Differences between revisions 9 and 10
Revision 9 as of 2008-10-10 01:28:27
Size: 3930
Revision 10 as of 2009-09-20 23:01:08
Size: 3938
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
* See [http://mail-archives.apache.org/mod_mbox/myfaces-users/200507.mbox/%3Cc206dbe9050701014965b20172@mail.gmail.com%3E Re: Acegi and JSF integration] * See [[http://mail-archives.apache.org/mod_mbox/myfaces-users/200507.mbox/%3Cc206dbe9050701014965b20172@mail.gmail.com%3E|Re: Acegi and JSF integration]]
Line 14: Line 14:
* Solution [http://ocpsoft.com/java/acegi-spring-security-jsf-login-page/ Lincoln's Solution: Acegi and JSF Native Login Page] * Solution [[http://ocpsoft.com/java/acegi-spring-security-jsf-login-page/|Lincoln's Solution: Acegi and JSF Native Login Page]]
Line 16: Line 16:
* Other Solution [http://jroller.com/page/vtatai Victor's Blog] * Other Solution [[http://jroller.com/page/vtatai|Victor's Blog]]
Line 18: Line 18:
* Other Solution [http://www.jroller.com/page/fairTrade?entry=integrating_acegi_and_jsf_revisited Integrating Acegi and JSF: Revisited] * Other Solution [[http://www.jroller.com/page/fairTrade?entry=integrating_acegi_and_jsf_revisited|Integrating Acegi and JSF: Revisited]]

Using Java Server Pages with Acegi Security:

The Acegi Security home page is http://www.acegisecurity.org/

* Cagatay Civici's Acegi Components are at http://www.jroller.com/page/cagataycivici?entry=acegi_jsf_components_hit_the

Incompatibility Problem

The problem is that, as is, the login page created with JSF is not compatible with Acegi, but there are a few solutions for this (see below:)

* See Re: Acegi and JSF integration

* Solution Lincoln's Solution: Acegi and JSF Native Login Page

* Other Solution Victor's Blog

* Other Solution Integrating Acegi and JSF: Revisited

MyFaces Specific Solution

This solution requires myfaces tomahawk

* To get the input fields (j_username, j_password) correct, the login page (login.jsp) has:

<%@ taglib uri="http://myfaces.apache.org/tomahawk" prefix="t"%>

<t:inputText id="j_username" forceId="true" value="#{backingBean.customerId}" size="40" maxlength="80"></t:inputText>

<t:inputSecret id="j_password" forceId="true" value="#{backingBean.password}" size="40" maxlength="80" redisplay="true"></t:inputSecret>

<h:commandButton action="login" value="#{messages.page_signon}"/>

<h:messages id="messages" layout="table" globalOnly="true" showSummary="true" showDetail="false"/>

* To send to the correct destination (/j_acegi_security_check.jsp), faces-config.xml has:

                <redirect />

* applicationContext.xml has:

<bean id="formAuthenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="filterProcessesUrl">
        <property name="authenticationFailureUrl">
        <property name="defaultTargetUrl">
        <property name="authenticationManager">
                <ref bean="authenticationManager" />

* To make sure that the page forwarded to /j_acegi_security_check.jsp goes through the Acegi Filter Chain Proxy, web.xml has:

        <filter-name>Acegi Filter Chain Proxy</filter-name>

* Finally, to display any acegi errors, the backing bean has:

(this code can be called anywhere in the backing bean as long as it happens before the <h:messages> tag at the end)

Exception ex = (Exception)FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY);
if (ex != null)
        FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, ex.getMessage(), ex.getMessage()));

Problem when using <jsp:forward />

When using <jsp:forward /> to send the user to a page she is not authorized to, the Acegi Security filter chain is only triggered if org.acegisecurity.intercept.web.FilterSecurityInterceptor has been configured with property 'observeOncePerRequest' being set to 'false', in addition to adding the <dispatcher/> element to the filter mapping as described above.

<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
   <property name="observeOncePerRequest" value="false"/>

JSF_and_Acegi (last edited 2009-09-20 23:01:08 by localhost)