voyent
Spring SecurityContextHolder still not propagated to all threads (ICEfaces 1.8.2)  XML
Forum Index -> General Help
Author Message
Dumi

Joined: 16/Jun/2009 00:00:00
Messages: 16
Offline


Hi,

I've been using ICEfaces 1.8.1 and I thought the fix for this issue http://jira.icefaces.org/browse/ICE-2816 also coveres a problem I'm facing. Unfortunatelly it doesn't so I've upgraded to ICEfaces 1.8.2 hoping the problem is fixed here. But is not ;(

The problem is that SecurityContextHolder.getContext().getAuthentication() returns null after calling Code:
renderManager.getOnDemandRenderer(entity.getId().toString()).requestRender();


Here is the stack trace:
Code:
 Daemon Thread [Render Thread - 0] (Suspended (breakpoint at line 81 in HelperBean))	
 	HelperBean.getSelectedPanelName() line: 81	
 	GeneratedMethodAccessor224.invoke(Object, Object[]) line: not available	
 	DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: not available	
 	Method.invoke(Object, Object...) line: not available	
 	BeanELResolver.getValue(ELContext, Object, Object) line: 62	
 	FacesCompositeELResolver(CompositeELResolver).getValue(ELContext, Object, Object) line: 54	
 	FacesCompositeELResolver.getValue(ELContext, Object, Object) line: 72	
 	AstValue.getValue(EvaluationContext) line: 118	
 	ValueExpressionImpl.getValue(ELContext) line: 186	
 	ValueBindingValueExpressionAdapter.getValue(FacesContext) line: 113	
 	PanelStack.getSelectedPanel() line: 112	
 	PanelStackRenderer.encodeChildren(FacesContext, UIComponent) line: 94	
 	PanelStack(UIComponentBase).encodeChildren(FacesContext) line: 837	
 	DomBasicRenderer.encodeParentAndChildren(FacesContext, UIComponent) line: 358	
 	GroupRenderer(GroupRenderer).encodeChildren(FacesContext, UIComponent) line: 96	
 	HtmlPanelGroup(UIComponentBase).encodeChildren(FacesContext) line: 837	
 	D2DViewHandler.renderResponse(FacesContext, UIComponent) line: 492	
 	D2DViewHandler.renderResponse(FacesContext, UIComponent) line: 497	
 	D2DViewHandler.renderResponse(FacesContext, UIComponent) line: 497	
 	D2DViewHandler.renderResponse(FacesContext, UIComponent) line: 497	
 	D2DViewHandler.renderResponse(FacesContext, UIComponent) line: 497	
 	D2DViewHandler.renderResponse(FacesContext) line: 467	
 	D2DViewHandler.renderView(FacesContext, UIViewRoot) line: 159	
 	RenderResponsePhase.execute(FacesContext) line: 110	
 	RenderResponsePhase(Phase).doPhase(FacesContext, Lifecycle, ListIterator<PhaseListener>) line: 100	
 	LifecycleImpl.render(FacesContext) line: 139	
 	PersistentFacesState.render() line: 176	
 	PersistentFacesState.executeAndRender() line: 312	
 	RunnableRender.run() line: 143	
 	ThreadPoolExecutor$Worker.runTask(Runnable) line: 665	
 	ThreadPoolExecutor$Worker.run() line: 690	
 	Thread.run() line: not available	
 


As an workaround I'm taking the Authentication object from the context obtained like this:
Code:
 SecurityContext sc = (SecurityContext) FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get(
 		        HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY);


Am I doing something wrong or is this indeed a problem?

Thanks & best regards,
Dumi.
Knuckle

Joined: 22/Nov/2008 00:00:00
Messages: 93
Offline


Hi Dumi

Sounds a little suss. Can you post your web.xml, faces config and spring security config.

Wayne
Dumi

Joined: 16/Jun/2009 00:00:00
Messages: 16
Offline


Yes, sure, here they are:

