Just started using Struts2. I thought it would be a good idea to to use the struts2 archetype, but it appears that is very outdated. When I run my project, I keep getting this warning:
ActionContextCleanUp <<< is deprecated! Please use the new filters!
Here is my current web.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<display-name>Test</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:applicationContext*.xml</param-value>
</context-param>
<!-- Filters -->
<filter>
<filter-name>action2-cleanup</filter-name>
<filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
</filter>
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
</filter>
<filter>
<filter-name>action2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>action2-cleanup</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>action2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Listeners -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Servlets -->
<servlet>
<servlet-name>dwr</servlet-name>
<servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>jspSupportServlet</servlet-name>
<servlet-class>org.apache.struts2.views.JspSupportServlet</servlet-class>
<load-on-startup>5</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dwr</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>
<!-- Welcome file lists -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
What do I change to get rid of the warning?
Got it figured out. After looking at this example web.xml file for the sitemesh plugin, I ended up with a working web.xml file. Here's what it looks like for anyone else having this problem:
<display-name>Test</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:applicationContext*.xml</param-value>
</context-param>
<!-- Filters -->
<filter>
<filter-name>struts-prepare</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter</filter-class>
</filter>
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
</filter>
<filter>
<filter-name>struts-execute</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter</filter-class>
</filter>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts-prepare</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts-execute</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Servlets -->
<servlet>
<servlet-name>dwr</servlet-name>
<servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>jspSupportServlet</servlet-name>
<servlet-class>org.apache.struts2.views.JspSupportServlet</servlet-class>
<load-on-startup>5</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dwr</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>
<!-- Listeners -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Welcome file lists -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
Now that warning is gone.
you can delete filter action2-cleanup.
<filter>
<filter-name>action2-cleanup</filter-name>
<filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
</filter>
Related
I'm going through a massive migration of this old application. It was using JSF1.2, Seam 2.2 and Richfaces 2.x. We migrated it to JSF 2.1, Seam 2.3 and Richfaces 4.x. After the migration I can't load any css nor js.
i've got this errors from firebug:
orderForm.seam:9 Uncaught ReferenceError: jQuery is not
defined(anonymous function) # orderForm.seam:9 orderForm.seam:17
Uncaught ReferenceError: RichFaces is not defined
Here is my template xhtml (edited to replace the src attribute for name):
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:a4j="http://richfaces.org/a4j"
xmlns:rich="http://richfaces.org/rich"
xmlns:s="http://jboss.org/schema/seam/taglib">
<h:head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>company name</title>
<link rel="shortcut icon" href="#{request.contextPath}/favicon.ico" />
<h:outputStylesheet name="/private/stylesheet/theme.xcss" />
<h:outputStylesheet name="/private/stylesheet/default.css" />
<h:outputStylesheet name="/private/stylesheet/CalendarControl.css" />
<h:outputStylesheet name="/private/stylesheet/theme.css" />
<h:outputScript name="/private/js/jquery.js" />
<h:outputScript name="/private/js/idle-timer.js" />
<h:outputScript name="/private/js/jquery.formatCurrency.js" />
<h:outputScript name="/private/js/CalendarControl.js" />
</h:head>
<body>
<ui:insert name="head" />
<script type="text/javascript">
jQuery.noConflict();
</script>
<rich:popupPanel style="background-color: white;" id="eula"
autosized="true" width="500" moveable="false" resizeable="false">
<f:facet name="header">
<h:outputText value="Eula" />
</f:facet>
<center>
<iframe src="eula.html"
style="height: 410px; width: 500px; overflow: auto; border: 1px solid #666; padding: 8px;" />
<h:form>
<h:commandButton action="#{identity.logout()}" value="I Decline" />
<h:commandButton action="#{authenticator.markEulaAgreed()}"
value="I Accept" />
</h:form>
</center>
</rich:popupPanel>
</body>
</html>
and i tried to simplify as much the composition to track the problem so:
<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:s="http://jboss.org/schema/seam/taglib"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:a="http://agilers.com/taglib"
xmlns:rich="http://richfaces.org/rich"
xmlns:a4j="http://richfaces.org/a4j"
template="layout/2columns-even.xhtml">
</ui:composition>
here is the web.xml:
<?xml version="1.0" ?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>
<!-- RichFaces -->
<context-param>
<param-name>org.richfaces.skin</param-name>
<param-value>DEFAULT</param-value>
</context-param>
<!-- Suppress spurious stylesheets -->
<context-param>
<param-name>org.richfaces.enableControlSkinning</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>org.richfaces.enableControlSkinningClasses</param-name>
<param-value>false</param-value>
</context-param>
<!-- Change load strategy to DEFAULT to disable sending scripts/styles as
packs -->
<context-param>
<param-name>org.richfaces.resourceOptimization.enabled</param-name>
<param-value>false</param-value>
</context-param>
