Search code examples
jsf-2spring-securityprettyfaces

Authentication(Spring Security) object is null when URL is not mapped by PrettyFaces

  1. I'm using JSF(Primefaces), Spring, Spring Security, MyBatis and PrettyFaces in my application.
  2. I've a URL not mapped by PrettyFaces.
  3. This url redirect to XHTML page. XHTML page is mapped with Spring Security and is associated a role of my application
  4. In XHTML page I invoke a Authentication object. This object store user logged in my application.
  5. When I enter to url ocurrs a exception because Authentication object is null
  6. But when I mapped url, Authentication object return value stored user.

What's happening?

This is log of my webapp:

40094 [http-8080-6] TRACE com.ocpsoft.pretty.PrettyContext  - Initialized PrettyContext
 40094 [http-8080-6] TRACE com.ocpsoft.pretty.PrettyContext  - Initialized PrettyContext
 40094 [http-8080-6] TRACE com.ocpsoft.pretty.PrettyFilter  - Request is not mapped using PrettyFaces. Continue.
 40094 [http-8080-6] TRACE com.ocpsoft.pretty.PrettyContext  - Initialized PrettyContext
 40094 [http-8080-6] TRACE com.ocpsoft.pretty.PrettyContext  - PrettyContext not found in Request - building new instance
 40094 [http-8080-6] DEBUG org.springframework.faces.support.RequestLoggingPhaseListener  - Entering JSF Phase: RESTORE_VIEW 1
 40141 [http-8080-6] TRACE com.ocpsoft.pretty.PrettyContext  - Retrieved PrettyContext from Request
 40141 [http-8080-6] TRACE com.ocpsoft.pretty.faces.beans.ParameterInjector  - Validating parameters.
 40141 [http-8080-6] TRACE com.ocpsoft.pretty.PrettyContext  - Retrieved PrettyContext from Request
 40141 [http-8080-6] TRACE com.ocpsoft.pretty.faces.beans.ParameterInjector  - Injecting parameters
 40141 [http-8080-6] TRACE com.ocpsoft.pretty.PrettyContext  - Retrieved PrettyContext from Request
 40141 [http-8080-6] TRACE com.ocpsoft.pretty.PrettyContext  - Retrieved PrettyContext from Request
 40141 [http-8080-6] INFO  com.indra.siguip.view.exceptions.SiguipExceptionHandler  - Entrando al manejador de Excepciones del JSF
 40141 [http-8080-6] TRACE com.ocpsoft.pretty.PrettyContext  - Retrieved PrettyContext from Request
 40141 [http-8080-6] DEBUG org.springframework.faces.support.RequestLoggingPhaseListener  - Entering JSF Phase: APPLY_REQUEST_VALUES 2
 40141 [http-8080-6] INFO  com.indra.siguip.view.exceptions.SiguipExceptionHandler  - Entrando al manejador de Excepciones del JSF
 40141 [http-8080-6] TRACE com.ocpsoft.pretty.PrettyContext  - Retrieved PrettyContext from Request
 40141 [http-8080-6] DEBUG org.springframework.faces.support.RequestLoggingPhaseListener  - Entering JSF Phase: PROCESS_VALIDATIONS 3
 40141 [http-8080-6] TRACE org.springframework.web.jsf.el.SpringBeanFacesELResolver  - Successfully resolved variable 'applicationConfig' in Spring BeanFactory
 40141 [http-8080-6] TRACE org.springframework.web.jsf.el.SpringBeanFacesELResolver  - Successfully resolved variable 'menuGeneratorService' in Spring BeanFactory
 28/05/2013 07:54:00 PM com.sun.faces.lifecycle.ProcessValidationsPhase execute
ADVERTENCIA: Se ha producido un error al realizar la inyección de recurso en el bean administrado menuController
com.sun.faces.mgbean.ManagedBeanCreationException: Se ha producido un error al realizar la inyección de recurso en el bean administrado menuController
    at com.sun.faces.mgbean.BeanBuilder.invokePostConstruct(BeanBuilder.java:229)

This is my configuration of Spring Securiy and PretyFaces

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
  </filter-mapping>
  <filter>
    <filter-name>Pretty Filter</filter-name>
    <filter-class>com.ocpsoft.pretty.PrettyFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>Pretty Filter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ERROR</dispatcher>
  </filter-mapping>

PD: I've change topic to be more explicit

Solution

  • You have only configured your spring-security filter to handle FORWARD requests, it also needs to handle other types:

    <filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  <dispatcher>INCLUDE</dispatcher>
  <dispatcher>ERROR</dispatcher>
</filter-mapping>

    PrettyFaces does not FORWARD the request if it is not handled by the framework, therefore, the dispatch type remains REQUEST, and the Spring Security filter never executes.