    at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)

                    at org.apache.commons.digester.Digester.parse(Digester.java:1764)

             

             

            and this error

             

             

            2011-03-19 12:03:51.182::WARN:  failed HandlerCollection@6b79d47f

            java.lang.NoClassDefFoundError: javax/faces/component/ActionSource2

                    at java.lang.ClassLoader.defineClass1(Native Method)

                    at java.lang.ClassLoader.defineClassCond(ClassLoader.java:632)

                    at java.lang.ClassLoader.defineClass(ClassLoader.java:616)

                    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)

                    at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)

                    at java.net.URLClassLoader.access$000(URLClassLoader.java:58)

                    at java.net.URLClassLoader$1.run(URLClassLoader.java:197)

                    at java.security.AccessController.doPrivileged(Native Method)

                    at java.net.URLClassLoader.findClass(URLClassLoader.java:190)

                    at org.mortbay.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:366)

                    at org.mortbay.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:337)

                    at java.lang.ClassLoader.defineClass1(Native Method)

                    at java.lang.ClassLoader.defineClassCond(ClassLoader.java:632)

                    at java.lang.ClassLoader.defineClass(ClassLoader.java:616)

                    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)

                    at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)

                    at java.net.URLClassLoader.access$000(URLClassLoader.java:58)

                    at java.net.URLClassLoader$1.run(URLClassLoader.java:197)

                    at java.security.AccessController.doPrivileged(Native Method)

                    at java.net.URLClassLoader.findClass(URLClassLoader.java:190)

                    at org.mortbay.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:366)

                    at org.mortbay.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:337)

                    at java.lang.Class.forName0(Native Method)

                    at java.lang.Class.forName(Class.java:247)

            • 3. richfaces and spring-security
              boy18nj

              this http://community.jboss.org/thread/150790?tstart=0 could be helpful to you.

               

              try this configuration-

               

              - configure AjaxViewHandler in faces-config.xml explicitly:

               

              <application>     <view-handler>org.ajax4jsf.application.AjaxViewHandler</view-handler></application>

               

              - define another view handlers (if any) in web.xml:

               

                <context-param>       <param-name>org.ajax4jsf.VIEW_HANDLERS</param-name>       <param-value>com.sun.facelets.FaceletViewHandler</param-value>  </context-param>
              • 4. richfaces and spring-security
                turocabrera

                hi, thanks. I keep getting the error:

                 

                [INFO] FacesConfigurator - Reading config jar:file:/home/acabrera/.m2/repository/org/richfaces/ui/richfaces-ui/3.3.3.Final/richfaces-ui-3.3.3.Final.jar!/META-INF/faces-config.xml

                [ERROR] Digester - Parse Error at line 2 column 14: Document is invalid: no grammar found. <org.xml.sax.SAXParseException: Document is invalid: no grammar found.>org.xml.sax.SAXParseException: Document is invalid: no grammar found.

                        at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:195)

                        at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:131)

                 

                and

                 

                java.lang.NoClassDefFoundError: javax/faces/component/ActionSource2

                        at java.lang.ClassLoader.defineClass1(Native Method)

                        at java.lang.ClassLoader.defineClassCond(ClassLoader.java:632)

                        at java.lang.ClassLoader.defineClass(ClassLoader.java:616)

                        at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)

                        at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)

                        at java.net.URLClassLoader.access$000(URLClassLoader.java:58)

                        at java.net.URLClassLoader$1.run(URLClassLoader.java:197)

                        at java.security.AccessControll

                 

                 

                I have not dependencies of myfaces.

                • 5. richfaces and spring-security
                  boy18nj

                  I believe you are missing dependencies files, Since you are using richfaces 3.3.3, use these minimal set of jar's- Checkout which is missing for you and make sure you are using the correct version of jar files. As this could be another cause of missing class file.