<error-page>
<error-code>400</error-code>
<location>/index.html</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/index.html</location>
</error-page>
<error-page>
<error-code>402</error-code>
<location>/index.html</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/index.html</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>405</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>406</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>407</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>408</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>409</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>410</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>411</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>412</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>413</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>414</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>415</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>416</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>417</error-code>
<location>/Error404.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/index.html</location>
</error-page>
<error-page>
<error-code>501</error-code>
<location>/index.html</location>
</error-page>
<error-page>
<error-code>502</error-code>
<location>/index.html</location>
</error-page>
<error-page>
<error-code>503</error-code>
<location>/index.html</location>
</error-page>
<error-page>
<error-code>504</error-code>
<location>/index.html</location>
</error-page>
<error-page>
<error-code>505</error-code>
<location>/index.html</location>
</error-page>
<context-param>
<description>CAS renew</description>
<param-name>renew</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>facelets.LIBRARIES</param-name>
<param-value>/WEB-INF/taglib/company.taglib.xml</param-value>
</context-param>
<filter>
<display-name>HSTS Filter</display-name>
<filter-name>HSTSFilter</filter-name>
<filter-class>com.company.filter.HSTSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>HSTSFilter</filter-name>
<url-pattern>*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<display-name>IE9 Filter</display-name>
<filter-name>ie9filter</filter-name>
<filter-class>com.company.filter.IE9Filter</filter-class>
</filter>
<filter-mapping>
<filter-name>ie9filter</filter-name>
<url-pattern>*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<filter-name>SessionIdFilter</filter-name>
<filter-class>com.company.filter.SessionIdFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SessionIdFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://www.company.com/login/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://www.company.com</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://www.company.com/login</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://www.company.com</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<listener>
<listener-class>org.jboss.seam.servlet.SeamListener</listener-class>
</listener>
<listener>
<listener-class>com.company.servlet.SessionServletListener</listener-class>
</listener>
<filter>
<filter-name>Seam Filter</filter-name>
<filter-class>org.jboss.seam.servlet.SeamFilter</filter-class>
<init-param>
<param-name>createTempFiles</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>maxRequestSize</param-name>
<param-value>1000000</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Seam Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Seam Resource Servlet</servlet-name>
<servlet-class>org.jboss.seam.servlet.SeamResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Seam Resource Servlet</servlet-name>
<url-pattern>/seam/resource/*</url-pattern>
</servlet-mapping>
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.seam</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Restrict raw XHTML Documents</display-name>
<web-resource-collection>
<web-resource-name>XHTML</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint />
</security-constraint>
<persistence-unit-ref>
<persistence-unit-ref-name>companyEntityManagerFactory</persistence-unit-ref-name>
<persistence-unit-name>company</persistence-unit-name>
</persistence-unit-ref>
</web-app><servlet-name>Seam Resource Servlet</servlet-name>
<url-pattern>/seam/resource/*</url-pattern>
</servlet-mapping>
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.seam</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Restrict raw XHTML Documents</display-name>
<web-resource-collection>
<web-resource-name>XHTML</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint />
</security-constraint>
<persistence-unit-ref>
<persistence-unit-ref-name>companyEntityManagerFactory</persistence-unit-ref-name>
<persistence-unit-name>company</persistence-unit-name>
</persistence-unit-ref>
</web-app>
EDIT 2: I verified that on the old version the resources tab of firebug the resources from JSF and richfaces wasn't there and still it was working and the resources added in the xhtml was there, correctly, while on the migrated version there was just the JSF and richfaces but all of them with the .seam extention and my explicit declared resources wasn't there. Another interesting fact is that it just happens if i put this at the web.xml:
<context-param>
<param-name>org.richfaces.resourceOptimization.enabled</param-name>
<param-value>false</param-value>
</context-param>
otherwise it wont't bring anything to the loaded resources.
Given the new web.xml with error has changed to :
Uncaught ReferenceError: A4J is not defined
This lib "A4J" was removed from richfaces 4 as described here: access.redhat.com/solutions/882623
I am trying to implement spring security-3.0.7 in an application which uses hippo as a content management system. I can able to login web application successfully after login if I click any link it redirecting to login page again. Here is web.xml and spring-security.xml. Can you please advise what might be the reason for redirecting to login page.
