Develop Reference

Add security to spring batch admin

First of all, thanks in advance!
I'm working with Spring-Batch-Admin 1.3.1 and my processes work correctly, but now we have the goal of applying security so that only authorized people can access the processes.
The security settings are working perfectly in other applications and go against a CAS.
By doing the tests with spring-batch-admin-sample, I have placed the security configuration file in the path /META-INF/spring/cas-security-config.xml and it is imported from another configuration xml file to overwrite the Properties or load new ones for security. The batch-admin starts up correctly, but when I try to access the application it generates the following error:
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined
I have read all the related posts but I can not find the solution. I have tried with overwriting the resourceService bean with /batch but when it is accessed, the others url does not find them and generates 404 error.
We want to protect everything, which redirects to CAS and then returns to the batch-manager menu.
These are my configuration files:
Property load
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<context:annotation-config />
<context:component-scan base-package="com.aneta.services" />
<!--
SOBREESCRITURA DE LAS PROPERTIES DEL MANAGER DE SPRING BATCH
-->
<bean id="placeholderProperties" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>classpath:*.properties</value>
<value>classpath:properties/*.properties</value>
</list>
</property>
<property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
<property name="ignoreResourceNotFound" value="true" />
<property name="ignoreUnresolvablePlaceholders" value="false" />
<property name="order" value="1" />
</bean>
<import resource="classpath:META-INF/spring/cas-security-config.xml"/>
</beans>
Web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:/org/springframework/batch/admin/web/resources/webapp-config.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>shallowEtagHeaderFilter</filter-name>
<filter-class>org.springframework.web.filter.ShallowEtagHeaderFilter</filter-class>
</filter>
<filter>
<filter-name>hiddenHttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>shallowEtagHeaderFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>hiddenHttpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Batch Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:/org/springframework/batch/admin/web/resources/servlet-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Batch Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>
And
cas-security-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<context:annotation-config />
<context:component-scan base-package="com.aneta.services" />
<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
<property name="rolePrefix" value=""/>
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<constructor-arg >
<list>
<ref bean="roleVoter"/>
<bean class="org.springframework.security.web.access.expression.WebExpressionVoter"/>
<bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
</list>
</constructor-arg>
</bean>
<security:http entry-point-ref="casEntryPoint" use-expressions="true" auto-config="true"
access-decision-manager-ref="accessDecisionManager">
<security:csrf disabled="false"/>
<security:custom-filter position="FIRST" ref="ajaxSessionFilter"/>
<security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
<security:custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
<security:custom-filter ref="casAuthenticationFilter" after="CAS_FILTER"/>
<security:custom-filter position="LAST" ref="loginFilter"/>
<!-- ACCESO CON RESTRICCIONES -->
<security:intercept-url pattern="/**" access="hasAnyAuthority('ADMINISTRATOR')" />
</security:http>
<bean id="casServiceProperties" class="org.springframework.security.cas.ServiceProperties"
p:service="${service.base.url}"
p:sendRenew="false" p:authenticateAllArtifacts="true" />
<bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
p:serviceProperties-ref="casServiceProperties" p:loginUrl="${cas.server.base.url}/login" />
<bean id="ajaxSessionFilter" class="com.psoplaneta.services.security.filters.AjaxSessionFilter">
<property name="homePage" value="${cas.server.base.url}/login"/>
</bean>
<bean id="loginFilter" class="com.aneta.services.security.filters.LoginFilter">
<property name="errorPage" value="${service.base.url}/403"/>
<property name="loginPage" value="${cas.server.base.url}/login"/>
</bean>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"
p:proxyGrantingTicketStorage-ref="proxyGrantingTicketStorage"
p:proxyReceptorUrl="/login/cas/proxyreceptor"
p:serviceProperties-ref="casServiceProperties"
p:authenticationManager-ref="authenticationManager">
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/casfailed"/>
</bean>
</property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"
p:defaultTargetUrl="/">
</bean>
</property>
<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
</bean>
<bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
<!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
<bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter"
p:filterProcessesUrl="/j_spring_cas_security_logout">
<constructor-arg value="${cas.server.base.url}/logout" />
<constructor-arg >
<bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</constructor-arg>
</bean>
<!-- This filter handles a Single Logout Request from the CAS Server -->
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="casAuthenticationProvider"/>
</security:authentication-manager>
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
p:key="casAuthProviderKey"
p:serviceProperties-ref="casServiceProperties">
<property name="authenticationUserDetailsService">
<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="userDetailService" />
</bean>
</property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"
p:proxyGrantingTicketStorage-ref="proxyGrantingTicketStorage">
<constructor-arg index="0" value="${cas.server.base.url}" />
</bean>
</property>
</bean>
<bean id="userDetailService" class="com.aneta.services.security.userdetails.UserDetailsService"/>
</beans>

