5 Replies Latest reply on Dec 7, 2009 6:08 AM by nbelaevski

RichFaces 3.3.2 SR1 redirect after successful login to

edgie Dec 5, 2009 4:46 PM

Hello this issue seems to be similar to:

http://www.jboss.org/index.html?module=bb&op=viewtopic&t=133124&start=0&postdays=postDays&postorder=postOrder&highlight=highlight

but encountered with RichFaces 3.3.2 SR1.

I applied solution found in Jira:
https://jira.jboss.org/jira/browse/RF-2985
No luck. . .
I can access file directly from browser:

http://localhost:8080/{CONTEXT-PATH}/faces/a4j_resource/org/richfaces/renderkit/html/scripts/skinning.js

Here is some related observation:

1. I clean browser cache and refresh login pageCTRL+F5
2. Firebug shows that:

401 Failed to load source for:
http://localhost:8080/CONTEXT-PATH}/faces/a4j/s/3_3_2.SR1org/richfaces/renderkit/html/css/extended_classes.xcss/DATB/eAH7qrKnJXT5DGkAFDwECQ__;jsessionid=B9BA4C5419758AECFDFEBEF5E3C5A2FB
401 Failed to load source for:
http://localhost:8080/CONTEXT-PATH}/faces/a4j/s/3_3_2.SR1org/richfaces/renderkit/html/css/basic_classes.xcss/DATB/eAH7qrKnJXT5DGkAFDwECQ__;jsessionid=B9BA4C5419758AECFDFEBEF5E3C5A2FB
401 Failed to load source for:
http://localhost:8080/CONTEXT-PATH}/faces/a4j/g/3_3_2.SR1org/richfaces/renderkit/html/scripts/skinning.js

3. Three browser pop-up windows shows up asking for user name and password, even they are not part of application.
4. After entering user/pass 3 times fire bug shows:

first resource css(xcss): 200 ok -> content of css received in response
second resource css(xcss): 200 ok -> content of css received in response
third resource css(xcss): 200 ok -> correct content of javascript is not received.
Response has this message: "Processing authentication... Processing authentication... Processing authentication..."

5. I'm able to enter user/pass to my applications login window
6. After successful login -- request is made for javascript file previously failed to receive.
7. javascripts file content shown in browser window
8 after logout and then login, everything is ok I see application,
9. Sometimes it is not javascript file, but one of those css(xcss).
10. If I set

 <context-param>
 <param-name>org.richfaces.LoadStyleStrategy</param-name>
 <param-value>NONE</param-value>
 </context-param>

then javascript file doesn't appear, but application style is broken down.

Please help me find solution to this issue.

1. Re: RichFaces 3.3.2 SR1 redirect after successful login to

nbelaevski Dec 5, 2009 8:55 PM (in response to edgie)

Hi,

Are you using Seam, Spring? Are there any secured web resources declared in web.xml?
Actions
2. Re: RichFaces 3.3.2 SR1 redirect after successful login to j

edgie Dec 6, 2009 5:25 AM (in response to edgie)
"nbelaevski" wrote:
Hi,

Are you using Seam, Spring? Are there any secured web resources declared in web.xml?

Howdy,

I do use Tomcat and Spring.

This configuration found in web.xml might be causing problems
<filter-mapping> <filter-name>Acegi Filter Chain Proxy</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

I was thinking configuration found in Jira ticket RF-2985 will make those files accessible without authentication:
<context-param> <param-name>org.ajax4jsf.RESOURCE_URI_PREFIX</param-name> <param-value>a4j_resource</param-value> </context-param> <security-constraint> <web-resource-collection> <web-resource-name>{ANY-NAME-YOU-WANT}</web-resource-name> <description> Allow users to access pictures and css. </description> <url-pattern>/images/*</url-pattern> <url-pattern>/a4j_resource/*</url-pattern> </web-resource-collection> </security-constraint>

After I clear browser cache, I am asked to enter user/pass for all those three resources before login page is shown (actually it is visible behind 3 pop-up windows). I enter user/pass three times, but one of the files - usually javascript file - is not downloaded, response only contains this message:
"Processing authentication... Processing authentication... Processing authentication..."

Then I login to my application and I'm redirected to javascript file. This happens only once, if I do not clear browsers cache.
Actions
3. Re: RichFaces 3.3.2 SR1 redirect after successful login to

nbelaevski Dec 6, 2009 5:28 PM (in response to edgie)

Configure Acegi to skip authentication for "a4j_resource" requests.
Actions

4. Re: RichFaces 3.3.2 SR1 redirect after successful login to

edgie Dec 7, 2009 4:40 AM (in response to edgie)

"nbelaevski" wrote:
Configure Acegi to skip authentication for "a4j_resource" requests.

Configuration rule in blue in acegi-security-beans.xml resolved issue. Nick, thanks for help.
Is it possible to turn-off "skinning.js" file in RichFaces 3.3.2.SR1?

 <bean id="filterInvocationInterceptor"
 class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
 <property name="authenticationManager"
 ref="authenticationManager" />
 <property name="accessDecisionManager">
 <bean class="org.acegisecurity.vote.AffirmativeBased">
 <property name="allowIfAllAbstainDecisions"
 value="false" />
 <property name="decisionVoters">
 <list>
 <bean class="org.acegisecurity.vote.RoleVoter" />
 <bean class="org.acegisecurity.vote.AuthenticatedVoter" />
 </list>
 </property>
 </bean>
 </property>
 <property name="objectDefinitionSource">
 <value>
 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
 PATTERN_TYPE_APACHE_ANT
 /login.xhtml=ROLE_ANONYMOUS,ROLE_USER
 /index.html=ROLE_ANONYMOUS,ROLE_USER
 /css/**=ROLE_ANONYMOUS,ROLE_USER
 /expired.xhtml=ROLE_ANONYMOUS,ROLE_USER
 /js/**=ROLE_ANONYMOUS,ROLE_USER faces/a4j/**=ROLE_ANONYMOUS,ROLE_USER
 </value>
 </property>
 </bean>

5. Re: RichFaces 3.3.2 SR1 redirect after successful login to

nbelaevski Dec 7, 2009 6:08 AM (in response to edgie)

Is it possible to turn-off "skinning.js" file in RichFaces 3.3.2.SR1?

Yes, turn off standard skinning for both controls and classes or just extended skinning.
Actions

Go to original post