web.xml
<context-param>
</context-param>
<context-param>
<param-name>hst-beans-annotated-classes</param-name>
<param-value>
classpath*:org/onehippo/forge/security/support/springsecurity/beans/**/*.class
</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ClickjackFilter</filter-name>
<filter-class>com.accenture.leadership.filters.ClickjackFilter</filter-class>
<init-param>
<param-name>mode</param-name>
<!--<param-value>DENY</param-value>-->
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>XSSUrlFilter</filter-name>
<filter-class>org.hippoecm.hst.container.XSSUrlFilter</filter-class>
</filter>
<filter>
<filter-name>HstFilter</filter-name>
<filter-class>org.hippoecm.hst.container.HstFilter</filter-class>
<init-param>
<param-name>clientComponentManagerClass</param-name>
<param-value>org.hippoecm.hst.component.support.ClientComponentManager</param-value>
</init-param>
<init-param>
<param-name>clientComponentManagerConfigurations</param-name>
<param-value>/META-INF/client-assembly/*.xml</param-value>
</init-param>
</filter>
<filter>
<filter-name>etag</filter-name>
<filter-class>com.cj.etag.ETagFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ClickjackFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>etag</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>XSSUrlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>HstFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>HstSiteConfigServlet</servlet-name>
<servlet-class>org.hippoecm.hst.site.container.HstSiteConfigServlet</servlet-class>
<init-param>
<param-name>hst-config-refresh-delay</param-name>
<param-value>3000</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<init-param>
<param-name>trimSpaces</param-name>
<param-value>true</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>CustomBinaryServlet</servlet-name>
<servlet-class>com.accenture.leadership.components.CustomBinaryServlet</servlet-class>
<init-param>
<param-name>cache-max-object-size-bytes</param-name>
<param-value>8388608</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>freemarker</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.HstFreemarkerServlet</servlet-class>
<init-param>
<param-name>TemplatePath</param-name>
<param-value>/</param-value>
</init-param>
<init-param>
<param-name>ContentType</param-name>
<param-value>text/html; charset=UTF-8</param-value>
</init-param>
<load-on-startup>200</load-on-startup>
</servlet>
<servlet>
<servlet-name>TemplateComposerResourceServlet</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.ResourceServlet</servlet-class>
<init-param>
<param-name>jarPathPrefix</param-name>
<param-value>/META-INF/hst/pagecomposer</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>org.hippoecm.hst.security.servlet.LoginServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>SecurityResourceServlet</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.ResourceServlet</servlet-class>
<init-param>
<param-name>jarPathPrefix</param-name>
<param-value>/META-INF/hst/security</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>HstResourceServlet</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.ResourceServlet</servlet-class>
<init-param>
<param-name>jarPathPrefix</param-name>
<param-value>/META-INF/web-resources</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>PingServlet</servlet-name>
<servlet-class>org.hippoecm.hst.servlet.HstPingServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CustomBinaryServlet</servlet-name>
<url-pattern>/binaries/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>freemarker</servlet-name>
<url-pattern>*.ftl</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TemplateComposerResourceServlet</servlet-name>
<url-pattern>/hst/pagecomposer/sources/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/login/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SecurityResourceServlet</servlet-name>
<url-pattern>/login/hst/security/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HstResourceServlet</servlet-name>
<url-pattern>/resources/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>PingServlet</servlet-name>
<url-pattern>/ping/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/login/resource</url-pattern>
</web-resource-collection>security-constraint
<auth-constraint>
<role-name>everybody</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>HSTSITE</realm-name>
<form-login-config>
<form-login-page>/login/login</form-login-page>
<form-error-page>/login/error</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Default role of Hippo Repository</description>
<role-name>everybody</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
<http-method>COPY</http-method>
<http-method>DELETE</http-method>
<http-method>MKCOL</http-method>
<http-method>PROPFIND</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
</web-app>
Spring-security.xml
Here is spring-security.xml - Is there anything is missing in this spring-security.xml file. What will happen I dont want use default-target-url.
<http auto-config="true">
<intercept-url pattern="/css/**" filters="none"/>
<intercept-url pattern="/images/**" filters="none"/>
<intercept-url pattern="/binaries/**" filters="none"/>
<intercept-url pattern="/*" filters="none"/>
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY, ROLE_everybody" />
<form-login login-page="/"
default-target-url="/events"
always-use-default-target="true" />
<logout logout-url="/logout.jsp" />
</http>
<authentication-manager>
<authentication-provider ref="hippoAuthenticationProvider" />
</authentication-manager>
<beans:bean id="hippoAuthenticationProvider" class="org.onehippo.forge.security.support.springsecurity.authentication.HippoAuthenticationProvider"/>
Can you suggest what is wrong here?
I'm trying to implement a JSF2 JAAS login on Tomcat 8 using a JDBC realm. I've configured the tables on my database for the JDBC login using this resource: Tomcat man page
My web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/login.xhtml</welcome-file>
</welcome-file-list>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<security-constraint>
<web-resource-collection>
<web-resource-name>Views only available when logged in as ADMIN</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Views only available when logged in as USER</web-resource-name>
<url-pattern>/user/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/loginFail.xhtml</form-error-page>
</form-login-config>
</login-config>
<error-page>
<error-code>403</error-code>
<location>/error-pages/forbidden.xhtml</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error-pages/notFound.xhtml</location>
</error-page>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
My JSF login page:
<h:form>
<p:panel rendered="#{!loginManager.userLoggedIn}">
You are not logged in.