In case you are interested, I put here the solution to activate authentication with CAS SSO and I suppose it will be useful for another type of authentication.
After giving so many laps, I have seen that in the web.xml there are two dispatchers and only one was being used, ie only one configuration was loaded and the Batch servlet.
The solution is to create a single dispatcher and load all configurations into a single dispatcher. That if, the configuration files I put them out of the folders that override, ie META-INF / spring / servlet-config.xml and within this to make the security imports and if necessary add more things, as this is The right place to make imports of new configurations.
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<!-- set to blank to ensure context is only loaded once -->
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath*:/org/springframework/batch/admin/web/resources/webapp-config.xml,
classpath*:/org/springframework/batch/admin/web/resources/servlet-config.xml,
classpath*:/META-INF/spring/aneta-servlet-config.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>shallowEtagHeaderFilter</filter-name>
<filter-class>org.springframework.web.filter.ShallowEtagHeaderFilter</filter-class>
</filter>
<filter>
<filter-name>hiddenHttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>shallowEtagHeaderFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>hiddenHttpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- SPRING SECURITY -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- -->
</web-app>
I hope it works for you!

not able to override AbstractUserDetailsAuthenticationProvider.badCredentials in message.property

Hi i am getting below default message every time instead of my custom message.
Your login attempt was not successful, try again.
Reason: Bad credentials
My web.xml is below
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml
/WEB-INF/spring/spring-security.xml
</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
My servlet-context.xml is
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
<!-- Enables the Spring MVC #Controller programming model -->
<!-- <annotation-driven /> -->
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
<!-- <resources mapping="/resources/**" location="/resources/" /> -->
<!-- Resolves views selected for rendering by #Controllers to .jsp resources in the /WEB-INF/views directory -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
</bean>
<context:component-scan base-package="com.sandeep.customerrormsg" />
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>classpath:mymessages</value>
</list>
</property>
</bean>
</beans>
and spring-security.xml is
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true">
<intercept-url pattern="/welcome*" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="sandy" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>

Multi session in spring security 3.1

We develop a web application that need different authentication, in my case this is agent and member. This is the detail:
Agent profile page is at http://my.local/spring-security-hello-world/agent/profile
Member profile page is at http://my.local/spring-security-hello-world/member/profile
Both of pages are filtered by springSecurityFilterChain
But i have some issues here. First I login at agent profile page, and successfully logged in. But then I open the member page, and I got HTTP Status 403 - Access is denied. The situation i want to achieve is both agent and member is able to logged in.
Here is my web.xml
<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>spring-security-hello-world</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
And this is my spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- <http pattern="/agent/login" security="none" /> -->
<http pattern="/member/**">
<intercept-url pattern="/**" access="ROLE_MEMBER" />
<form-login login-page="/member_login" default-target-url="/member/profile"
authentication-failure-url="/member_loginfailed" />
<logout logout-success-url="/member_logout" />
</http>
<http auto-config="true">
<intercept-url pattern="/agent/**" access="ROLE_AGENT" />
<form-login login-page="/agent_login" default-target-url="/agent/profile"
authentication-failure-url="/agent_loginfailed" />
<logout logout-success-url="/agent_logout" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="agent" password="123456" authorities="ROLE_AGENT" />
</user-service>
</authentication-provider>
<authentication-provider>
<user-service>
<user name="member" password="123456" authorities="ROLE_MEMBER" />
</user-service>
</authentication-provider>
</authentication-manager>
Notes:
In my case one user must only have one role (either agent or member only)

If you do it in the same browser then your Agent with ROLE_AGENT is used to access page which is restricted to ROLE_MEMBER. You can add ROLE_MEMBER to your access="ROLE_AGENT, ROLE_MEMBER" to check it.

