Spring security is blocking call to a button on a login page - spring

Issue: I am displaying a button for change of the language on a custom login form
When user clicks on the button there should be a call to a function that changes the language, however, that is not happening because spring security is blocking other calls on that page.
Java spring security configuration that I am using is:
#Configuration
#EnableWebSecurity(debug=false)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("test000").password("test1").roles("USER").and()
.withUser("admin000").password("test1").roles("ADMIN").and()
.withUser("dba000").password("test1").roles("ADMIN","DBA");
}
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login.xhtml","/resources/**","/javax.faces.resource/**").permitAll()
.antMatchers("/views/**","/WEB-INF/template/**").authenticated()
.anyRequest().authenticated()
.and().formLogin().loginPage("/login.xhtml").usernameParameter("username").passwordParameter("password").defaultSuccessUrl("/home.xhtml")
.and().logout().logoutSuccessUrl("/login.xhtml").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.and().exceptionHandling().accessDeniedPage("/accessDenied.xhtml")
.and().httpBasic();
}
}
Note: When I swithch off csrf.disable() then the call to the button works, but then log in stops working.
How should I set this up in order to have both log in and language change in place?
JSF Login page:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui">
<f:view contentType="text/html" id="fview" locale="#{USManager.locale}">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>#{appMsg['application.title']}</title>
<ui:debug />
<f:metadata>
<ui:insert name="metadata" />
</f:metadata>
<h:head>
<h:outputStylesheet library="css" name="common-style.css" />
<h:outputStylesheet library="css" name="style.css" />
</h:head>
<h:body style="background-image:none; background-color:#253A7C;" styleClass="LoginPage" onload='document.loginForm.username.focus();'>
<p:layout fullPage="true">
<p:layoutUnit position="center">
<h:panelGrid columns="2" id="loginContainer">
<div class="LoginPageLogo"> </div>
<h:panelGroup>
<h:outputText value="#{appMsg['login.title']}" styleClass="LoginTitle" />
<h:form id="loginForm" method="post" prependId="false" action="/login">
<p:growl id="loginMessages" showSummary="true" showDetail="true" autoUpdate="true" life="3000" />
<p:panel header="#{appMsg['login.form.header']}">
<h:panelGrid id="loginPanel" columns="2">
<p:spacer />
<p:spacer />
<p:inputText id="username" size="30" />
<p:spacer />
<h:outputText value="#{rccMsg['login.form.username']}" />
<p:spacer />
<p:spacer></p:spacer>
<p:message for="username"></p:message>
<p:password id="password" feedback="false" size="30" />
<p:spacer />
<h:outputText value="#{appMsg['login.form.password']}" />
<p:spacer />
<p:spacer />
<p:message for="password"></p:message>
<!-- <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/> -->
<p:commandButton value="#{appMsg['login.form.submit']}" ajax="false" />
<p:commandButton id="btnSr" value="SR" actionListener="#{USManager.useSr}" rendered="#{USManager.language=='en'}" process="#this" update="#parent">
<!-- <f:setPropertyActionListener value="sr" target="#{USManager.language}"></f:setPropertyActionListener> -->
<!-- <h:graphicImage name="images/flag_sr.png"/> -->
</p:commandButton>
<p:commandButton id="btnEn" value="EN" actionListener="#{USManager.useEn}" rendered="#{USManager.language=='sr'}" process="#this" update="#parent">
<!-- <f:setPropertyActionListener value="en" target="#{USManager.language}"></f:setPropertyActionListener> -->
<!-- <h:graphicImage name="images/flag_en.png"/> -->
</p:commandButton>
</h:panelGrid>
</p:panel>
</h:form>
</h:panelGroup>
</h:panelGrid>
</p:layoutUnit>
</p:layout>
</h:body>
</f:view>
</html>