web.xml
Code:
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="sampleapp" version="2.5">
   <display-name>sampleapp</display-name>
   <session-config>
     <session-timeout>100</session-timeout>
   </session-config>
   <welcome-file-list>
     <welcome-file>index.html</welcome-file>
     <welcome-file>index.htm</welcome-file>
     <welcome-file>index.jsp</welcome-file>
     <welcome-file>default.html</welcome-file>
     <welcome-file>default.htm</welcome-file>
     <welcome-file>default.jsp</welcome-file>
   </welcome-file-list>
   <servlet>
     <servlet-name>Faces Servlet</servlet-name>
     <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
     <load-on-startup>1</load-on-startup>
   </servlet>
   <servlet>
     <servlet-name>Resource Servlet</servlet-name>
     <servlet-class>org.primefaces.ui.resource.ResourceServlet</servlet-class>
     <load-on-startup>1</load-on-startup>
   </servlet>
   <servlet-mapping>
     <servlet-name>Resource Servlet</servlet-name>
     <url-pattern>/primefaces_resources/*</url-pattern>
   </servlet-mapping>
   <context-param>
     <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
     <param-value>server</param-value>
   </context-param>
   <context-param>
     <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
     <param-value>.jspx</param-value>
   </context-param>
   <context-param>
     <description>To allow multiple windows for a single application.</description>
     <param-name>com.icesoft.faces.concurrentDOMViews</param-name>
     <param-value>false</param-value>
   </context-param>
   <context-param>
     <description>Turn on/off application-wide synchronous or asynchronous updates.</description>
     <param-name>com.icesoft.faces.synchronousUpdate</param-name>
     <param-value>false</param-value>
   </context-param>
   <context-param>
     <param-name>com.icesoft.faces.connectionTimeout</param-name>
     <param-value>3600000</param-value>
   </context-param>
   <context-param>
     <param-name>com.icesoft.faces.connectionLostRedirectURI</param-name>
     <param-value>main.jspx</param-value>
   </context-param>
   <context-param>
     <param-name>com.icesoft.faces.sessionExpiredRedirectURI</param-name>
     <param-value>main.jspx</param-value>
   </context-param>
   <servlet>
     <servlet-name>Persistent Faces Servlet</servlet-name>
     <servlet-class>com.icesoft.faces.webapp.xmlhttp.PersistentFacesServlet</servlet-class>
     <load-on-startup>1</load-on-startup>
   </servlet>
   <servlet-mapping>
     <servlet-name>Persistent Faces Servlet</servlet-name>
     <url-pattern>*.iface</url-pattern>
     <url-pattern>*.jspx</url-pattern>
     <url-pattern>/xmlhttp/* </url-pattern>
     <url-pattern>/faces/*</url-pattern>
   </servlet-mapping>
   <servlet>
     <servlet-name>Blocking Servlet</servlet-name>
     <servlet-class>com.icesoft.faces.webapp.xmlhttp.BlockingServlet</servlet-class>
     <load-on-startup>1</load-on-startup>
   </servlet>
   <servlet-mapping>
     <servlet-name>Blocking Servlet</servlet-name>
     <url-pattern>/block/*</url-pattern>
   </servlet-mapping>
   <servlet>
     <servlet-name>uploadServlet</servlet-name>
     <servlet-class>com.icesoft.faces.component.inputfile.FileUploadServlet</servlet-class>
     <load-on-startup>1</load-on-startup>
   </servlet>
   <servlet-mapping>
     <servlet-name>uploadServlet</servlet-name>
     <url-pattern>/uploadHtml</url-pattern>
   </servlet-mapping>
   <listener>
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
   </listener>
   <listener>
     <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
   </listener>
   <listener>
     <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
   </listener>
   <filter>
     <filter-name>filterChainProxy</filter-name>
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
   </filter>
   <filter-mapping>
     <filter-name>filterChainProxy</filter-name>
     <url-pattern>/*</url-pattern>
     <dispatcher>REQUEST</dispatcher>
     <dispatcher>FORWARD</dispatcher>
     <dispatcher>INCLUDE</dispatcher>
     <dispatcher>ERROR</dispatcher>
   </filter-mapping>
   <context-param>
     <param-name>contextConfigLocation</param-name>
     <param-value>
 			/WEB-INF/applicationContext.xml
 			/WEB-INF/applicationContext-security.xml
 		</param-value>
   </context-param>
 </web-app>
 


faces-config.xml
Code:
 <?xml version="1.0" encoding="UTF-8"?>
 
 <faces-config xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_1_2.xsd"
   version="1.2">
 
   <component>
     <component-type>com.sampleapp.comps.customBorder</component-type>
     <component-class>com.sampleapp.tags.comps.CustomBorder</component-class>
   </component>
   <component>
     <component-type>com.sampleapp.comps.defaultAction</component-type>
     <component-class>com.sampleapp.tags.comps.DefaultAction</component-class>
   </component>
   <component>
     <component-type>com.sampleapp.comps.setFocus</component-type>
     <component-class>com.sampleapp.tags.comps.SetFocus</component-class>
   </component>
   <component>
     <component-type>com.sampleapp.comps.extendedDataPaginator</component-type>
     <component-class>com.sampleapp.tags.comps.ExtendedDataPaginator</component-class>
   </component>
 
   <render-kit>
     <renderer>
       <component-family>com.sampleapp.comps</component-family>
       <renderer-type>com.sampleapp.renderers.CustomBorderRenderer</renderer-type>
       <renderer-class>com.sampleapp.tags.renderers.CustomBorderRenderer</renderer-class>
     </renderer>
     <renderer>
       <component-family>javax.faces.Panel</component-family>
       <renderer-type>com.sampleapp.renderers.ExtendedDataPaginatorRenderer</renderer-type>
       <renderer-class>com.sampleapp.tags.renderers.ExtendedDataPaginatorRenderer</renderer-class>
     </renderer>
   </render-kit>
 
