5 Replies Latest reply on Dec 7, 2009 6:08 AM by Nick Belaevski

    RichFaces 3.3.2 SR1 redirect after successful login to

    Edgie Bo Newbie

      Hello this issue seems to be similar to:

      http://www.jboss.org/index.html?module=bb&op=viewtopic&t=133124&start=0&postdays=postDays&postorder=postOrder&highlight=highlight

      but encountered with RichFaces 3.3.2 SR1.

      I applied solution found in Jira:
      https://jira.jboss.org/jira/browse/RF-2985
      No luck. . .
      I can access file directly from browser:
      http://localhost:8080/{CONTEXT-PATH}/faces/a4j_resource/org/richfaces/renderkit/html/scripts/skinning.js


      Here is some related observation:

      1. I clean browser cache and refresh login pageCTRL+F5
      2. Firebug shows that:
      401 Failed to load source for:
      http://localhost:8080/CONTEXT-PATH}/faces/a4j/s/3_3_2.SR1org/richfaces/renderkit/html/css/extended_classes.xcss/DATB/eAH7qrKnJXT5DGkAFDwECQ__;jsessionid=B9BA4C5419758AECFDFEBEF5E3C5A2FB
      401 Failed to load source for:
      http://localhost:8080/CONTEXT-PATH}/faces/a4j/s/3_3_2.SR1org/richfaces/renderkit/html/css/basic_classes.xcss/DATB/eAH7qrKnJXT5DGkAFDwECQ__;jsessionid=B9BA4C5419758AECFDFEBEF5E3C5A2FB
      401 Failed to load source for:
      http://localhost:8080/CONTEXT-PATH}/faces/a4j/g/3_3_2.SR1org/richfaces/renderkit/html/scripts/skinning.js


      3. Three browser pop-up windows shows up asking for user name and password, even they are not part of application.
      4. After entering user/pass 3 times fire bug shows:

      first resource css(xcss): 200 ok -> content of css received in response
      second resource css(xcss): 200 ok -> content of css received in response
      third resource css(xcss): 200 ok -> correct content of javascript is not received.
      Response has this message: "Processing authentication... Processing authentication... Processing authentication..."

      5. I'm able to enter user/pass to my applications login window
      6. After successful login -- request is made for javascript file previously failed to receive.
      7. javascripts file content shown in browser window
      8 after logout and then login, everything is ok I see application,
      9. Sometimes it is not javascript file, but one of those css(xcss).
      10. If I set
       <context-param>
       <param-name>org.richfaces.LoadStyleStrategy</param-name>
       <param-value>NONE</param-value>
       </context-param>
      

      then javascript file doesn't appear, but application style is broken down.

      Please help me find solution to this issue.


        • 1. Re: RichFaces 3.3.2 SR1 redirect after successful login to
          Nick Belaevski Master

          Hi,

          Are you using Seam, Spring? Are there any secured web resources declared in web.xml?

          • 2. Re: RichFaces 3.3.2 SR1 redirect after successful login to j
            Edgie Bo Newbie

             

            "nbelaevski" wrote:
            Hi,

            Are you using Seam, Spring? Are there any secured web resources declared in web.xml?


            Howdy,

            I do use Tomcat and Spring.

            This configuration found in web.xml might be causing problems
            <filter-mapping>
             <filter-name>Acegi Filter Chain Proxy</filter-name>
             <url-pattern>/*</url-pattern>
             </filter-mapping>
            


            I was thinking configuration found in Jira ticket RF-2985 will make those files accessible without authentication:
            <context-param>
             <param-name>org.ajax4jsf.RESOURCE_URI_PREFIX</param-name>
             <param-value>a4j_resource</param-value>
             </context-param>
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>{ANY-NAME-YOU-WANT}</web-resource-name>
             <description>
             Allow users to access pictures and css.
             </description>
             <url-pattern>/images/*</url-pattern>
             <url-pattern>/a4j_resource/*</url-pattern>
             </web-resource-collection>
             </security-constraint>
            



            After I clear browser cache, I am asked to enter user/pass for all those three resources before login page is shown (actually it is visible behind 3 pop-up windows). I enter user/pass three times, but one of the files - usually javascript file - is not downloaded, response only contains this message:
            "Processing authentication... Processing authentication... Processing authentication..."


            Then I login to my application and I'm redirected to javascript file. This happens only once, if I do not clear browsers cache.

            • 3. Re: RichFaces 3.3.2 SR1 redirect after successful login to
              Nick Belaevski Master

              Configure Acegi to skip authentication for "a4j_resource" requests.

              • 4. Re: RichFaces 3.3.2 SR1 redirect after successful login to
                Edgie Bo Newbie

                 

                "nbelaevski" wrote:
                Configure Acegi to skip authentication for "a4j_resource" requests.


                Configuration rule in blue in acegi-security-beans.xml resolved issue. Nick, thanks for help.
                Is it possible to turn-off "skinning.js" file in RichFaces 3.3.2.SR1?

                 <bean id="filterInvocationInterceptor"
                 class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
                 <property name="authenticationManager"
                 ref="authenticationManager" />
                 <property name="accessDecisionManager">
                 <bean class="org.acegisecurity.vote.AffirmativeBased">
                 <property name="allowIfAllAbstainDecisions"
                 value="false" />
                 <property name="decisionVoters">
                 <list>
                 <bean class="org.acegisecurity.vote.RoleVoter" />
                 <bean class="org.acegisecurity.vote.AuthenticatedVoter" />
                 </list>
                 </property>
                 </bean>
                 </property>
                 <property name="objectDefinitionSource">
                 <value>
                 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                 PATTERN_TYPE_APACHE_ANT
                 /login.xhtml=ROLE_ANONYMOUS,ROLE_USER
                 /index.html=ROLE_ANONYMOUS,ROLE_USER
                 /css/**=ROLE_ANONYMOUS,ROLE_USER
                 /expired.xhtml=ROLE_ANONYMOUS,ROLE_USER
                 /js/**=ROLE_ANONYMOUS,ROLE_USER faces/a4j/**=ROLE_ANONYMOUS,ROLE_USER
                 </value>
                 </property>
                 </bean>
                





                • 5. Re: RichFaces 3.3.2 SR1 redirect after successful login to
                  Nick Belaevski Master

                   

                  Is it possible to turn-off "skinning.js" file in RichFaces 3.3.2.SR1?

                  Yes, turn off standard skinning for both controls and classes or just extended skinning.