0

I have a login form ,a jsf backing login bean ,and a user details service. Although the user is authenticated he is not redirected to the landing page. The bean authenticates the user thru the UserDetailsService w/o any problem.

package com.emredincer.yetki.bean;


import javax.faces.bean.ManagedBean;
import javax.faces.bean.ManagedProperty;
import javax.faces.bean.RequestScoped;
import javax.security.sasl.AuthenticationException;

import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

import com.emredincer.yetki.entity.Kullanici;
import com.emredincer.yetki.service.IKullaniciService;

@ManagedBean(name = "loginBean")
@RequestScoped
public class LoginBean {



    private String username = null;
    private String password = null;

    @ManagedProperty(value="#{authenticationManager}")
    private AuthenticationManager authenticationManager = null;

    @ManagedProperty("#{KullaniciServiceImpl}")
    private IKullaniciService kullaniciServis;

    private Kullanici kullanici = new Kullanici();



    public String login(){

        try{
            Authentication request = new UsernamePasswordAuthenticationToken(this.getUsername(), this.getPassword());
            Authentication result = authenticationManager.authenticate(request);
            SecurityContextHolder.getContext().setAuthentication(result);
        }
        catch(Exception e){

            e.printStackTrace();
            return "incorrect";
        }
     return "correct"; 

    }

    public String logout(){

        SecurityContextHolder.clearContext();
        return "loggedout";
    }

    public AuthenticationManager getAuthenticationManager() {
        return authenticationManager;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }
    public IKullaniciService getKullaniciServis() {
        return kullaniciServis;
    }

    public void setKullaniciServis(IKullaniciService kullaniciServis) {
        this.kullaniciServis = kullaniciServis;
    }

    public Kullanici getKullanici() {
        return kullanici;
    }

    public void setKullanici(Kullanici kullanici) {
        this.kullanici = kullanici;
    }

}


    <http auto-config="true">

         <intercept-url pattern="/web/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
         <intercept-url pattern="/**" access="ROLE_USER" />

         <form-login login-page="/web/login.xhtml" 

        authentication-success-handler-ref="successHandler"
         />

    </http>

    <authentication-manager alias="authenticationManager">

            <authentication-provider  user-service-ref="kullaniciDetayServisi" />

    </authentication-manager>


    </beans:beans>


public class CustomAuthSuccessHandler implements AuthenticationSuccessHandler {




    public void onAuthenticationSuccess(HttpServletRequest arg0,
            HttpServletResponse arg1, Authentication arg2) throws IOException,
            ServletException {
        arg1.sendRedirect(arg0.getContextPath() + "/main.xhtml");

    }
}

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
    xmlns:h="http://java.sun.com/jsf/html"
    xmlns:f="http://java.sun.com/jsf/core"
    xmlns:ui="http://java.sun.com/jsf/facelets">
<h:head>
</h:head>
<h:body>
    <div align="center" style="">
        <h:form  id="loginFormId" prependId="false">
                <div id="loginFieldsPnlId">
                    <div id="loginFieldUsrContId">
                        <h:outputText id="outTxtUserNameId" value="Username: " name="outTxtUserNameNm"></h:outputText>
                        <h:inputText id="userName" required="true" value="#{loginBean.username}" requiredMessage="Please enter username"></h:inputText>
                        <h:outputLabel id="outLblUserNameId" for="userName" name="outLblUserNameNm"></h:outputLabel>
                    </div>
                    <div id="loginFieldPassContId">
                        <h:outputText id="outTxtPasswordId" value="Password: " name="outTxtPasswordNm"></h:outputText>
                        <h:inputSecret id="password"  required="true" value="#{loginBean.password}" requiredMessage="Please enter password" name="inTxtPasswordNm"></h:inputSecret>
                        <h:outputLabel id="outLblPasswordId" for="password" name="outLblPasswordNm"></h:outputLabel>
                    </div>
                </div>
                <div id="loginBtnPanelId">
                    <h:commandButton id="btnLoginId" value="Login" action="#{loginBean.login}" styleClass="loginPanelBtn" ajax="false"></h:commandButton>
                    <h:commandButton id="btnCancelId" value="Cancel" action="#{loginBean.cancel}" styleClass="loginPanelBtn" immediate="true" update="loginFormId"></h:commandButton>
                </div>
        </h:form>
    </div>
    <div>
        <h:messages></h:messages>
    </div>
</h:body>
</html>
desperado06
  • 352
  • 2
  • 13

1 Answers1

0

i resolved the issue by modifying the login method's return statement

public String login(){

    try{
        Authentication request = new UsernamePasswordAuthenticationToken(this.getUsername(), this.getPassword());
        Authentication result = authenticationManager.authenticate(request);
        SecurityContextHolder.getContext().setAuthentication(result);
    }
    catch(Exception e){

        e.printStackTrace();
        return "incorrect";
    }
 return "/main.xhtml"; 

}
desperado06
  • 352
  • 2
  • 13
  • This will perform a forward, not a redirect, which is technically quite different. The underlying technical requirements for both ways of navigation is definitely not exchangable (idempotent vs non-idempotent). Hopefully you understand its implications as to client behavior and user experience. As to your concrete problem, the cause is not visible in the information provided so far, but you need to make sure you perform login without ajax (e.g. remove f:ajax, or if you're using primefaces button, set ajax="false"). – BalusC Jan 26 '16 at 09:12
  • thanks for your reply , what is the diff between forward and redirect from the user's point of view? can you please provide a short explanation – desperado06 Jan 26 '16 at 10:06
  • i see , unfortunately what i need is a redirect but not forward. i pasted my login.xhtml , do you have any idea why i can not redirect? – desperado06 Jan 26 '16 at 10:15