ICEfaces
  1. ICEfaces
  2. ICE-8542

Spring Security sample application out of date

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 3.1
          • Fix Version/s: 3.1
          • Component/s: Sample Apps
          • Labels:
            None
          • Environment:
            ICEFaces 3.1 + Spring security 3.1.2 + Spring framework 3.0.6
          • Affects:
            Sample App./Tutorial

            Description

            Updating the swf-booking-icefaces example to use the above Spring security versions shows a few configuration incompatibilities.

              Activity

              Descending order - Click to sort in ascending order
              Hide
              Permalink
              Greg Dick added a comment - - edited

              The tutorial has been updated

              Show
              Greg Dick added a comment - - edited The tutorial has been updated
              Hide
              Permalink
              Greg Dick added a comment -

              The other property, the redirect strategy, is configured on the authenticationEntryPoint element as follows:

              <beans:bean id="authenticationEntryPoint" class="com.icesoft.spring.security.JsfLoginUrlAuthenticationEntryPoint">
              <beans:property name="loginFormUrl" value="/spring/login"/>
              <beans:property name="redirectStrategy" ref="jsfRedirectStrategy" />
              </beans:bean >

              Show
              Greg Dick added a comment - The other property, the redirect strategy, is configured on the authenticationEntryPoint element as follows: <beans:bean id="authenticationEntryPoint" class="com.icesoft.spring.security.JsfLoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/spring/login"/> <beans:property name="redirectStrategy" ref="jsfRedirectStrategy" /> </beans:bean >
              Hide
              Permalink
              Greg Dick added a comment -

              First, the scheme declaration in the security-config.xml file needs to be updated to refer to 3.1 as follows:

              <beans:beans xmlns="http://www.springframework.org/schema/security"
              xmlns:beans="http://www.springframework.org/schema/beans"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://www.springframework.org/schema/beans
              http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
              http://www.springframework.org/schema/security
              http://www.springframework.org/schema/security/spring-security-3.1.xsd">

              Second, the property configurations have changed on the SessionManagementFilter. The two marked properties are no longer valid and need to be removed:

              <beans:bean id="sessionManagementFilter"
              class="org.springframework.security.web.session.SessionManagementFilter">
              <beans:constructor-arg name="securityContextRepository" ref="httpSessionSecurityContextRepository" />
              <!-- <beans:property name="invalidSessionUrl" value="/auth/sessionExpired.jsf" />-->
              <!-- <beans:property name="redirectStrategy" ref="jsfRedirectStrategy" />-->
              </beans:bean>

              At this point the application works, however, there is a new place for the invalidSessionUrl, session management has it's own attribute now:

              <session-management invalid-session-url="/auth/sessionExpired.jsf" />

              Show
              Greg Dick added a comment - First, the scheme declaration in the security-config.xml file needs to be updated to refer to 3.1 as follows: <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd "> Second, the property configurations have changed on the SessionManagementFilter. The two marked properties are no longer valid and need to be removed: <beans:bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter"> <beans:constructor-arg name="securityContextRepository" ref="httpSessionSecurityContextRepository" /> <!-- <beans:property name="invalidSessionUrl" value="/auth/sessionExpired.jsf" />--> <!-- <beans:property name="redirectStrategy" ref="jsfRedirectStrategy" />--> </beans:bean> At this point the application works, however, there is a new place for the invalidSessionUrl, session management has it's own attribute now: <session-management invalid-session-url="/auth/sessionExpired.jsf" />

                People

                • Assignee:
                  Greg Dick
                  Reporter:
                  Greg Dick
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: