spring security authentication state check - spring

i have not casual issue with the Spring MVC+Spring security.
There was emergency electricity switch-off, and as i worked with intellij IDEA on my proj, some random opened files was lost.
I recover everything, but now having a really strange issue
This is how i check authentication state on my index.jsp page
<%# page contentType="text/html;charset=UTF-8" language="java" %>
<%# taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<%# taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<sec:authorize access="hasAnyAuthority('ROLE_ADMIN', 'ROLE_USER')" var="isAuthenticated"/>
${isAuthenticated}
<c:choose>
<c:when test="${isAuthenticated}">
**do smth**
</c:when>
<c:otherwise>
**do smth**
</c:otherwise>
</c:choose>
So, the problem is:
After successful login, i redirected to user page, i can use 'SecurityContextHolder.getContext().getAuthentication().getName()'
username from context, etc, everything is ok.
But for some reason i can't receive an authentication state,
${isAuthenticated}
always have 'false' value.
What should i look for? i don't get any errors.
Authenticated use have role Admin/user.

Related

Spring Boot Security JSP tags

I have a Spring Boot webapp and Spring Security configured.
If I login as ADMIN I am not able to see the menu link configured like this:
<sec:authorize access="hasRole('ADMIN')">
<li>
<a href="references">References
</a>
</li>
</sec:authorize>
Any idea?
Thanks
R.
Be sure to add taglib in your jsp page.
<%# taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
And see that you have the dependency for it.
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>X.X.X</version>
</dependency>
The solution for my problem was the security authorized tag :
'
DISPLAY CONTENT
'

Adding Spring <%#taglib%> to JSPX file causes: The content of elements must consist of well-formed character data or markup

I am using Springframework 4.0.3 implement my web-app and I see this exception when I try to access my jsp, however I see other people use in this way without problem.
My jsp code as below and it says exception happening on line2 column2, please help.
<jsp:directive.page language="java" contentType="text/html; charset=UTF-8" />
<%# taglib uri="http://www.springframework.org/tags" prefix="spring" %>
<html>
.....
</html>
Can you try adding this to your top of jsp
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
It may helps you :
replace your code :
<%# taglib uri="http://www.springframework.org/tags" prefix="spring" %>
with
<%# taglib uri="http://www.springframework.org/tags/form" prefix="spring"%>

Spring security with pages in velocity

How can I use Spring security when my pages are not in JSP but Velocity?
is there something like this tag with JSP:
<%# taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<sec:authorize access="hasRole('frmwrk.user.role.administrator')">
...
</sec:authorize>

JSP Fragments: Which tags are reduplicated at the top

I have a JSP page which has the following tags prior to the <html> tag:
<?xml version="1.0" encoding="ISO-8859-1" ?>
<%# page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%# taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
Which of these need to be carried over into a JSP/HTML fragment that will be pulled into the page via AJAX call. (Specifically, a Dojo xhrGet... but I'm not sure that's relevant.) If more environmental information is required to answer this, please let me know and I will gladly expand this question.
Okay. This is what we went with. It works fine:
<%# page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%# taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

Java Web: How use JSP with JSF and Ajax?

i'm working in a project with jsp, i need to start to use ajax too.
i'm enjoying jsf , is possible work with these together (JSP, JSF and AJAX) ?
I'm asking this cause i could run jsf with ajax
<h:commandButton id="bt_save" value="Save" title="Save" action="#personMBean.clickSave()}">
<f:ajax execute="#form" render="lblMessage" />
</h:commandButton>
<br/>
<h:outputLabel id="lblMessage" value="#{personMBean.message}" />
But when i try input this code in my jsp page it doesn't work, even if i insert on my jsp page:
<%#page contentType="text/html"%>
<%#page pageEncoding="UTF-8"%>
<%#taglib prefix="f" uri="http://java.sun.com/jsf/core"%>
<%#taglib prefix="h" uri="http://java.sun.com/jsf/html"%>
Any ideas ?
Ensure that you're using JSF 2.x (the <f:ajax> doesn't exist in JSF 1.x) and that you've a <h:head> instead of <head> in the master template (so that JSF can auto-include necessary Ajax JavaScripts).
Said that, you should really consider Facelets as replacement of JSP. JSP is an outdated view technology and ill suited for templating and has been replaced by Facelets as per JSF 2.0 / Java EE 6.
Yes - try richfaces or primefaces
I don't see why you couldn't do this but certainly not on the same page.
To do this you need to map the *.jsp extension to the JSP servlet while mapping the *.jsf or *.xhtml to FacesServlet.

Resources