                   

                  commons-beanutils-1.8.0.jar

                  commons-collections-3.2.jar

                  commons-digester-1.8.1.jar

                  commons-logging-1.0.4.jar

                  core-3.3.4-20110313.064911-37.jar

                  datascroller-3.3.4-20110313.064911-36.jar

                  jsf-api-1.2_12.jar

                  jsf-facelets-1.1.14.jar

                  jsf-impl-1.2_12.jar

                  jstl-1.0.jar

                  nekohtml-1.9.6.jar

                  richfaces-api-3.3.4-20110313.064911-38.jar

                  richfaces-impl-3.3.4-20110313.064911-38.jar

                  skins-3.3.4-20110313.064911-35.jar

                  • 6. Re: richfaces and spring-security
                    turocabrera

                    Hi, missing me the jars of jsf-api and jsf-impl

                    I have this libreries:

                     

                     

                    [INFO] +- commons-collections:commons-collections:jar:3.2.1:compile

                    [INFO] +- commons-logging:commons-logging:jar:1.1.1:compile

                    [INFO] +- javax.servlet:servlet-api:jar:2.4:provided

                    [INFO] +- javax.servlet:jstl:jar:1.1.2:runtime (scope not updated to compile)

                    [INFO] +- taglibs:standard:jar:1.1.2:compile

                    [INFO] +- log4j:log4j:jar:1.2.12:compile

                     

                    [INFO] +- javax.faces:jsf-api:jar:1.2_12:compile

                    [INFO] +- javax.faces:jsf-impl:jar:1.2_12:compile

                     

                    [INFO] +- com.sun.facelets:jsf-facelets:jar:1.1.15.B1:compile

                    [INFO] +- org.richfaces.framework:richfaces-api:jar:3.3.3.Final:compile

                    [INFO] |  \- commons-beanutils:commons-beanutils:jar:1.8.0:compile

                    [INFO] +- org.richfaces.framework:richfaces-impl:jar:3.3.3.Final:compile

                    [INFO] |  \- commons-digester:commons-digester:jar:1.8.1:compile

                    [INFO] +- org.richfaces.ui:richfaces-ui:jar:3.3.3.Final:compile

                    [INFO] +- org.springframework:spring-web:jar:3.0.3.RELEASE:compile

                    [INFO] |  +- aopalliance:aopalliance:jar:1.0:compile

                    [INFO] |  +- org.springframework:spring-beans:jar:3.0.3.RELEASE:compile

                    [INFO] |  +- org.springframework:spring-context:jar:3.0.3.RELEASE:compile

                    [INFO] |  |  +- org.springframework:spring-expression:jar:3.0.3.RELEASE:compile

                    [INFO] |  |  \- org.springframework:spring-asm:jar:3.0.3.RELEASE:compile

                    [INFO] |  \- org.springframework:spring-core:jar:3.0.3.RELEASE:compile

                    [INFO] |  +- commons-lang:commons-lang:jar:2.4:compile

                    [INFO] |  +- javax.transaction:jta:jar:1.0.1B:compile

                    [INFO] |  +- org.hibernate:hibernate:jar:3.2.6.ga:compile

                    [INFO] |  |  +- net.sf.ehcache:ehcache:jar:1.2.3:compile

                    [INFO] |  |  +- asm:asm-attrs:jar:1.5.3:compile

                    [INFO] |  |  +- dom4j:dom4j:jar:1.6.1:compile

                    [INFO] |  |  +- antlr:antlr:jar:2.7.6:compile

                    [INFO] |  |  +- cglib:cglib:jar:2.1_3:compile

                    [INFO] |  |  \- asm:asm:jar:1.5.3:compile

                    [INFO] |  +- org.hibernate:hibernate-annotations:jar:3.2.1.ga:compile

                    [INFO] |  |  \- javax.persistence:persistence-api:jar:1.0:compile

                    [INFO] |  +- org.springframework:spring-aop:jar:3.0.3.RELEASE:compile

                    [INFO] |  +- org.springframework.security:spring-security-core-tiger:jar:2.0.6.RELEASE:compile

                    [INFO] |  |  \- org.springframework.security:spring-security-core:jar:2.0.6.RELEASE:compile

