问题
Is it possible to integrate Spring Security 3 and JSF 2, keeping JSF working as default, instead of show the new url when the user navigates, keep the old url, without using the redirect JSF attribute to navigate through pages?
I can't found documentation about this. All articles I found the author redirect the page when navigate.
Thanks
回答1:
By default the FilterSecurityInterceptor will only execute once-per-request and doesn't do security re-checking unless there is change in the url but with JSP/JSF forwards the page is rendered as a response to the current request and the url in the browser contains the address of the previous page. So for this just set once-per-request attribute to false in your http element in applicationContext thus forcing security rechecking.
<http auto-config="true" use-expressions="true" once-per-request="false">
and add a dispatcher for forwards in springSecurityFilterChain filter-mapping in your web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
More info
Alternatively, you can also enable page redirection by appending the parameter faces-redirect=true to the outcome like this:
<h:form>
<h:commandButton action="page1?faces-redirect=true" value="Page1" />
</h:form>
But do also remember that in your case GET request looks more appropriate and as BalusC says its not good practice to use POST for bookmarkable page-to-page navigation.
So do GET using <h:link> or <h:button>or faces-redirect=true also causes a GET request.
Also see:
when-should-i-use-houtputlink-instead-of-hcommandlink
Post-Redirect-Get pattern
来源:https://stackoverflow.com/questions/11283098/spring-security-3-and-jsf-2-integration-without-redirecting-page