chemic
Reputation: 21
how to set spring security logout in jsf..?
I'm very much a nubie in springsecurity and jsf, and I've a problem when implementing spring security logout in jsf..
my application :
springframework 3.0.2
jsf 2.0
primefaces 3.1.1
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Production</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/app-config.xml</param-value>
</context-param>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/app-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>faces/index.jsp</welcome-file>
</welcome-file-list>
</web-app>
app-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<!-- Scans the classpath of this application for @Components to deploy as beans -->
<context:component-scan base-package="com.raistudies" />
<!-- Importing Spring Security Settings -->
<import resource="security.xml"/>
<!-- Configures the @Controller programming model -->
<mvc:annotation-driven />
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/userPage/"/>
<property name="suffix" value=".xhtml"/>
</bean>
<context:property-placeholder location="/WEB-INF/jdbc.properties" />
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${app.jdbc.driverClassName}" />
<property name="url" value="${app.jdbc.url}" />
<property name="username" value="${app.jdbc.username}" />
<property name="password" value="${app.jdbc.password}" />
</bean>
</beans>
security.xml
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/assets/previews/**" access="permitAll" />
<intercept-url pattern="/assets/thumbs/**" access="permitAll" />
<intercept-url pattern="/css/**" access="permitAll"/>
<intercept-url pattern="/design/**" access="permitAll" />
<intercept-url pattern="/images/**" access="permitAll" />
<intercept-url pattern="/js/**" access="permitAll" />
<intercept-url pattern="/pageAllNews/**" access="permitAll" />
<intercept-url pattern="/pageLogin/**" access="permitAll" />
<intercept-url pattern="/resources/css/**" access="permitAll" />
<intercept-url pattern="/resources/skins/tn3/**" access="permitAll" />
<intercept-url pattern="/templates/**" access="permitAll"/>
<intercept-url pattern="/userPage/**" access="permitAll" />
<intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<intercept-url pattern="/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')"/>
<form-login login-processing-url="/j_spring_security_check"
login-page="/userPage/login.jsp"
default-target-url="/userPage/home.jsf"
authentication-failure-url="/userPage/login.jsp" />
<logout logout-success-url="/userPage/login.jsp"/>
<remember-me />
</http>
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5"/>
<jdbc-user-service data-source-ref="dataSource" />
</authentication-provider>
</authentication-manager>
</b:beans>
I've tried implementing button logout in jsf.page but it does not work..
<h:outputLink value="${request.contextPath}/j_spring_security_logout">logout</h:outputLink>
Can anyone help me to solve this problem..?
agungdmt
Upvotes: 0
Views: 9228
Answers (3)
Alvaro C.
Reputation: 171
Work for my
<h:form id="formExit" >
<p:commandLink ajax="true" action="/userPage/login.jsp" oncomplete="jQuery.get('{request.contextPath}/j_spring_security_logout')">
<p:outputLabel value="Logout" />
</p:commandLink>
</h:form>
Upvotes: 0
smeyerske
Reputation: 1
Concerning the login question. You can have a look at my answer provided @ How to use Spring security with Primefaces question.
Concerning the logout, you can define a navigation case directing the logout action to a logout page e.g. logout.xhtml and then make sure you have the following defined in spring security
<security:logout logout-url="logout.xhtml"
logout-success-url="logout_success.xhtml" invalidate-session="true" />
In this way you're able do stuff in the managed bean before actually navigate and perform the logout action in spring security as such.
Upvotes: 0
storm_buster
Reputation: 7568
replace this
<h:outputLink value="${request.contextPath}/j_spring_security_logout">logout</h:outputLink>
whit this
<h:outputLink value="${pageContext.request.contextPath}/j_spring_security_logout">logout</h:outputLink>
Upvotes: 3
Related Questions
- JSF Spring security log out button
- how to correctly logout user in spring security
- Implement 'logout' functionality in Spring Boot
- Spring security logout handling
- Spring Logout not working and redirecting
- Logout with Spring Security with Java configuration
- Spring security logout call
- How do I create a logout with Spring Security?
- Logout in Spring Security does not work
- Cannot redirect to logout page