                    [INFO] |  +- org.springframework:spring-jdbc:jar:3.0.3.RELEASE:compile

                    [INFO] |  +- org.springframework:spring-tx:jar:3.0.3.RELEASE:compile

                    [INFO] |  +- org.springframework:spring-orm:jar:3.0.3.RELEASE:compile

                    [INFO] |  +- org.springframework:spring-test:jar:3.0.3.RELEASE:compile

                    [INFO] |  +- postgresql:postgresql:jar:8.3-603.jdbc3:compile

                    [INFO] |  +- com.mchange.v2.c3p0:c3p0:jar:0.9.1.2:compile

                    [INFO] |  \- junit:junit:jar:4.8.2:compile

                    [INFO] \- commons-io:commons-io:jar:1.4:compile

                     

                    my web.xml is this:

                     

                    <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"

                        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

                        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee

                                           http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

                     

                        <!-- Definiciones globales del aplicativo -->

                     

                        <display-name>wira</display-name>

                        <description>wira</description>   

                     

                        <!-- PARA QUE EL JBOSS USE EL MYFACES DEL WAR -->

                        <context-param>

                            <param-name>javax.faces.DEFAULT_SUFFIX</param-name>

                            <param-value>.jspx</param-value>

                        </context-param>

                        <context-param>

                            <param-name>facelets.REFRESH_PERIOD</param-name>

                            <param-value>2</param-value>

                        </context-param>

                     

                     

                        <context-param>

                            <param-name>javax.faces.STATE_SAVING_METHOD</param-name>

                            <param-value>server</param-value>

                        </context-param>   

                        <context-param>

                            <param-name>javax.faces.DISABLE_FACELET_JSF_VIEWHANDLER</param-name>

                            <param-value>true</param-value>

                        </context-param>

                        <!--

                        <context-param>

                             <param-name>org.jboss.jbossfaces.WAR_BUNDLES_JSF_IMPL</param-name>

                             <param-value>true</param-value>

                        </context-param>

                         -->

                        <context-param>

                            <param-name>facelets.DEVELOPMENT</param-name>

                            <param-value>true</param-value>

                        </context-param>

                        <context-param>

                            <param-name>facelets.SKIP_COMMENTS</param-name>

                            <param-value>true</param-value>

                        </context-param>

                     

                        <context-param>

                            <param-name>javax.faces.application.CONFIG_FILES</param-name>

                            <param-value>/WEB-INF/faces-config.xml</param-value>

                        </context-param>

                     

                        <context-param> 

                               <param-name>org.ajax4jsf.VIEW_HANDLERS</param-name> 

                               <param-value>com.sun.facelets.FaceletViewHandler</param-value> 

                         </context-param> 

                     

                        <!-- Fin de la carga -->

                     

                        <!-- Carga de componentes del contexto del aplicativo -->

                        <context-param>

                            <param-name>contextConfigLocation</param-name>

                            <param-value>

                     

                                classpath:/ar/org/home/impl/config/spring-service.xml                        

                     

                            </param-value>

                        </context-param>

                        <context-param>

                            <description>

                                La pagina de error HTTP 500 sea customizada y no la de default

                              </description>

                            <param-name>org.apache.myfaces.ERROR_HANDLING</param-name>

                            <param-value>true</param-value>

                        </context-param>

                     

                        <!-- Listener que tiene que estar para que funcione spring -->

                        <listener>

                            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

                        </listener>

                        <!-- Listener que tiene que estar para que funcione spring-security -->

                        <!-- Filtros-->

                     

                        <!-- Filtro encoding. Define la codificación de caracteres en la que se representarán las páginas -->

                        <filter>

                            <filter-name>encodingFilter</filter-name>

                            <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>

                            <init-param>

                                <param-name>encoding</param-name>

                                <param-value>UTF-8</param-value>

                            </init-param>

                        </filter>

                     

                        <filter>

                             <display-name>RichFaces Filter</display-name>

                             <filter-name>richfaces</filter-name>

                             <filter-class>org.ajax4jsf.Filter</filter-class>

                             <init-param>

                             <!-- max file size in bytes for upload -->

                                 <param-name>maxRequestSize</param-name>

                                 <param-value>500000</param-value>

                             </init-param>

                             <init-param>

                                 <param-name>createTempFiles</param-name>

                                 <param-value>true</param-value>

                             </init-param>

                         </filter>

                     

                     

                        <!-- Filtros de JSF -->

                     

                        <!-- Mapeo de los diferentes filtros -->

                     

