Geek Answers Handbook

How to use Spring Security Facelets tag library in JSF

I want to use the Spring Facelets security tag library to protect the components of my interface. on JSF 2 pages

I have the following dependencies for spring security version 3.0.5:

<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>${spring-security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring-security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring-security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>${spring-security.version}</version> </dependency>

i configured applicationSecurity.xml to make spring secure login, and it works fine with UserDetailsService and when trying to add a security definition:

 <html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:ice="http://www.icesoft.com/icefaces/component" xmlns:pretty="http://ocpsoft.com/prettyfaces" xmlns:sec="http://www.springframework.org/security/tags">

and when I started the application, I received the following error:

 Warning: This page calls for XML namespace http://www.springframework.org/security/tags declared with prefix sec but no taglibrary exists for that namespace.

Link: http://static.springsource.org/spring-security/site/petclinic-tutorial.html

please inform.

+7
source share
3 answers

You will need to add springsecurity.taglib.xml as mentioned here:

http://docs.spring.io/autorepo/docs/webflow/2.3.x/reference/html/spring-faces.html#spring-faces-security-taglib

and you must have org.springframework.faces jar in your classpath in order to use it.

then use security tags as follows:

 <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional/<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <ui:composition xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:sec="http://www.springframework.org/security/tags">

Reference

+9
source

Successfully implemented:

In addition to your normal Spring security dependencies, you will need the following two additional Maven dependencies

  <dependency> <groupId>org.springframework.webflow</groupId> <artifactId>spring-faces</artifactId> <version>2.4.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>3.2.6.RELEASE</version> </dependency>

in your POM file.

For JSF 2, save the following as / WEB -INF / springsecurity.taglib.xml

 <?xml version="1.0"?> <!DOCTYPE facelet-taglib PUBLIC "-//Sun Microsystems, Inc.//DTD Facelet Taglib 1.0//EN" "http://java.sun.com/dtd/facelet-taglib_1_0.dtd"> <facelet-taglib> <namespace>http://www.springframework.org/security/tags</namespace> <tag> <tag-name>authorize</tag-name> <handler-class>org.springframework.faces.security.FaceletsAuthorizeTagHandler</handler-class> </tag> <function> <function-name>areAllGranted</function-name> <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class> <function-signature>boolean areAllGranted(java.lang.String)</function-signature> </function> <function> <function-name>areAnyGranted</function-name> <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class> <function-signature>boolean areAnyGranted(java.lang.String)</function-signature> </function> <function> <function-name>areNotGranted</function-name> <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class> <function-signature>boolean areNotGranted(java.lang.String)</function-signature> </function> <function> <function-name>isAllowed</function-name> <function-class>org.springframework.faces.security.FaceletsAuthorizeTagUtils</function-class> <function-signature>boolean isAllowed(java.lang.String, java.lang.String)</function-signature> </function> </facelet-taglib>

Register the above file in web.xml:

 <context-param> <param-name>javax.faces.FACELETS_LIBRARIES</param-name> <param-value>/WEB-INF/springsecurity.taglib.xml</param-value> </context-param>

It will not allow the warning about the existence of taglibrary and you are now ready to use the tag library in your views. You can use the authorize tag to include embedded content conditionally:

 <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <ui:composition xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:sec="http://www.springframework.org/security/tags"> <sec:authorize ifAllGranted="ROLE_FOO, ROLE_BAR"> Lorem ipsum dolor sit amet </sec:authorize> <sec:authorize ifNotGranted="ROLE_FOO, ROLE_BAR"> Lorem ipsum dolor sit amet </sec:authorize> <sec:authorize ifAnyGranted="ROLE_FOO, ROLE_BAR"> Lorem ipsum dolor sit amet </sec:authorize> </ui:composition>

LINK: https://docs.spring.io/spring-webflow/docs/2.3.x/reference/html/spring-faces.html#spring-faces-security-taglib

+12
source

It's not as easy with JSF as it is with Spring MVC ...

But you can find a way to do this in this error report

https://jira.springsource.org/browse/SWF-1333

last post by Rossen Stoyanchev

+3
source

More articles:


All Articles