Acegi/Spring Security JSF Integration Project continued
October 16th, 2008 by 
DerekWe’ve gotten a good number of comments from Lincoln’s latest post on Spring Security and JSF. A few comments have asked for further code samples on how to get this example working.
We created a runnable project for this example, and it can be downloaded here.
All you need to do is extract the project to your workspace (We use Eclipse), and import the project. Add the project to your server and start it up. Next open your browser and navigate to:
http://localhost:8080/springsecurity/
Note*: You’ll need to change the URL to your server port number if it isn’t set to 8080.
Assuming all the steps above worked successfully you should see a page like the one below.
Now click on the Secret link. This should force you to the login page. The Secret page requires authentication to view. Go ahead and type in the User: rod Password: koala
You should now be redirected to the Secret page (shown below).
Go back to the Home page and try Logout, and Login with bad credentials and see what you get. I hope this project helps to tie up any loose ends, and helps answer any outstanding questions.
[...] can see a working example of this guide here. [...]
Just a note, the login/secret pages will not work in all of IE (I haven’t tested it extensively). Check out the following post to see what I am referring to:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200409.mbox/%3C414BC539.1010204@globalmentor.com%3E
In page Login.jspx
change de omit-xml-declaration = “true”/>
you need the value to true to work in Internet Explorer
Hello, very interesting… But I think if there is any way to customize authorization needs because I want to create some in runtime. the roles in xml file are so hard-coded…
Hi,
Thank for sharing your work.
I have nonetheless a remark.
One authenticated, if i browse to the login-page(http://localhost:8090/springsecurity/faces/login.jsf), it allows me to enter my credential still.
However, i am already logged.
Not convenience… Logic would expect to be redirected to default-target-url.
If you have a clean solution for this problem, i am taker…
You could hide the login link, use http://ocpsoft.com/prettyfaces/ to add a page-action that redirects to the home-page, or add logic in the page that displays a message like, “You are already logged in” instead of the login form (rendered=”#{loginBean.loggedIn}”). –loginBean is just an example … you’d have to find or make something that gives you the user’s logged in status.