                        <filter-mapping>

                            <filter-name>richfaces</filter-name>

                            <url-pattern>/faces/myFacesExtensionResource/*</url-pattern>

                        </filter-mapping>

                        <filter-mapping>

                            <filter-name>richfaces</filter-name>

                            <url-pattern>*.faces</url-pattern>

                        </filter-mapping>

                        <filter-mapping>

                            <filter-name>richfaces</filter-name>

                            <url-pattern>*.jspx</url-pattern>

                        </filter-mapping>

                        <filter-mapping>

                            <filter-name>richfaces</filter-name>

                            <servlet-name>Faces Servlet</servlet-name>

                            <dispatcher>REQUEST</dispatcher>

                            <dispatcher>FORWARD</dispatcher>

                            <dispatcher>INCLUDE</dispatcher>

                        </filter-mapping>

                     

                        <!-- Mapeo de Filter JSF -->

                        <!-- IntrospectorCleanupListener -->

                        <listener>

                            <listener-class>

                                org.springframework.web.util.IntrospectorCleanupListener</listener-class>

                        </listener>

                        <!-- Servlet de JSF -->

                        <servlet>

                            <servlet-name>Faces Servlet</servlet-name>

                            <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>

                            <load-on-startup>1</load-on-startup>

                        </servlet>

                     

                     

                        <!-- Mapping -->

                        <servlet-mapping>

                            <servlet-name>Faces Servlet</servlet-name>

                            <url-pattern>*.jsf</url-pattern>

                        </servlet-mapping>   

                     

                          <jsp-config>

                            <jsp-property-group>

                                <url-pattern>*.jspx</url-pattern>

                                <page-encoding>UTF-8</page-encoding>

                                <trim-directive-whitespaces>

                                    true

                                </trim-directive-whitespaces>

                            </jsp-property-group>

                        </jsp-config>

                     

                        <!--Este se debe sacar --> 

                     

                         <error-page>

                            <error-code>403</error-code>

                            <location>/pages/accesoDenegado.jsf</location>

                        </error-page>

                         <!-- Definicioón de las páginas de error y su correspondiente url -->

                        <session-config>

                            <session-timeout>20</session-timeout><!-- minutes of inactivity -->

                        </session-config>

                    </web-app>

                     

                     

                    my faces-config.xml is this:

                     

                    <?xml version='1.0' encoding='UTF-8'?>

                    <!DOCTYPE faces-config PUBLIC "-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.1//EN"

                              "http://java.sun.com/dtd/web-facesconfig_1_1.dtd">

                    <faces-config>

                        <application>

                            <!-- <view-handler>com.sun.facelets.FaceletViewHandler</view-handler>-->

                            <view-handler>org.ajax4jsf.application.AjaxViewHandler</view-handler>

                            <message-bundle>ar.ong.padres.web.config.properties.messages</message-bundle>

                            <!-- define el idioma -->

                            <locale-config>

                                <default-locale>es</default-locale>

                            </locale-config>

                            <variable-resolver>

                                 org.springframework.web.jsf.DelegatingVariableResolver

                            </variable-resolver>

                     

                     

                        </application>

                     

                        <managed-bean>

                            <managed-bean-name>asociadoBean</managed-bean-name>

                            <managed-bean-class>ar.ong.padres.web.bean.AsociadoBean</managed-bean-class>

                            <managed-bean-scope>request</managed-bean-scope>

                        </managed-bean>

                    </faces-config>

                     

                    the problem was solved, Thanks!! I will document now.

                    • 7. Re: richfaces and spring-security
                      turocabrera

                      Hi, I migrate of richfaces 3.3.3.Final to richfaces 4.0.0.Final. My project contains :

                      richfaces 4.0.0.Final

                      JSF 2.0

                      Spring 3.0.3.RELEASE

                      Spring-security 3.0.5.RELEASE

                       

                      I have a problem with spring-security. My app work ok without spring-security. but if I used spring-security, the richfaces css not  accessed.