   <application>
     <el-resolver>org.springframework.web.jsf.el.SpringBeanFacesELResolver</el-resolver>
     <locale-config>
       <default-locale>en</default-locale>
       <supported-locale>en</supported-locale>
     </locale-config>
     <message-bundle>com.sampleapp.resources.msg</message-bundle>
   </application>
 
   <converter>
     <converter-for-class>java.util.Date</converter-for-class>
     <converter-class>com.sampleapp.spm.util.LocalDateConverter</converter-class>
   </converter>
 </faces-config>
 


applicationContext-security.xml
Code:
 <?xml version="1.0" encoding="UTF-8"?>
 <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://www.springframework.org/schema/beans
 		http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
 		http://www.springframework.org/schema/security
 		http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
 
 	<beans:bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
 		<beans:property name="providers">
 			<beans:list>
 				<beans:ref local="daoAuthenticationProvider" />
 				<beans:ref local="anonymousAuthenticationProvider" />
 				<beans:ref local="rememberMeAuthenticationProvider" />
 			</beans:list>
 		</beans:property>
 		<beans:property name="sessionController" ref="concurrentSessionController" />
 	</beans:bean>
 
 	<beans:bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
 		<filter-chain-map path-type="ant">
 			<filter-chain pattern="/**"
 				filters="concurrentSessionFilter,httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor" />
 
 		</filter-chain-map>
 	</beans:bean>
 
 	<beans:bean id="concurrentSessionFilter" class="org.springframework.security.concurrent.ConcurrentSessionFilter">
 		<beans:property name="expiredUrl" value="/main.jspx" />
 		<beans:property name="sessionRegistry" ref="sessionRegistry" />
 	</beans:bean>
 	<beans:bean id="concurrentSessionController" class="org.springframework.security.concurrent.ConcurrentSessionControllerImpl">
 		<beans:property name="maximumSessions" value="1" />
 		<beans:property name="exceptionIfMaximumExceeded" value="false" />
 		<beans:property name="sessionRegistry" ref="sessionRegistry" />
 	</beans:bean>
 	<beans:bean id="sessionRegistry" class="org.springframework.security.concurrent.SessionRegistryImpl" />
 
 	<beans:bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
 		<beans:property name="forceEagerSessionCreation" value="true" />
 	</beans:bean>
 
 	<beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
 		<beans:property name="filterProcessesUrl" value="/j_spring_security_logout" />
 		<beans:constructor-arg value="/main.jspx" />
 		<beans:constructor-arg>
 			<beans:list>
 				<beans:ref bean="applicationListener" />
 				<beans:ref bean="rememberMeServices" />
 				<beans:bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler">
 					<beans:property name="invalidateHttpSession" value="true" />
 				</beans:bean>
 			</beans:list>
 		</beans:constructor-arg>
 	</beans:bean>
 
 	<beans:bean id="authenticationProcessingFilter" class="com.sampleapp.spm.security.MyAuthenticationProcessingFilter">
 		<beans:property name="authenticationFailureUrl" value="/main.jspx?login_error=1" />
 		<beans:property name="authenticationManager" ref="authenticationManager" />
 		<beans:property name="defaultTargetUrl" value="/main.jspx" />
 		<beans:property name="filterProcessesUrl" value="/j_spring_security_check" />
 		<beans:property name="rememberMeServices" ref="rememberMeServices" />
 		<beans:property name="alwaysUseDefaultTargetUrl" value="true" />
 		<beans:property name="sessionRegistry" ref="sessionRegistry" />
 		<beans:property name="usernameParameter" value="j_username" />
 		<beans:property name="passwordParameter" value="j_password" />
 	</beans:bean>
 
 	<!--
 		<beans:bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
 		<beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property
 		name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint" /> </beans:bean> <beans:bean
 		id="basicAuthenticationEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
 		<beans:property name="realmName"> <beans:value>TODO</beans:value> </beans:property> </beans:bean>
 	-->
 
 	<beans:bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />
 
 	<beans:bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
 		<beans:property name="authenticationManager" ref="authenticationManager" />
 		<beans:property name="rememberMeServices" ref="rememberMeServices" />
 	</beans:bean>
 	<beans:bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
 		<beans:property name="userDetailsService" ref="myUserDetailsService" />
 		<beans:property name="parameter" value="_spring_security_remember_me" />
 		<beans:property name="key" value="springRocks" />
 		<beans:property name="tokenValiditySeconds" value="1209600" />
 	</beans:bean>
 	<beans:bean id="rememberMeAuthenticationProvider" class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
 		<beans:property name="key" value="springRocks" />
 	</beans:bean>
 
