0 Replies Latest reply on Oct 20, 2010 7:26 PM by chkiron chronos

    [SOLVED] Spring Security and View could not be restored

    chkiron chronos Newbie

      Hi, all!


      Since friday night I am stuck with this problem.


      I have an application that needed authentication. Having worked with Spring Security before, I used it to provide login security for my application.


      All works fine: it intercepts the user, displays the login form and after that redirects the user to the application's main screen. However, if i log out and after that log in again, I receive an error:

       

      ERROR [[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
      javax.faces.application.ViewExpiredException: viewId:/pages/common/home.jsf - View /pages/common/home.jsf could not be restored.

       

      I have tried several different approaches, but none has worked for me.

       

      I am using JSF 1.2, RichFaces 3.3.2, Jboss 4.2.3, Spring 2.5.4, S. Security 2.0.4.


      my index.jsp, the starting point of the application:

      {code:xml}

      <%@ page session="false"%>
      <%
      response.sendRedirect("pages/common/home.jsf");
      %>

      {code}

      My web.xml:

      {code:xml}

       

      <?xml version="1.0"?>
      <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
      <description>Descritor web do Sistema da Apalurj</description>
      <!-- ======================================
                     SPRING                  
      ======================================
      Loading Application Bean's. -->
      <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath*:META-INF/contextoSpring.xml</param-value>
      </context-param>
      <!-- ======================================
                   SEGURANÇA                 
      ====================================== -->
      <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>

       

      <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>

       

      <!-- ======================================
                   RICHFACES                 
      ====================================== -->
      <context-param>
        <param-name>org.richfaces.SKIN</param-name>
        <!--<param-value>blueSky</param-value>-->
        <param-value>deepMarine</param-value>
      </context-param>
      <!-- ======================================
                       JSF                   
      ====================================== -->
      <context-param>
        <param-name>javax.faces.CONFIG_FILES</param-name>
        <param-value>/WEB-INF/faces-config.xml,
                  /WEB-INF/faces-beans.xml,
                  /WEB-INF/faces-navegacao.xml</param-value>
      </context-param>
      <context-param>
        <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
        <param-value>server</param-value>
      </context-param>
      <context-param>
        <param-name>javax.faces.PARTIAL_STATE_SAVING_METHOD</param-name>
        <param-value>false</param-value>
      </context-param>

      <!-- ======================================
                    FACELETS                 
      ======================================
      Use Documents Saved as *.xhtml -->
      <context-param>
        <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
        <param-value>.xhtml</param-value>
      </context-param>
      <context-param>
        <param-name>facelets.DEVELOPMENT</param-name>
        <param-value>false</param-value>
      </context-param>
      <context-param>
        <param-name>facelets.SKIP_COMMENTS</param-name>
        <param-value>true</param-value>
      </context-param>
      <!-- Optional JSF-RI Parameters to Help Debug -->
      <context-param>
        <param-name>com.sun.faces.validateXml</param-name>
        <param-value>false</param-value>
      </context-param>
      <context-param>
        <param-name>com.sun.faces.verifyObjects</param-name>
        <param-value>false</param-value>
      </context-param>
      <filter>
        <display-name>RichFaces Filter</display-name>
        <filter-name>richfaces</filter-name>
        <filter-class>org.ajax4jsf.Filter</filter-class>
        <init-param>
         <param-name>createTempFiles</param-name>
         <param-value>false</param-value>
        </init-param>
        <init-param>
         <param-name>maxRequestSize</param-name>
         <param-value>10000000</param-value>
        </init-param>
      </filter>
      <filter-mapping>
        <filter-name>richfaces</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
      </filter-mapping>
      <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      </listener>
      <!-- Faces Servlet -->
      <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
      </servlet>
      <!-- Faces Servlet Mapping -->
      <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.jsf</url-pattern>
      </servlet-mapping>
      <filter>
        <filter-name>filtroAntiCache</filter-name>
        <filter-class>br.org.apalurj.infra.FiltroAntiCache</filter-class>
      </filter>