                       

                      my web.xml this is:

                       

                          <!-- configuracion para el update de archivos. -->

                          <context-param>

                              <param-name>org.richfaces.fileUpload.maxRequestSize</param-name>

                              <param-value>10000000</param-value>

                          </context-param>

                          <context-param>

                              <param-name>org.richfaces.fileUpload.createTempFiles</param-name>

                              <param-value>true</param-value>

                          </context-param>

                       

                           <context-param>

                                <param-name>javax.faces.PROJECT_STAGE</param-name>

                                <param-value>Development</param-value>

                           </context-param>

                           <context-param>

                                <param-name>javax.faces.SKIP_COMMENTS</param-name>

                                <param-value>true</param-value>

                           </context-param>

                       

                          <!-- PARA QUE EL JBOSS USE EL MYFACES DEL WAR -->

                       

                          <context-param>   

                              <param-name>javax.faces.DEFAULT_SUFFIX</param-name>

                              <param-value>.jspx</param-value>

                          </context-param>

                       

                          <context-param>

                              <param-name>javax.faces.FACELETS_VIEW_MAPPINGS</param-name>

                              <param-value>*.jspx</param-value>

                          </context-param>

                       

                          <context-param>

                                <param-name>org.richfaces.skin</param-name>

                                <param-value>blueSky</param-value>

                          </context-param>

                       

                          <context-param>

                                <param-name>javax.faces.STATE_SAVING_METHOD</param-name>

                                <param-value>server</param-value>

                          </context-param>

                          <context-param>

                                <param-name>facelets.DEVELOPMENT</param-name>

                                <param-value>true</param-value>

                           </context-param>

                          <!-- PARA QUE EL JBOSS USE EL MYFACES DEL WAR -->

                       

                          <context-param>

                              <param-name>javax.faces.application.CONFIG_FILES</param-name>

                              <param-value>/WEB-INF/faces-config.xml</param-value>

                          </context-param>

                       

                          <!-- Fin de la carga -->

                       

                          <!-- Carga de componentes del contexto del aplicativo -->

                          <context-param>

                              <param-name>contextConfigLocation</param-name>

                              <param-value>

                                  classpath:applicationContext.xml           

                              </param-value>

                          </context-param>

                          <!--

                          <context-param>

                              <description>

                                  La pagina de error HTTP 500 sea customizada y no la de default

                                </description>

                              <param-name>org.apache.myfaces.ERROR_HANDLING</param-name>

                              <param-value>true</param-value>

                          </context-param>

                           -->

                          <!-- Listener que tiene que estar para que funcione spring -->

                          <listener>

                              <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

                          </listener>

                          <!-- Listener que tiene que estar para que funcione spring-security -->

                          <listener>

                            <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>                    

                          </listener>

                       

                      <!-- IntrospectorCleanupListener -->

                          <listener>

                              <listener-class>

                                  org.springframework.web.util.IntrospectorCleanupListener</listener-class>

                          </listener>

                       

                       

                          <listener>

                              <listener-class>com.sun.faces.config.ConfigureListener</listener-class>

                          </listener>

                       

                          <listener>

                              <listener-class>

                                  org.springframework.web.context.request.RequestContextListener</listener-class>

                          </listener>

                          <!-- Filtros-->

                       

                          <!-- Filtro encoding. Define la codificación de caracteres en la que se representarán las páginas -->

                       

                          <!-- Filtro de spring-security, determina o define la seguridad del aplicativo  -->

                          <filter>

                              <filter-name>Spring security Filter Chain Proxy</filter-name>

                              <filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>

                       

                              <init-param>

                                  <param-name>targetBean</param-name>

                                  <param-value>filterChainProxy</param-value>

                              </init-param>

                          </filter>

                       

                       

                          <filter-mapping>

                             <filter-name>Spring security Filter Chain Proxy</filter-name>

                             <url-pattern>*.jsf</url-pattern>

                             <dispatcher>FORWARD</dispatcher>

                             <dispatcher>REQUEST</dispatcher>

                         </filter-mapping>

                       

                         <filter-mapping>

                             <filter-name>Spring security Filter Chain Proxy</filter-name>

                             <url-pattern>*.jspx</url-pattern>

                             <dispatcher>FORWARD</dispatcher>

                             <dispatcher>REQUEST</dispatcher>

                         </filter-mapping>

                       

                       

                          <!-- Servlet de JSF -->

                          <servlet>

                              <servlet-name>Faces Servlet</servlet-name>

                              <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>

                              <load-on-startup>1</load-on-startup>

                          </servlet>

                       