 	<beans:bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
 		<beans:property name="key" value="springRocks" />
 		<beans:property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" />
 	</beans:bean>
 	<beans:bean id="anonymousAuthenticationProvider" class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
 		<beans:property name="key">
 			<beans:value>anonymous</beans:value>
 		</beans:property>
 	</beans:bean>
 
 	<beans:bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
 		<beans:property name="authenticationEntryPoint" ref="authenticationProcessingFilterEntryPoint" />
 		<beans:property name="accessDeniedHandler" ref="accessDeniedHandler" />
 	</beans:bean>
 	<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
 		<beans:property name="loginFormUrl" value="/main.jspx" />
 		<beans:property name="forceHttps" value="false" />
 	</beans:bean>
 	<beans:bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDeniedHandlerImpl">
 	</beans:bean>
 
 	<beans:bean id="sessionFixationProtectionFilter" class="org.springframework.security.ui.SessionFixationProtectionFilter">
 		<beans:property name="sessionRegistry" ref="sessionRegistry" />
 		<!--<beans:property name="migrateSessionAttributes" value="true" />-->
 	</beans:bean>
 
 	<beans:bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
 		<beans:property name="authenticationManager" ref="authenticationManager" />
 		<beans:property name="accessDecisionManager" ref="accessDecisionManager" />
 		<beans:property name="objectDefinitionSource" ref="secureResourceFilter" />
 		<beans:property name="observeOncePerRequest" value="true" />
 	</beans:bean>
 
 	<beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
 		<beans:property name="allowIfAllAbstainDecisions" value="false" />
 		<beans:property name="decisionVoters">
 			<beans:list>
 				<beans:bean class="org.springframework.security.vote.RoleVoter" />
 				<beans:bean class="org.springframework.security.vote.AuthenticatedVoter" />
 			</beans:list>
 		</beans:property>
 	</beans:bean>
 
 	<beans:bean id="secureResourceFilter" class="org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource">
 		<beans:constructor-arg ref="antUrlPathMatcher" />
 		<beans:constructor-arg ref="requestMap" />
 	</beans:bean>
 
 	<beans:bean id="antUrlPathMatcher" class="org.springframework.security.util.AntUrlPathMatcher" />
 
 	<beans:bean id="requestMap" class="com.sampleapp.spm.security.RequestMapFactoryBean" init-method="init">
 		<beans:constructor-arg ref="sessionFactory" />
 	</beans:bean>
 
 	<beans:bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder">
 		<beans:constructor-arg value="512" />
 	</beans:bean>
 	
 	<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
 		<beans:property name="userDetailsService" ref="myUserDetailsService" />
 		<beans:property name="hideUserNotFoundExceptions" value="false" />
 		<beans:property name="passwordEncoder" ref="passwordEncoder" />
 	</beans:bean>
 
 	<beans:bean id="myUserDetailsService" class="com.sampleapp.spm.model.managers.UserManager">
 		<beans:constructor-arg ref="sessionFactory" />
 	</beans:bean>
 
 	<beans:bean id="loginBean" class="com.sampleapp.spm.security.LoginBean" scope="request" />
 
 	<beans:bean id="helperBean" class="com.sampleapp.spm.security.HelperBean" scope="session">
 		<beans:constructor-arg ref="sessionFactory" />
 	</beans:bean>
 
 	<beans:bean id="applicationListener" class="com.sampleapp.spm.gui.common.ApplicationListener" scope="singleton">
 		<beans:property name="userDetailsService" ref="myUserDetailsService" />
 		<beans:property name="maxAttempts" value="3" />
 		<beans:property name="lockTime" value="60" />
 	</beans:bean>
 
 	<beans:bean id="strategySetterBean" class="com.sampleapp.spm.util.StrategySetter" scope="singleton" />
 
 	<beans:bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
 		<beans:property name="basenames">
 			<beans:list>
 				<beans:value>com/sampleapp/resources/msg</beans:value>
 			</beans:list>
 		</beans:property>
 	</beans:bean>
 
 </beans:beans>
 


Thanks,
Dumi.
Knuckle

Joined: 22/Nov/2008 00:00:00
Messages: 93
Offline


Hi Dumi

Im not quite sure why the problem you descibe is happening but can tell you I have not experienced the problem in my app.

I noticed you hav'nt declared your renderManager in facesConfig ?
Or is it in your Spring applicationContext.xml?

Code:
 <managed-bean>
   <managed-bean-name>renderManager</managed-bean-name> 
   <managed-bean-class>com.icesoft.faces.async.render.RenderManager</managed-bean-class> 
   <managed-bean-scope>application</managed-bean-scope> 
   </managed-bean>
 
 


Then make it a managed property of your backing bean ?