Related

Avoid Browser Cache Issues in jsf 2

I am woking on a project using JSF2. I use Spring security for Authentication (access ,login, and logout) and my view pages are xhtml. My problem is that after logout user could back to previous page and do job. I use AuthenticationBean class for login&louout.
Also I added below command to header of my page but nothing changed!
meta http-equiv="Cache-control" content="public"
meta http-equiv="Cache-control" content="private"
meta http-equiv="Cache-control" content="no-cache"
meta http-equiv="Cache-control" content="no-store"
The bean:
#ManagedBean(name = "authenticationBean")
#RequestScoped
public class AuthenticationBean {
public String doLogin() throws ServletException, IOException {
ExternalContext context = FacesContext
.getCurrentInstance().getExternalContext();
RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
.getRequestDispatcher("/j_spring_security_check");
dispatcher.forward(
(ServletRequest) context.getRequest(),
(ServletResponse) context.getResponse());
FacesContext.getCurrentInstance().responseComplete();
return null;
}
public String doLogout() {
FacesContext.getCurrentInstance()
.getExternalContext().invalidateSession();
return "/login.xhtml";
}
}
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Expires" content="0"/>
<h:graphicImage library="images" name="spr-2.png" width="400" height="400"/>
<h:form id="loginForm" prependId="false">
<h:messages globalOnly="true"/>
<p:messages autoUpdate="true"/>
<h:panelGrid columns="3">
<h:outputLabel for="j_username" value="User: * " />
<p:inputText id="j_username" required="true" label="username" />
<h:outputLabel for="j_password" value="Password: * " />
<p:password id="j_password" label="password" required="true" />
</h:panelGrid>
<h:commandButton type="submit" id="login" value="Login" action="#{authenticationBean.doLogin()}" />
</h:form>
<f:facet name="first">
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
</f:facet>
</h:head>
<h:body>
<h:form>
<h:commandLink action="#{authenticationBean.doLogout}" style="font-size: 0.7em;color:blue;font-family:serif ">logout</h:commandLink>
</h:form>
<h:form>
<p:commandLink value="GO TO Functions" action="/pages/admin/indexAdmin?faces-redirect=true"/>
</h:form>
<h:graphicImage library="images" name="pic1.jpg" width="800" height="200"/> </h:body>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">

primefaces calendar button disappears after validation

I have problems after click on submit button. Primafaces validation is executed and the calendars buttons dissapears.
The structure of the application view is a principal page that contains other. In the principal page which name is "welcomePrimefaces" I call to the other page wich name is left_layoutUnit using a ui:include
I am using primefaces 3.5, Mojarra 2.1.6
Somebody could help me???
welcomePrimefaces.xhtml
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui">
<f:view contentType="text/html">
<h:head>
<link type="text/css" rel="stylesheet" href="css/styles.css"/>
<f:facet name="first">
<meta content='text/html; charset=UTF-8' http-equiv="Content-Type"/>
<title>PrimeFaces</title>
</f:facet>
<script type="text/javascript">
function handleLoginRequest(xhr, status, args) {
if(args.validationFailed || !args.loggedIn) {
jQuery('#dialog').effect("shake", { times:3 }, 100);
} else {
dlg.hide();
jQuery('#loginLink').fadeOut();
}
}
</script>
</h:head>
<h:body>
<p:layout fullPage="true">
<p:layoutUnit position="north" size="100" styleClass="ui-layout-header">
<ui:include src="header_layoutUnit.xhtml" />
</p:layoutUnit>
<p:layoutUnit id="footer" position="south" size="100" closable="false" collapsible="false">
<ui:include src="footer_layoutUnit.xhtml" />
</p:layoutUnit>
<p:layoutUnit position="west" size="500" closable="false" collapsible="false">
<ui:include src="left_layoutUnit.xhtml" />
</p:layoutUnit>
<p:layoutUnit position="center" styleClass="ui-layout-center">
<ui:include src="right_layoutUnit.xhtml" />
</p:layoutUnit>
</p:layout>
</h:body>
</f:view>
left_layoutUnit.xhtml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui">
<h:head>
<h:form id="form">
<p:panel id="panel" header="Panel Title">
<p:messages id="msgs"/>
<p:panelGrid id="theGrid" columns="1">
<p:row>
<p:column>
<p:calendar value="#{formBean.date1}" id="popupButtonCal1" showOn="button" maxlength="8" size="15"
required="true" requiredMessage="Fecha ida is required"/>
</p:column>
</p:row>
<p:row>
<p:column>
<p:calendar value="#{formBean.date2}" id="popupButtonCal2" showOn="button" maxlength="8" size="15"
required="true" requiredMessage="Fecha vuelta is required"/>
</p:column>
</p:row>
<p:dialog header="Selected Dates" widgetVar="dialog" showEffect="fade" hideEffect="fade">
<h:panelGrid id="display" columns="1">
<h:outputText value="Popup Button Date: " />
<h:outputText id="popupButtonDate">
<f:convertDateTime pattern="d/M/yyyy"/>
</h:outputText>
</h:panelGrid>
</p:dialog>
<p:row>
<p:column>
<p:commandButton value="Submit" update="panel" actionListener="#{formBean.buscarVuelos}"/>
</p:column>
</p:row>
</p:panelGrid>
</p:panel>
</h:form>
</h:head>