                       

                          <!-- Mapping -->

                          <servlet-mapping>

                              <servlet-name>Faces Servlet</servlet-name>

                              <url-pattern>*.jsf</url-pattern>

                          </servlet-mapping>   

                       

                          <!--

                       

                           -->

                          <!-- revisar esto. -->

                       

                       

                        <servlet>

                          <description>Servlet auxiliar para ver los adjuntos</description>

                          <display-name>ImagenView</display-name>

                          <servlet-name>ImagenView</servlet-name>

                          <servlet-class>ve.gob.alcaldia.workflow.web.beans.ImagenBean</servlet-class>

                        </servlet>

                        <servlet-mapping>

                          <servlet-name>ImagenView</servlet-name>

                          <url-pattern>/pages/imagen.view</url-pattern>

                        </servlet-mapping>    

                       

                        <servlet>

                          <description>Servlet auxiliar para ver es mas de un reporte</description>

                          <display-name>ReporteView</display-name>

                          <servlet-name>ReporteView</servlet-name>

                          <servlet-class>ve.gob.alcaldia.workflow.web.beans.ReporteBean</servlet-class>

                        </servlet>

                        <servlet-mapping>

                          <servlet-name>ReporteView</servlet-name>

                          <url-pattern>/pages/reporte.view</url-pattern>

                        </servlet-mapping>

                       

                           <!-- Definicion de paginas de errores JSF -->

                       

                           <error-page>

                              <error-code>403</error-code>

                              <location>/pages/accesoDenegado.jsf</location>

                          </error-page>

                       

                           <!-- Definicioón de las páginas de error y su correspondiente url -->

                          <session-config>

                              <session-timeout>20</session-timeout><!-- minutes of inactivity -->

                          </session-config>

                       

                       

                      My security config this is:

                       

                      <bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">

                               <property name="authenticationManager">

                                   <ref bean="authenticationManager"/>

                               </property>

                               <property name="accessDecisionManager" ref="accessDecisionManager" />

                               <property name="objectDefinitionSource">

                       

                                <security:filter-invocation-definition-source path-type="ant" lowercase-comparisons="true">

                       

                                         <security:intercept-url pattern="/pages/login.jspx" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/pages/login.jsf" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/static/**" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/a4j/*" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/a4j/**" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/**/*.js" access="PERMISSION_ANONYMOUS_USER"/>                  

                                         <security:intercept-url pattern="/**/*.png" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/**/*.gif" access="PERMISSION_ANONYMOUS_USER"/>                  

                                         <security:intercept-url pattern="/**/*.jpg" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/**/*.css" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/richfaces/*" access="PERMISSION_ANONYMOUS_USER"/>                  

                                         <security:intercept-url pattern="/richfaces/**" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/org.richfaces.css/*" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/org.richfaces.css/**" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/static-resources/*" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/static-resources/**" access="PERMISSION_ANONYMOUS_USER"/>

                                         <security:intercept-url pattern="/javax.faces.resource/**" access="PERMISSION_ANONYMOUS_USER" />                                   

                                        <security:intercept-url pattern="/pages/bandejaentradatramite.jsf" access="PERMISSION_WORKFLOW_USER"/>

                       

                      .....

                      • 8. richfaces and spring-security
                        velastiqui

                        hi Arturo!

                        you add the next rule, for example:

                        /rfres/**=ROLE_ALWAYS,ROLE_ANONYMOUS,ROLE_EMFORGEUSER

                         

                        this rule include the ccs for RichFaces


                        • 9. Re: richfaces and spring-security
                          turocabrera

                          Thanks. Now, the app work ok. But, now I have a problem with FileUpload components.

                           

                          this component work but not running the method in the bean.

                           

                          I think it may be because it runs its own jsf js or RichFaces, a spring-security problem.

                          • 10. Re: richfaces and spring-security
                            turocabrera

                            my solution was add the following rule in the security config:

                             

                            <security:intercept-url pattern="/pages/*jsf**" access="PERMISSION_USER"/>

                             

                            with TumberData monitoring the post and I found a error 403 (for spring-security).

                             

                            I not know if this, is the solution correct. But works jeje