<p/>
<p:inputText id="userName" placeholder="your assigned user name" required="true"
requiredMessage="Please enter your user name"/>
<p/>
<p:inputText type="password" placeholder="your password" id="password" required="true"
requiredMessage="Please enter your password"/>
<p/>
<p:commandButton action="#{loginManager.login()}" id="login" value="Enter"/>
</p:panel>
<p:panel rendered="#{loginManager.userLoggedIn}">
Hello, <strong>#{loginManager.user}</strong>.
</p:panel>
</h:form>
The LoginManager:
public void login() throws IOException {
ExternalContext externalContext = externalContext();
HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
try {
request.login(username, password);
} catch (ServletException e) {
String loginErrorMessage = e.getLocalizedMessage();
facesContext().addMessage(null, new FacesMessage(loginErrorMessage));
}
}
The error occurs here:
request.login(username, password);
The error is "login failed"
How can I get the login to succeed?
I am getting the below error after deploying the ear in the Weblogic and when run the application getting the error in managed server.
weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1428563468613> <BEA-101017> <[ServletContext#5107514[app:CustomerCentralEAR module:/CP2 path:/CP2 spec-version:2.5]] Root cause of ServletException.
java.lang.NullPointerException at com.sun.faces.renderkit.RenderKitImpl.createResponseWriter(RenderKitImpl.java :228) at com.sun.faces.application.view.JspViewHandlingStrategy.renderView(JspViewHand lingStrategy.java:213)
at com .sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:124)
at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:120)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:594)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at w eblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.tms.cdqi.presentation.http.filter.ApplicationContextFilter.doFilter(ApplicationContextFilter.java:535)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.tms.cdqi.framework.http.filter.CDQISecurityFilter.doFilter(CDQISecurityFilter.java:96)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.tms.cdqi.framework.http.filter.CDQIXScriptingFilter.doFilter(CDQIXScriptingFilter.java:44)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.tms.cdqi.framework.http.filter.CDQIPerformanceFilter.doFilter(CDQIPerformanceFilter.java:88)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)**
Below is the web.xml I'm using
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="YourWebappID"
version="2.5">
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config.xml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.jsp</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<!-- <servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping> -->
</web-app>
I use Spring Security 3 and JSF2 Primefaces. Then, I create a index.xhtml for welcome page and login.xhtml for login page
When I access the root web site, it redirect me to login.xhtml page. Why not?
How to set the welcome page to index.xhtml
This is web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
This is spring-security.xml
<global-method-security secured-annotations="enabled"
jsr250-annotations="enabled" />
<!-- Resource Security -->
<http access-denied-page="/accessDenied.jsp">
<intercept-url pattern="/pages/**" access="ROLE_ADMIN" />
<form-login login-page="/login.jsf" default-target-url="/pages/index.jsf" />
<logout logout-success-url="/login.jsf" invalidate-session="true" />
<session-management invalid-session-url="/login.jsf">
<concurrency-control max-sessions="10"
error-if-maximum-exceeded="true" />
</session-management>
</http>
For a basic application with JSF, Spring and Spring-Security, you need to configure your web.xml as follows:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID"
version="3.0">
<welcome-file-list>
<welcome-file>pages/index.jsf</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext*.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
and also configure faces-config.xml as follows:
<?xml version="1.0" encoding="UTF-8"?>
<faces-config
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd"
version="2.0">
<application>
<el-resolver>org.springframework.web.jsf.el.SpringBeanFacesELResolver</el-resolver>
</application>
</faces-config>
and your applicationContext-security.xml as follows:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<global-method-security secured-annotations="enabled"
jsr250-annotations="enabled" />
<http auto-config="true" >
<intercept-url pattern="/login.jsf*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/pages/*" access="ROLE_USER,ROLE_ADMIN" />
<intercept-url pattern="/pages/super/**" access="ROLE_ADMIN" />
<access-denied-handler error-page="/accessDenied.jsf" />
<form-login login-page='/login.jsf' default-target-url='/pages/index.jsf'
always-use-default-target='true'/>
<logout logout-success-url="/" logout-url="/j_spring_security_logout" invalidate-session="true" />
<session-management invalid-session-url="/login.jsf">
<concurrency-control max-sessions="10"
error-if-maximum-exceeded="true" />
</session-management>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="ravi" password="password" authorities="ROLE_USER, ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
Finally, if you have any spring beans, your applicationContext.xml for annotation based configuration will be:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:annotation-config/>
<context:component-scan base-package="com.examples" />
</beans>
and annotate your beans like this:
#Component
#Scope("request")
So with all these in place along with your pages there should be no problem.