datatable doesn't be updated with ajax in primefaces

in the page below, the datatable doesn't be updated by dialog even if I put its id in update attribute and I don't have any error :
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui" xmlns:ui="http://java.sun.com/jsf/facelets">
<h:body>
<ui:composition template="/template/layout.xhtml">
<ui:define name="contenu">
<p:growl id="messages" showDetail="true" />
<h:form>
<p:commandButton value="Ajouter Type" id="ajax" onclick="dlg.show()" />
<p:dialog id="dialog" header="Nouveau Type" widgetVar="dlg">
<h:panelGrid columns="2" cellpadding="5">
<h:outputLabel for="libelle" value="Libelle :" />
<p:inputText value="#{typeMB.newtype.libelle}" id="libelle" required="true" label="libelle" />
<h:outputLabel for="commission" value="commission :" />
<h:inputText value="#{typeMB.newtype.commission}" id="commission" required="true" label="commission" />
<f:facet name="footer">
<p:commandButton id="ajouterBoutton" value="Ajouter" update="growl,:form:ourdatatable" actionListener="#{typeMB.ajouter}"
oncomplete="handleLoginRequest(xhr, status, args)" />
</f:facet>
<p:growl style="z-index=100" id="growl" showDetail="true" life="3000" />
</h:panelGrid>
</p:dialog>
<script type="text/javascript">
function handleLoginRequest(xhr, status, args) {
if(args.validationFailed || !args.loggedIn) {
jQuery('#dialog').effect("shake", { times:3 }, 100);
} else {
dlg.hide();
}
}
</script>
</h:form>
<h:form id="form">
<p:dataTable var="car" id="ourdatatable" value="#{typeMB.list_types}" editable="true">
<p:ajax event="rowEdit" listener="#{typeMB.onEdit}" update=":messages" />
<p:ajax event="rowEditCancel" listener="#{typeMB.onCancel}" update=":messages" />
<p:column headerText="Numero" style="width:30%">
<h:outputText value="#{car.idtype}" />
</p:column>
<p:column headerText="Libellé" style="width:20%">
<p:cellEditor>
<f:facet name="output">
<h:outputText value="#{car.libelle}" />
</f:facet>
<f:facet name="input">
<p:inputText value="#{car.libelle}" style="width:100%" label="Libellé" />
</f:facet>
</p:cellEditor>
</p:column>
<p:column headerText="Commission" style="width:24%">
<p:cellEditor>
<f:facet name="output">
<h:outputText value="#{car.commission}" />
</f:facet>
<f:facet name="input">
<p:inputText value="#{car.commission}" style="width:100%" label="Commission" />
</f:facet>
</p:cellEditor>
</p:column>
<p:column style="width:6%">
<p:rowEditor />
</p:column>
<p:column>
<p:commandLink value="Supprimer" process="#this" update=":confirmDialog" oncomplete="confirmation.show()">
<f:setPropertyActionListener value="#{car}" target="#{typeMB.selectedType}" />
</p:commandLink>
</p:column>
</p:dataTable>
</h:form>
<p:confirmDialog id="confirmDialog" message="Etes vous sur de vouloir supprimer ce Type #{typeMB.selectedType.libelle}"
header="confirmation de suppression" severity="alert" widgetVar="confirmation">
<h:form>
<p:commandButton id="confirm" value="oui" update=":form:ourdatatable" oncomplete="confirmation.hide()" actionListener="#{typeMB.supprimer}" />
<p:commandButton id="decline" value="non" onclick="confirmation.hide()" type="button" />
</h:form>
</p:confirmDialog>
</ui:define>
</ui:composition>
</h:body>
</html>
the datatable is updated only when I refresh the page
I tested with only one h:form for the whole of the page but it causes me problems with adding and updating features
Edit:
here is my layout (I think it is not the src of problem):
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:p="http://primefaces.org/ui">
<f:view contentType="text/html">
<h:head>
<meta content='text/html; charset=UTF-8' http-equiv="Content-Type" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="description" content="" />
<meta name="author" content="" />
<title>Intégration de la Bootstrap et Primefaces</title>
<h:outputStylesheet library="css" name="css/bootstrap.css" />
<h:outputStylesheet library="css" name="bootstrap.css" />
<h:outputStylesheet library="css" name="css/bootstrap-responsive.css" />
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<h:outputScript library="js" name="js/html5shiv.js" />
<![endif]-->
<link rel="shortcut icon" href="ico/favicon.png" />
</h:head>
<h:body>
<ui:include src="menu_haut.xhtml" />
<div class="container-fluid">
<div class="row-fluid">
<ui:include src="menu_gauche.xhtml" />
<div class="span9">
<div class="bs-docs-example">
<ui:insert name="contenu">
contenu par défaut!
</ui:insert>
</div>
</div>
<!--/span-->
</div>
<!--/row-->
<ui:include src="footer.xhtml" />
</div>
</h:body>
</f:view>
</html>