Code:
 <managed-bean>
   <managed-bean-name>main</managed-bean-name> 
   <managed-bean-class>com.sampleapp.Main</managed-bean-class> 
   <managed-bean-scope>request</managed-bean-scope> 
 <managed-property>
   <property-name>renderManager</property-name> 
   <value>#{renderManager}</value> 
   </managed-property>
   </managed-bean>
 



It could be your security config as well. See the following files for simple example using spring security programmic login rather then the 'GET' method as described in the tutorial.

web.xml

Code:
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
     <context-param>
         <param-name>com.icesoft.faces.concurrentDOMViews</param-name>
         <param-value>false</param-value>
     </context-param>
     <context-param>
         <param-name>com.icesoft.faces.debugDOMUpdate</param-name>
         <param-value>false</param-value>
     </context-param>
     <context-param>
         <param-name>com.sun.faces.validateXml</param-name>
         <param-value>true</param-value>
     </context-param>
     <context-param>
         <param-name>com.sun.faces.verifyObjects</param-name>
         <param-value>false</param-value>
     </context-param>
     <context-param>
         <param-name>com.icesoft.faces.uploadMaxFileSize</param-name>
         <param-value>4048576</param-value>
     </context-param>
     <context-param>
         <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
         <param-value>server</param-value>
     </context-param>
     <context-param>
         <param-name>com.sun.faces.enableRestoreView11Compatibility</param-name>
         <param-value>true</param-value>
     </context-param>
     <context-param>
         <param-name>com.icesoft.faces.standardRequestScope</param-name>
         <param-value>false</param-value>
     </context-param>
     <context-param>
         <param-name>com.icesoft.faces.synchronousUpdate</param-name>
         <param-value>false</param-value>
     </context-param>
     <listener>
         <listener-class>org.icefaces.netbeans.rave.web.ui.appbase.servlet.LifecycleListener</listener-class>
     </listener>
     <servlet>
         <servlet-name>Persistent Faces Servlet</servlet-name>
         <servlet-class>com.icesoft.faces.webapp.xmlhttp.PersistentFacesServlet</servlet-class>
         <load-on-startup>1</load-on-startup>
     </servlet>
     <servlet>
         <servlet-name>Blocking Servlet</servlet-name>
         <servlet-class>com.icesoft.faces.webapp.xmlhttp.BlockingServlet</servlet-class>
         <load-on-startup>1</load-on-startup>
     </servlet>
     <servlet>
         <servlet-name>uploadServlet</servlet-name>
         <servlet-class>com.icesoft.faces.component.inputfile.FileUploadServlet</servlet-class>
         <load-on-startup>1</load-on-startup>
     </servlet>
     <servlet>
         <servlet-name>Faces Servlet</servlet-name>
         <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
         <load-on-startup>1</load-on-startup>
     </servlet>
     <servlet-mapping>
         <servlet-name>Persistent Faces Servlet</servlet-name>
         <url-pattern>/xmlhttp/*</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>Persistent Faces Servlet</servlet-name>
         <url-pattern>*.iface</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>Persistent Faces Servlet</servlet-name>
         <url-pattern>*.jspx</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>Blocking Servlet</servlet-name>
         <url-pattern>/block/*</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>uploadServlet</servlet-name>
         <url-pattern>/uploadHtml</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>Faces Servlet</servlet-name>
         <url-pattern>/faces/*</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>Persistent Faces Servlet</servlet-name>
         <url-pattern>*.jsp</url-pattern>
     </servlet-mapping>
     <session-config>
         <session-timeout>
             30
         </session-timeout>
     </session-config>
     <welcome-file-list>
         <welcome-file>index.html</welcome-file>
         <welcome-file>faces/Page1.jsp</welcome-file>
     </welcome-file-list>
 
 
     <!--  Spring Security  -->
     	<!--
 	  - Location of the XML file that defines the root application context
 	  - Applied by ContextLoaderListener.
 	  -->
 	<context-param>
 		<param-name>contextConfigLocation</param-name>
 		<param-value>
 			/WEB-INF/applicationContext-security.xml
 		</param-value>
 	</context-param>
 
     <listener>
         <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
     </listener>
     <listener>
         <listener-class>com.icesoft.faces.util.event.servlet.ContextEventRepeater</listener-class>
     </listener>
     <listener>
         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
     </listener>
 
     <filter>
         <filter-name>springSecurityFilterChain</filter-name>
         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
     </filter>
     <filter-mapping>
         <filter-name>springSecurityFilterChain</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
 </web-app>
 


