To add if you see the spring security application config, I have the following
set:
<security:http>
<security:intercept-url pattern="/**/secure/**"
access="ROLE_USER" />
<security:intercept-url pattern="/**/operations/**"
access="ROLE_OPERATIONS"/>
</security:http>
The URL for the outcome to be forwarded to matches the second interceptor
pattern which is "/jsp/operations/user/operationsLanding.iface"
However what the filter receives is "/jsp/secure/hprelanding.jspx" which is the
old URL from where the control is being forwarded. This is not how it happens
when using jsp:forward.
Regards,
Madhav
-----Original Message-----
>From: Madhav Bhargava
>
>Hi Michael,
>
>Following are the servlet mappings:
>
><servlet-mapping>
> <servlet-name>Faces Servlet</servlet-name>
> <url-pattern>*.faces</url-pattern>
> </servlet-mapping>
>
> <servlet-mapping>
> <servlet-name>Faces Servlet</servlet-name>
> <url-pattern>*.jspx</url-pattern>
> </servlet-mapping>
>
> <!-- Persistent Faces Servlet Mapping -->
> <servlet-mapping>
> <servlet-name>Persistent Faces Servlet</servlet-name>
> <url-pattern>*.iface</url-pattern>
> </servlet-mapping>
>
>The navigation case in faces-config.xml is:
>
><navigation-rule>
> <navigation-case>
> <from-outcome>OPERATION_LANDING</from-outcome>
>
> <to-view-id>/jsp/operations/user/operationsLanding.iface</to-view-id>
> </navigation-case>
></navigation-rule>
>
>This has been configured as per the icefaces documentation. If we disregard
>spring security filter issue the >forward happens properly. Spring security
>filter gets invoked once after the return "OPERATION_LANDING" from >within the
>action method has been executed. The strange part is that the URL is still the
>previous one.
>
>It is strange because when using jsp:forward from index.jsp to login.jsp
>spring security filter gets both the >URL's.
>
>What could be the issue?
>
>Regards,
>Madhav
>
>
>From: Michael Kurz [mailto:[email protected]]
>Hi,
>
>which mapping do you use for your faces servlet: postfix (like *.jsf) or
>prefix (like /faces/*)? Maybe the "real" JSF urls are not listed in your
>intercepter config.
>
>regards
>Michael
>
>Madhav Bhargava schrieb:
> Hi All,
>
> I am using myfaces 1.1, icefaces 1.8.1, spring 2.5.6, spring security -2.0.5,
> WAS 6.0 (app server)
>
> I have configured spring security for my JSF application along with
> SiteMinder as an external authentication mechanism. It works fine till a
> forward happens from within myfaces.
>
> Here is my spring servlet filter chain declaration:
> <filter>
> <description>
> Spring delegating filter which will initiate
> the spring
> security filter chain
> </description>
> <display-name>springSecurityFilterChain</display-name>
> <filter-name>springSecurityFilterChain</filter-name>
> <filter-class>
>
> org.springframework.web.filter.DelegatingFilterProxy
> </filter-class>
> </filter>
>
> <filter-mapping>
> <filter-name>springSecurityFilterChain</filter-name>
> <url-pattern>/*</url-pattern>
> <dispatcher>FORWARD</dispatcher>
> <dispatcher>REQUEST</dispatcher>
> </filter-mapping>
>
> And in my spring application context I have followed the advice from spring
> forums and done necessary settings:
> Excerpt is:
>
> <security:http
> entry-point-ref="preAuthenticatedProcessingFilterEntryPoint"
> once-per-request="false">
> <security:intercept-url pattern="/index.jsp" filters="none" />
> <security:intercept-url pattern="/login.jsp" filters="none" />
> <security:intercept-url pattern="/authenticationservlet"
> filters="none"/>
> <security:intercept-url pattern="**/jsp/common/**"
> filters="none"/>
> <security:intercept-url pattern="/**/css/**" filters="none"/>
> <security:intercept-url pattern="/**/*.js" filters="none"/>
> <security:intercept-url pattern="/images/**" filters="none"/>
> <security:intercept-url pattern="/**/secure/**"
> access="ROLE_USER" />
> <security:intercept-url pattern="/**/operations/**"
> access="ROLE_OPERATIONS"/>
> <security:intercept-url pattern="/**"
> access="IS_AUTHENTICATED_ANONYMOUSLY" />
> </security:http>
>
> Now when I forward a request from index.jsp to login.jsp then the spring
> filters are called with the login.jsp URL even though the browser shows the
> old URL.
>
> However when from within an action method a navigation case is handled then
> it is not intercepted by the spring filters at all. However if I give a
> <redirect/> then it is properly intercepted with the correct URL as expected.
>
> What can be the reason?
>
> Regards,
> Madhav
>
