Primefaces 和 Spring 安全性:Ajax 侦听器未触发
Primefaces and Spring Security: Ajax listener not triggered
我正在使用 Primefaces 5.2 和 Spring-security 4.0.1 并使用 NetBeans IDE(所以 GlassFish 4.1),我尝试制作一个仪表板并动态添加 wiget。
为了将它部署在服务器上,我添加了一些安全性,这要归功于 Spring 安全性。目前,它是一些非常基本的东西,使用身份验证和默认过滤器。
所以,当我启动它(项目)时,我被正确地重定向到默认登录页面(我已经配置 Spring 使用 8181 端口,这是 GlassFish https 默认端口) , 我正常登录。
但是,从现在开始,当我将一个小部件从库区拖放到仪表板(实际上是字段集内输出面板内的数据网格)区时,没有任何反应。有和往常一样的动画(它消失了,没有回到图书馆区),但仪表板上没有小部件,即使我刷新页面。
如果我在 web.xml 上评论过滤器和过滤器映射部分,当然,没有重定向到登录页面和 https 协议,但小部件删除工作正常。
也可能是Ajax和Spring之间的问题(p:ajax里面的函数没有被调用)。有人有解决办法吗?
这是不同的代码部分(可能就足够了,如果缺少什么,请告诉我)
web.xml 文件
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>#{themeSwitcherBean.theme}</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>dashboard.xhtml</welcome-file>
</welcome-file-list>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- Loads Spring Security config file -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<!-- Spring Security (Disable drop????) -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- - Sample namespace-based configuration - -->
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/**" access="authenticated" requires-channel="https"/>
<intercept-url pattern="/resources/css" access="permitAll"/>
<!-- Page level Spring Security : Enable Primefaces -->
<intercept-url pattern="/javax.faces.resource/**" access="permitAll"/>
<!-- Default Configuration: Https port for Glassfish is 8181 and not 8443 like Tomcat (http:8080, administration:4848-->
<port-mappings>
<port-mapping http="8080" https="8181"/>
</port-mappings>
<form-login />
<logout />
<remember-me />
<!-- Uncomment to enable X509 client authentication support <x509 /> -->
<!-- Uncomment to limit the number of sessions a user can have -->
<session-management>
<concurrency-control max-sessions="100"
error-if-maximum-exceeded="true" />
</session-management>
</http>
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5" />
<user-service>
<!-- Some users -->
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
我的 xhtml 页面中的可放置标记
<p:droppable id ="d1" for="selectedWidgets" tolerance="touch" activeStyleClass="ui-state-highlight" datasource=":#{p:component('groupWidgets')}">
<p:ajax listener="#{widgetsTableBean.onDrop}" update="dropArea"/>
</p:droppable>
(selectedWidgets 是仪表板的字段集,dropArea 是 outputPanel)
函数调用p:ajax
public void onDrop(DragDropEvent ddEvent) {
Widget widget = ((Widget) ddEvent.getData());
this.selectedWidget = widget;
droppedWidgets.add(this.selectedWidget);
/*Test*/
System.out.println("drop: ");
for (int i = 0; i < droppedWidgets.size(); i++) {
System.out.println(droppedWidgets.get(i).getId());
}
}
我希望我已经说清楚了,提前感谢您的回答
在我的代码中尝试了一些修改并实现了更改仪表板语言的功能后,引发了 CSRF 错误(在请求参数“_csrf”或 [=19 上发现无效的 CSRF 令牌 'null' =] 'X-CSRF-TOKEN'.
我在我的 .xhtml 表单中添加了这个:
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
并且有效。谢谢大家。
我正在使用 Primefaces 5.2 和 Spring-security 4.0.1 并使用 NetBeans IDE(所以 GlassFish 4.1),我尝试制作一个仪表板并动态添加 wiget。
为了将它部署在服务器上,我添加了一些安全性,这要归功于 Spring 安全性。目前,它是一些非常基本的东西,使用身份验证和默认过滤器。
所以,当我启动它(项目)时,我被正确地重定向到默认登录页面(我已经配置 Spring 使用 8181 端口,这是 GlassFish https 默认端口) , 我正常登录。
但是,从现在开始,当我将一个小部件从库区拖放到仪表板(实际上是字段集内输出面板内的数据网格)区时,没有任何反应。有和往常一样的动画(它消失了,没有回到图书馆区),但仪表板上没有小部件,即使我刷新页面。
如果我在 web.xml 上评论过滤器和过滤器映射部分,当然,没有重定向到登录页面和 https 协议,但小部件删除工作正常。
也可能是Ajax和Spring之间的问题(p:ajax里面的函数没有被调用)。有人有解决办法吗?
这是不同的代码部分(可能就足够了,如果缺少什么,请告诉我)
web.xml 文件
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>#{themeSwitcherBean.theme}</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>dashboard.xhtml</welcome-file>
</welcome-file-list>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- Loads Spring Security config file -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<!-- Spring Security (Disable drop????) -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- - Sample namespace-based configuration - -->
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/**" access="authenticated" requires-channel="https"/>
<intercept-url pattern="/resources/css" access="permitAll"/>
<!-- Page level Spring Security : Enable Primefaces -->
<intercept-url pattern="/javax.faces.resource/**" access="permitAll"/>
<!-- Default Configuration: Https port for Glassfish is 8181 and not 8443 like Tomcat (http:8080, administration:4848-->
<port-mappings>
<port-mapping http="8080" https="8181"/>
</port-mappings>
<form-login />
<logout />
<remember-me />
<!-- Uncomment to enable X509 client authentication support <x509 /> -->
<!-- Uncomment to limit the number of sessions a user can have -->
<session-management>
<concurrency-control max-sessions="100"
error-if-maximum-exceeded="true" />
</session-management>
</http>
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5" />
<user-service>
<!-- Some users -->
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
我的 xhtml 页面中的可放置标记
<p:droppable id ="d1" for="selectedWidgets" tolerance="touch" activeStyleClass="ui-state-highlight" datasource=":#{p:component('groupWidgets')}">
<p:ajax listener="#{widgetsTableBean.onDrop}" update="dropArea"/>
</p:droppable>
(selectedWidgets 是仪表板的字段集,dropArea 是 outputPanel)
函数调用p:ajax
public void onDrop(DragDropEvent ddEvent) {
Widget widget = ((Widget) ddEvent.getData());
this.selectedWidget = widget;
droppedWidgets.add(this.selectedWidget);
/*Test*/
System.out.println("drop: ");
for (int i = 0; i < droppedWidgets.size(); i++) {
System.out.println(droppedWidgets.get(i).getId());
}
}
我希望我已经说清楚了,提前感谢您的回答
在我的代码中尝试了一些修改并实现了更改仪表板语言的功能后,引发了 CSRF 错误(在请求参数“_csrf”或 [=19 上发现无效的 CSRF 令牌 'null' =] 'X-CSRF-TOKEN'.
我在我的 .xhtml 表单中添加了这个:
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
并且有效。谢谢大家。