instead of update=":form:ourdatatable" use update=":#{p:component('ourdatatable')}"
this helper component searches the dom to resolve any namespace qualification for the identifier used in argument.

Action event fires only on 2nd click of commandLink/commandButton

Running Netbeans 7.1.1 with latest JRE/JDK and Glassfish 3.1 on Windows 7.0.
Despite what sort of application I build, for some reason I have to click any commandLink or commandButton twice to get event to fire.
How is this caused and how can I solve it?
Here's an example of such a view where this problem occurs:
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:p="http://primefaces.org/ui"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:c="http://java.sun.com/jsp/jstl/core">
<h:head>
<title>Time Manager - New Employee</title>
</h:head>
<h:body>
<h:form id="form"">
<p:panel id="panel" header="New Employee">
<p:messages id="msgs"/>
<h:panelGrid columns="3">
<h:outputLabel for="fname" value="Firstname: *" />
<p:inputText id="fname" value="#{employee.name}"
required="true" label="FullName">
<f:validateLength minimum="2" maximum="20" />
</p:inputText>
<p:message for="fname" display="icon"/>
<h:outputLabel for="eml" value="Email: *" />
<p:inputText id="eml" value="#{employee.email}"
label="Email" required="true">
<f:validateLength minimum="9" maximum="100" />
<p:ajax update="msgEml" event="keyup" />
</p:inputText>
<p:message for="eml" id="msgEml" display="icon"/>
</h:panelGrid>
<p:button id="btn" value="Cancel" update="panel"
type="button" outcome="/index"/>
<p:commandButton id="addEmp" value="Save" update="panel"
actionListener="#{employee.saveEmployee}"
styleClass="ui-priority-primary"/>
</p:panel>
</h:form>
</h:body>
</html>

Why a4j:commandButton doesn’t reacts at first click?