       

      <filter-mapping>
        <filter-name>filtroAntiCache</filter-name>
        <url-pattern>*.jsf</url-pattern>
      </filter-mapping>

       


      <!-- ======================================
                      GERAL                  
      ======================================
      Welcome files -->
      <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
      </welcome-file-list>

      <login-config>
        <auth-method>BASIC</auth-method>
      </login-config>

       

      </web-app>

      {code}

       

      My spring security configuration:

       

      {code:xml}

       

      <?xml version="1.0" encoding="UTF-8"?>

       

      <beans:beans xmlns="http://www.springframework.org/schema/security"
          xmlns:beans="http://www.springframework.org/schema/beans"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://www.springframework.org/schema/beans
                               http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                              http://www.springframework.org/schema/security
                               http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

       

          <http auto-config="true" >

       

              <intercept-url pattern="/**/*.js" filters="none" access="ROLE_OPER,ROLE_ADMIN,ROLE_ANONYMOUS"/>
              <intercept-url pattern="/**/*.png" filters="none" access="ROLE_OPER,ROLE_ADMIN,ROLE_ANONYMOUS"/>
                <intercept-url pattern="/**/*.css" filters="none" access="ROLE_OPER,ROLE_ADMIN,ROLE_ANONYMOUS"/>
                <intercept-url pattern="/**/*.gif" filters="none" access="ROLE_OPER,ROLE_ADMIN,ROLE_ANONYMOUS"/>
                <intercept-url pattern="/**/*.jpg" filters="none" access="ROLE_OPER,ROLE_ADMIN,ROLE_ANONYMOUS"/>
              <intercept-url pattern="/login.jsp*" filters="none"/>
              <intercept-url pattern="/**" access="ROLE_OPER,ROLE_ADMIN" />
              <form-login authentication-failure-url="/login.jsp?login_error=1"
                          default-target-url="/login.jsp"
                          login-page="/login.jsp"/>
              <logout logout-success-url="/login.jsp" />

       

          </http>

       

          <authentication-provider>
          <password-encoder hash="md5" />
              <jdbc-user-service     data-source-ref="dataSource"
                                  users-by-username-query="SELECT login as username, senha as password, flgAtivo as enabled FROM Usuario U where login=?"
                                  authorities-by-username-query="SELECT login as username, case idPerfil when 1 then 'ROLE_ADMIN' when 2 then 'ROLE_OPER' END as authority FROM Usuario U where login=?" />
          </authentication-provider>

       

      </beans:beans>

      {code}

       

       

      Among the several attempts to solve this problem, I tried:

       

      web.xml:

      {code:xml}

       

      ...

      <context-param>
          <param-name>org.ajax4jsf.handleViewExpiredOnClient</param-name>
          <param-value>true</param-value>
      </context-param>
      <context-param>
          <param-name>com.sun.faces.enableRestoreView11Compatibility</param-name>
          <param-value>true</param-value>
      </context-param>

      ...

      {codel}

       

      And in the application's main page:

       

      {code:xml}

       

      ...

      <script type="text/javaScript">
           A4J.AJAX.onExpired= function(){
                alert('aaa');
      }
           A4J.AJAX.onError= function(){
               alert('bbb');
          }

      </script>

      ...

      {codel}

       

      to no avail. Instead of an error, I get a weird xml page.

       

      Does anyone have a clue for me? I am without ideas. I am almost sure that the problem is in session management, but I could not work it out to build a proper configuration.


      thank you in advance!

       

      PS: i am unable to properly format the post with code:xml...

       

      ------------------------------------------------------------------------------------------------------------------------

      20/10/2010


      I solved the problem. It occurred because I called Spring Security's logout URL in an Ajax method (rich:menu). I put it in a html form, action poiting to logout URL and when the user clicks in the menu, I submit the form through java script.