facesConfig.xml

Code:
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
     <context-param>
         <param-name>com.icesoft.faces.concurrentDOMViews</param-name>
         <param-value>false</param-value>
     </context-param>
     <context-param>
         <param-name>com.icesoft.faces.debugDOMUpdate</param-name>
         <param-value>false</param-value>
     </context-param>
     <context-param>
         <param-name>com.sun.faces.validateXml</param-name>
         <param-value>true</param-value>
     </context-param>
     <context-param>
         <param-name>com.sun.faces.verifyObjects</param-name>
         <param-value>false</param-value>
     </context-param>
     <context-param>
         <param-name>com.icesoft.faces.uploadMaxFileSize</param-name>
         <param-value>4048576</param-value>
     </context-param>
     <context-param>
         <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
         <param-value>server</param-value>
     </context-param>
     <context-param>
         <param-name>com.sun.faces.enableRestoreView11Compatibility</param-name>
         <param-value>true</param-value>
     </context-param>
     <context-param>
         <param-name>com.icesoft.faces.standardRequestScope</param-name>
         <param-value>false</param-value>
     </context-param>
     <context-param>
         <param-name>com.icesoft.faces.synchronousUpdate</param-name>
         <param-value>false</param-value>
     </context-param>
     <listener>
         <listener-class>org.icefaces.netbeans.rave.web.ui.appbase.servlet.LifecycleListener</listener-class>
     </listener>
     <servlet>
         <servlet-name>Persistent Faces Servlet</servlet-name>
         <servlet-class>com.icesoft.faces.webapp.xmlhttp.PersistentFacesServlet</servlet-class>
         <load-on-startup>1</load-on-startup>
     </servlet>
     <servlet>
         <servlet-name>Blocking Servlet</servlet-name>
         <servlet-class>com.icesoft.faces.webapp.xmlhttp.BlockingServlet</servlet-class>
         <load-on-startup>1</load-on-startup>
     </servlet>
     <servlet>
         <servlet-name>uploadServlet</servlet-name>
         <servlet-class>com.icesoft.faces.component.inputfile.FileUploadServlet</servlet-class>
         <load-on-startup>1</load-on-startup>
     </servlet>
     <servlet>
         <servlet-name>Faces Servlet</servlet-name>
         <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
         <load-on-startup>1</load-on-startup>
     </servlet>
     <servlet-mapping>
         <servlet-name>Persistent Faces Servlet</servlet-name>
         <url-pattern>/xmlhttp/*</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>Persistent Faces Servlet</servlet-name>
         <url-pattern>*.iface</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>Persistent Faces Servlet</servlet-name>
         <url-pattern>*.jspx</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>Blocking Servlet</servlet-name>
         <url-pattern>/block/*</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>uploadServlet</servlet-name>
         <url-pattern>/uploadHtml</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>Faces Servlet</servlet-name>
         <url-pattern>/faces/*</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
         <servlet-name>Persistent Faces Servlet</servlet-name>
         <url-pattern>*.jsp</url-pattern>
     </servlet-mapping>
     <session-config>
         <session-timeout>
             30
         </session-timeout>
     </session-config>
     <welcome-file-list>
         <welcome-file>index.html</welcome-file>
         <welcome-file>faces/Page1.jsp</welcome-file>
     </welcome-file-list>
 
 
     <!--  Spring Security  -->
     	<!--
 	  - Location of the XML file that defines the root application context
 	  - Applied by ContextLoaderListener.
 	  -->
 	<context-param>
 		<param-name>contextConfigLocation</param-name>
 		<param-value>
 			/WEB-INF/applicationContext-security.xml
 		</param-value>
 	</context-param>
 
     <listener>
         <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
     </listener>
     <listener>
         <listener-class>com.icesoft.faces.util.event.servlet.ContextEventRepeater</listener-class>
     </listener>
     <listener>
         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
     </listener>
 
     <filter>
         <filter-name>springSecurityFilterChain</filter-name>
         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
     </filter>
     <filter-mapping>
         <filter-name>springSecurityFilterChain</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
 </web-app>
 


applicationContext-security.xml

Code:
 
 <beans xmlns="http://www.springframework.org/schema/beans"
      xmlns:security="http://www.springframework.org/schema/security"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
                          http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                          http://www.springframework.org/schema/security
                          http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
 
     <security:http auto-config="true">
         <!-- Only one URI pattern is used in an Asychronous icefaces app, so URI filter security does not apply -->
 
         <!-- Login and logout is done through the same page (Page1) so these are not required -->
         <!--security:form-login login-page="/Page1.iface" authentication-failure-url="/Page1.iface" default-target-url="/Page1.iface" /-->
         <!--security:logout logout-success-url="/Page1.iface"/-->
 
         <security:concurrent-session-control max-sessions="1"/>
 
     </security:http>
 
     <!-- This line required so AuthenticationManager is defined as a proxied/Inversion Of Control (IOC) Spring Bean -->
     <!-- Springs DelegatingVariableResolver resolves this so it can be made a <managed-property> of/injected into authenticationController -->
     <security:authentication-manager alias="authenticationManager"/>
 
     <!-- Declare ->  UserDao userRepository = new UserDaoImpl();   -->
     <bean id="userRepository" class="netbeansspringsecuritydemo.security.UserDaoImpl"/>
     