Could somebody explain me why a4j:commandButton doesn’t reacts at first click in the next scenario?
I have to hit it two times in order to get the action executed…
facelets composite template named principal.xhtml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:a4j="http://richfaces.org/a4j"
xmlns:rich="http://richfaces.org/rich">
<f:view contentType="text/html">
<h:head>
<meta http-equiv="content-type" content="text/xhtml; charset=UTF-8" />
</h:head>
<h:body>
<div id="heading">
<ui:insert name="heading">
<ui:include src="/adm/includes/menu.xhtml"/>
</ui:insert>
</div>
<div id="content">
<br />
<a4j:outputPanel ajaxRendered="true">
<ui:insert name="content"/>
</a4j:outputPanel>
<br />
</div>
<div id="footer">
<ui:insert name="footer">
<ui:include src="/adm/includes/footer.xhtml"/>
</ui:insert>
</div>
</h:body>
</f:view>
</html>
The JSF page with the problematic ajax button:
<ui:composition template="/adm/templates/principal.xhtml">
<ui:define name="content">
<rich:panel header="#{msgs.usuariosNuevo}">
<h:form id="formUsuariosNuevo" prependId="false">
<h:panelGrid columns="3">
<h:outputText value="#{msgs.email}" />
<h:inputText value="#{usuarioCtrl.mdl.email}" id="email" />
<h:outputText value="#{msgs.pwd}" />
<h:inputSecret value="#{usuarioCtrl.mdl.pwd}" id="pwd" />
</h:panelGrid>
<a4j:commandButton value="#{msgs.guardar}" action="#{usuarioCtrl.guardarUsuarioAction}" />
</h:form>
</rich:panel>
</ui:define>
</ui:composition>
... and the 'top' toolbar menu menu.xhtml:
<h:form prependId="false" id="formMenu">
<rich:toolbar height="26px">
<rich:dropDownMenu mode="ajax">
<f:facet name="label">
<h:panelGroup>
<h:graphicImage value="/resources/img/icon/usuarios.png" styleClass="pic" width="20" height="20" />
<h:outputText value="Usuarios" />
</h:panelGroup>
</f:facet>
<rich:menuItem label="Nuevo" action="#{menuCtrl.usuariosNuevoAction}" icon="/resources/img/icon/nuevo.png" />
<rich:menuItem label="Gestión" action="#{menuCtrl.usuariosGestionAction}" icon="/resources/img/icon/gestion.png" />
</rich:dropDownMenu>
<!-- Others dropDownsMenu's here ... -->
</rich:toolbar>
</h:form>
thanks!

I think the problem happens when you're using JSF #ManagedBean. You need declare that form bean variable in current flow.
I'm using Richfaces 4.2, Spring-web-flow 2.3.0, Spring 3.1.1
formbean
#RequestScoped
#ManagedBean
public class SearchForm implements Serializable {
private static final long serialVersionUID = 1L;
private String pattern = "Please insert";
public String getPattern() {
return pattern;
}
public void setPattern(String pattern) {
this.pattern = pattern;
}
}
home-flow.xml
<var name="searchForm" class="com.inhouse.web.form.SearchForm"/>
<view-state id="home" view="home.xhtml" model="searchForm">
<transition on="search">
<evaluate expression="searchController.search(requestParameters.pattern)" result="flashScope.searchResults"></evaluate>
</transition>
</view-state>
home.xhtml
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:sf="http://www.springframework.org/tags/faces"
xmlns:fn="http://java.sun.com/jsp/jstl/functions"
xmlns:a4j="http://richfaces.org/a4j"
xmlns:rich="http://richfaces.org/rich">
<ui:composition template="/WEB-INF/layouts/template.xhtml">
<ui:define name="content">
<h:form>
<h:inputText value="#{searchForm.pattern}" />
<a4j:commandButton action="search" value="Search" render="searchResult" immediate="true">
<f:param name="pattern" value="#{searchForm.pattern}"></f:param>
</a4j:commandButton>
</h:form>
<h:panelGroup id="searchResult">
<h:outputText value="#{searchResults}" />
</h:panelGroup>
</ui:define>
</ui:composition>
</html>
Controller
#Controller
public class SearchController {
public String search(String pattern) {
return "this is the search results";
}
}

Resources