Using Spring Security for Login with Spring MVC ,getting 404 error

I get the 404 error when I run my project in Tomcat 7.
spring-security :
<beans xmlns:p="http://www.springframework.org/schema/p"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans"
xsi:schemalocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- <beans:import resource="Employee-servlet.xml"/> -->
<security:http use-expressions="true">
<intercept-url pattern="/Springhib/index.jsp/" access="permitAll" />
<intercept-url pattern="/Springhib/jsp/login.jsp"
access="permitAll" />
<form-login login-page="login.jsp" default-target-url="/welcome.jsp"
authentication-failure-url="/error.jsp" />
<logout invalidate-session="true" logout-url="/logout.jsp" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password enabled from userlogin where username= ?" />
</security:authentication-provider>
</security:authentication-manager>
</beans>
Employee-servlet.xml :
It contains the dataSource(MySQL), hibernate transaction manager(Hibernate configuration) and internalviewresolver
web.xml:
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>SprinHib</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Employee</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Employee</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/Employee-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
<!--spring security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/**</url-pattern>
</filter-mapping>
</web-app>
project structure
From index page I redirect to login page and at the same time in controller I instantiate a bean(POJO/Model)for further use in the next page.
On successful login user enter to welcome page.
EDIT :
Index.jsp:
<c:redirect url="login"/>
contains only an autoredirect .
I have searched through previous solutions in stackoverflow but didn't fix my issue.
Any help is greatly appreciated.

ManagedBean is not accessible, using JSF2.2, Spring 4.0 and SpringSecurity 3.2

I am developing a Dynamic Web Application, using JSF 2.2, Spring Framework 4.0 and Spring Security 3.2. I, first, integrated JSF and Spring framework (JSF Page => ManagedBean => Service => DAO). It was working fine. But when I introduced Spring Security, I am unable to access ManagedBean in JSF page and getting no error at all. ManagedBean is not even invoked (even constructor is not called). I have been surfing for this issue for 2 days now, but couldn’t find any resolution.
My config files are as following:
faces-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<faces-config
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-facesconfig_2_2.xsd"
version="2.2">
<application>
<el-resolver>org.springframework.web.jsf.el.SpringBeanFacesELResolver</el-resolver>
</application>
</faces-config>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>my-app-ui</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!-- Spring Framework -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<!-- Spring context config locations -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:/applicationContext.xml</param-value>
<param-value>classpath*:/securityConfig.xml</param-value>
</context-param>
<!-- PROJECT STAGE START FOR DEVELOPEMENT MARK IT AS DEVELOPMENT. FOR TESTING / PRODUCTION REMOVE THIS -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<!-- JSF -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
</web-app>
applicationconContext.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:annotation-config />
<context:component-scan base-package="com.myapp.managedbean"/>
<context:component-scan base-package="com.myapp.service"/>
<context:component-scan base-package="com.myapp.domain"/>
<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="java:comp/env/jdbc/myDS" />
</bean>
<bean id="txManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
</beans>
securityConfig.xml
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:b="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd ">
<debug />
<http pattern="/resources/**" security="none" />
<http pattern="/login*" security="none" />
<http auto-config="true" use-expressions="true" disable-url-rewriting="true" >
<intercept-url pattern="/**" access="authenticated" />
<form-login authentication-failure-url="/loginfailed.html"
default-target-url="/" always-use-default-target="true"/>
<access-denied-handler error-page="/denied.html"/>
<session-management invalid-session-url="/session-expire.html" session-fixation-protection="none" />
<logout delete-cookies="JSESSIONID" invalidate-session="true" />
<http-basic />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user_admin" password="password" authorities="ROLE_USER,ROLE_ADMIN" />
<user name="user" password="password" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</b:beans>
first-jsf-page.xhtml
<!DOCTYPE html >
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets">
<head>
</head>
<body>
Managed bean data: #{myMB.fetchDataFromService()}
</body>
</html>
ManagedBean
#Component("myMB")
#Scope("session")
public class MyMB implements Serializable {
public MyMB () {
System.out.println("Constructor called");
}
#Autowired
#Qualifier("myService")
public MyService myService;
Public String fetchDataFromService() {
System.out.println("Invoking Service");
return myService.getMessage();
}
}
MyService
public interface MyService {
public String getMessage();
}
MyServiceImpl
#Service("myService")
public class MyServiceImpl implements MyService {
#Override
public String getMessage() {
return "JSF and Spring Integrtion - Done";
}
}
If I remove "DelegatingFilterProxy" from Web.xml, everything works fine. Kindly help me out here.
I am using Eclipse and tomcat server.