     <!-- Declare -> UserDetailsService userDetailsService = new UserDetailsServiceImpl(userRepository);  -->
     <bean id="userDetailsService" class="netbeansspringsecuritydemo.security.UserDetailsServiceImpl">
         <constructor-arg ref="userRepository"/>
     </bean>
     
      <!-- Declare that the UserDetailsServiceImpl class is the authentication-provider -->
     <security:authentication-provider user-service-ref="userDetailsService"/>   
 
 
      <!-- We want to use annotated method security, so declare it -->
     <security:global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/>
 
 
     <!-- Have to declare the concrete implemenation of the Bean (not the interface with the @Security annotation!) -->
     <!-- Springs DelegatingVariableResolver resolves this so it can be made a <managed-property> of Page1 -->
     <bean id="secureService" class="netbeansspringsecuritydemo.security.SecureServiceImpl"/>
 
     
     <!-- Automatically receives AuthenticationEvent messages -->
     <bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>    
 
 </beans>
 




Hope it helps.

Cheers
Wayne
Knuckle

Joined: 22/Nov/2008 00:00:00
Messages: 93
Offline


Sorry,

facesConfig.xml

Code:
<?xml version='1.0' encoding='UTF-8'?>
 
 <faces-config version="1.2" 
     xmlns="http://java.sun.com/xml/ns/javaee" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_1_2.xsd">
     <application>
         <view-handler>
             org.icefaces.netbeans.rave.web.ui.appbase.faces.ViewHandlerImpl
         </view-handler>
     </application>
     
         <!-- Spring Security Resolver -->
     <application>
         <variable-resolver>
             org.springframework.web.jsf.DelegatingVariableResolver
         </variable-resolver>
     </application>
     
     <!-- Declare secureService as a managed-bean property of Page1-->
     <!-- secureService is defined in applicationContext.xml as a Spring IOC Bean -->
     <!-- org.springframework.web.jsf.DelegatingVariableResolver is required to resolve it -->
     <managed-bean>
         <managed-bean-name>Page1</managed-bean-name>
         <managed-bean-class>netbeansspringsecuritydemo.Page1</managed-bean-class>
         <managed-bean-scope>session</managed-bean-scope>
         <managed-property>
             <property-name>secureService</property-name>
             <value>#{secureService}</value>
         </managed-property>
     </managed-bean>   
     
     
     <managed-bean>
         <managed-bean-name>SessionBean1</managed-bean-name>
         <managed-bean-class>netbeansspringsecuritydemo.SessionBean1</managed-bean-class>
         <managed-bean-scope>session</managed-bean-scope>
     </managed-bean>
     <managed-bean>
         <managed-bean-name>RequestBean1</managed-bean-name>
         <managed-bean-class>netbeansspringsecuritydemo.RequestBean1</managed-bean-class>
         <managed-bean-scope>request</managed-bean-scope>
     </managed-bean>
     <managed-bean>
         <managed-bean-name>ApplicationBean1</managed-bean-name>
         <managed-bean-class>netbeansspringsecuritydemo.ApplicationBean1</managed-bean-class>
         <managed-bean-scope>application</managed-bean-scope>
     </managed-bean>
 
 
     <!-- Declare the Spring authenticationManager and Page1 Beans as properties of the AuthenticationController -->
     <!-- authenticationManager is defined in applicationContext.xml as a Spring IOC Bean -->
     <!-- org.springframework.web.jsf.DelegatingVariableResolver is required to resolve it -->
     <managed-bean>
         <managed-bean-name>authenticationController</managed-bean-name>
         <managed-bean-class>
             netbeansspringsecuritydemo.security.AuthenticationController
         </managed-bean-class>
         <managed-bean-scope>session</managed-bean-scope>
         <managed-property>
             <property-name>authenticationManager</property-name>
             <value>#{authenticationManager}</value>
         </managed-property>
         <managed-property>
             <property-name>page1</property-name>
             <value>#{Page1}</value>
         </managed-property>
     </managed-bean>
     <managed-bean>
         <managed-bean-name>includes$SecureInclude</managed-bean-name>
         <managed-bean-class>netbeansspringsecuritydemo.includes.SecureInclude</managed-bean-class>
         <managed-bean-scope>request</managed-bean-scope>
     </managed-bean>
 </faces-config>
 
Dumi

Joined: 16/Jun/2009 00:00:00
Messages: 16
Offline


Hi,

Here is also my applicationContext.xml:

Code:
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:jee="http://www.springframework.org/schema/jee"
 	xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.5.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd">
 
 	<!-- Database Resources and Transaction Management -->
 	<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
 		<property name="driverClassName" value="com.mysql.jdbc.Driver" />
 		<property name="url" value="jdbc:mysql://localhost:3306/sample_cfdb" />
 		<property name="username" value="sample_admin" />
 		<property name="password" value="admin" />
 	</bean>
 	<bean id="sessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
 		<property name="dataSource" ref="dataSource" />
 		<property name="useTransactionAwareDataSource" value="false" />
 		<property name="exposeTransactionAwareSessionFactory" value="false" />
 		<property name="mappingResources">
 			<list>
 				<value>com/sampleapp/spm/model/mapping/Customers.hbm.xml</value>
 				<value>com/sampleapp/spm/model/mapping/Users.hbm.xml</value>
 				<value>com/sampleapp/spm/model/mapping/UsersAuthorities.hbm.xml</value>
 			</list>
 		</property>
 		<property name="hibernateProperties">
 			<props>
 				<prop key="connection.pool_size">1</prop>
 				<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
 				<prop key="hibernate.current_session_context_class">org.hibernate.context.ThreadLocalSessionContext</prop>
 				<prop key="show_sql">true</prop>
 				<prop key="hibernate.generate_statistics">true</prop>
 				<prop key="hibernate.bytecode.use_reflection_optimizer">false</prop>
 			</props>
 		</property>
 	</bean>
 
 	<bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager">
 		<property name="sessionFactory" ref="sessionFactory" />
 	</bean>
 
 	<!-- Managers -->
 	<bean id="customerManager" class="com.sampleapp.spm.model.managers.CustomerManager">
 		<constructor-arg ref="sessionFactory" />
 	</bean>
 
 	<!-- GUI beans-->
 	<bean id="renderManager" class="com.icesoft.faces.async.render.RenderManager" />
 
 	<!-- Session beans -->
 	<bean id="customerSessionBean" class="com.sampleapp.spm.gui.CustomerSessionBean" scope="session">
 		<constructor-arg ref="sessionFactory" />
 		<property name="renderManager" ref="renderManager" />
 	</bean>
 
 	<bean id="userSessionBean" class="com.sampleapp.spm.gui.UserSessionBean" scope="session">
 		<constructor-arg ref="sessionFactory" />
 		<property name="renderManager" ref="renderManager" />
 	</bean>
 
 	<!-- Other beans -->
 	<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener" />
 
   <bean id="sessionListener" class="com.sampleapp.spm.gui.common.SessionListener" scope="session" />
 </beans>
 


As you can see I have the renderManager defined here and it is referenced by my backing beans.

Thanks,
Dumi.
Knuckle

Joined: 22/Nov/2008 00:00:00
Messages: 93
Offline


Hi Dumi

I think that when you define the renderManager in the Spring Context it becomes a Spring proxied/Inversion of Control (IOC) Bean that operates in in a different thread to your icefaces app. I would try defining it, and your backing beans in facesConfig.xml.

and /or

You could define a DelegatingVariableResolver in facesConfig.xml
Code:
 <!-- Spring Security Resolver -->
      <application>
          <variable-resolver>
              org.springframework.web.jsf.DelegatingVariableResolver
          </variable-resolver>
      </application>
 


Cheers
Wayne
Dumi

Joined: 16/Jun/2009 00:00:00
Messages: 16
Offline


Hi,

I've tried defining the beans in the faces-config.xml and the result is the same (the stack is also the same).

Code:
 <managed-bean>
 	<description>
 		Used to initiate server side renders
 	</description>
 	<managed-bean-name>rM</managed-bean-name>
 	<managed-bean-class>com.icesoft.faces.async.render.RenderManager</managed-bean-class>
 	<managed-bean-scope>application</managed-bean-scope>
 </managed-bean>
 
 <managed-bean>
 	<managed-bean-name>tabSessionBean</managed-bean-name>
 	<managed-bean-class>com.closingfocus.spm.gui.TabSessionBean</managed-bean-class>
 	<managed-bean-scope>session</managed-bean-scope>
 	<managed-property>
 		<property-name>renderManager</property-name>
 		<value>#{rM}</value>
 	</managed-property>
 	<managed-property>
 		<property-name>sessionFactory</property-name>
 		<value>#{sessionFactory}</value>
 	</managed-property>
 </managed-bean>
 


About the other solution, I'm already using a resolver, the org.springframework.web.jsf.el.SpringBeanFacesELResolver one. The org.springframework.web.jsf.DelegatingVariableResolver is the older one and is deprecated (API variable-resolver is deprecated after JSF 1.1. Use el-resolver instead.). But I also tried it and the issue is still there.

Thanks,
Dumi.
Knuckle

Joined: 22/Nov/2008 00:00:00
Messages: 93
Offline


Hi Dumi

Sorry I cant help yah, but thanks for the tip + others.

Cheers
Wayne
felix41382

Joined: 18/Oct/2007 00:00:00
Messages: 21
Offline


Same problem over here! Does somebody else uses ICEfaces 1.8.2 + Spring-Security 3.0.0.RC and has trouble getting the SecurityContextHolder?

Why is the context not published to the Renderer?

Greetings
Felix

 
Forum Index -> General Help
Go to:   
Powered by JForum 2.1.7ice © JForum Team