39 thoughts on “Integrating Spring Security with ExtJS Login Page

  1. a perfect mix, this tools (framework spring + extjs) is a interesting experience to work.
    thanks a good tutorial

  2. Its working..cool :)
    Anyway how if I use username and password taken from database?

    Any solutions?

  3. Hi, I’ve got a situation, my security xml isn’t configured like yours ‘cuz has it was created in another project where the client side wasn’t ext js.
    Would you help me
    thanks

  4. Nice tutorial and very helpful!

    I tried it and it works well, just have several questions though:
    1. My login page is login.html, my main page is main.html, how can I make it redirect to login.html even if I type “http://…/main.html” in browser? Now I still can access main.html without login.

    2. The username and password can be seen from firebug when click login button. Is there any way to make it safe and invisible?

    3. If I use my own ajax call to handle authentication, for example, use “url: ‘myAuthen.ajax’ instead of url:’j_spring_security_check’ in login.js file, does it make sense to use Spring security? How could I integrate that?

  5. Thanks for answer Loiane, but I’m already solve the problem. The thing is that I was using a preconfigured security module over spring, I adapted to my needs, but the thing was around you were talking at the beginning of your article, when the user logged in the system, redirection fails. But I put at the javascript in the success function part this:
    location.href = ‘home.htm'; //Main page request
    and problem solved
    Thanks very much
    PS: Your article was very useful to me. Thanks again

  6. Muito obrigado, você viu como implementar a permissão para inserir, alterar, excluir?.
    Você tem algum exemplo sobre isso?

    Muito obrigado mais uma vez, Yamina

  7. Hi Loiane,

    I use Spring Security3.x with ExtJS, and I find that much changes from 2.x. Your code can’t be use driectly,
    do you have any idea?

  8. Thanks for a great tutorial and source code.
    It was a great help on a project I’m working on.

  9. moring Loiane,recently,I am writing a project with extjs and spring security ,what now i am facing to is if the user input a wrong username or password i was asked to give the user a due with chinese,what should i do?i found spring security provides some properties which is used to record the dues ,but i don’t know where spring securoty call them! any of your advices will help!thanks in advance!

  10. Hi Loiane,

    I am running this project but I got exception, Please help me fix it.

    WARNING: StandardWrapperValve[default]: PWC1406: Servlet.service() for servlet default threw exception
    java.lang.IllegalStateException
    at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:522)
    at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:170)
    at org.springframework.security.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendRedirect(HttpSessionContextIntegrationFilter.java:507)
    at org.springframework.security.util.RedirectUtils.sendRedirect(RedirectUtils.java:60)
    at org.springframework.security.ui.AbstractProcessingFilter.sendRedirect(AbstractProcessingFilter.java:352)
    at org.springframework.security.ui.AbstractProcessingFilter.successfulAuthentication(AbstractProcessingFilter.java:386)
    at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:273)
    at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
    at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:277)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
    at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
    at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:325)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:226)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
    at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
    at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
    at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
    at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
    at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
    at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
    at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
    at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
    at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
    at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
    at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
    at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
    at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
    at java.lang.Thread.run(Thread.java:637)

    Thanks.

    Thang Nguyen

  11. Spent AGES trying to get this adapted to Spring Security 3. It seems as though a number of things have changed, namely:

    * applicationContext-security.xml *

    now looks something like:

    and * MyAuthenticationProcessingFilter * looks a bit like:

    public class MyAuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter {

    @Override
    protected void successfulAuthentication(HttpServletRequest request,
    HttpServletResponse response, Authentication authResult)
    throws IOException, ServletException {

    //create a blank redirect strategy to prevent Spring automatically returning
    // page content in the output stream.
    SavedRequestAwareAuthenticationSuccessHandler srh = new SavedRequestAwareAuthenticationSuccessHandler();
    this.setAuthenticationSuccessHandler(srh);
    srh.setRedirectStrategy(new RedirectStrategy() {
    @Override
    public void sendRedirect(HttpServletRequest httpservletrequest,
    HttpServletResponse httpservletresponse, String s) throws IOException {
    //do nothing, no redirect
    }
    });
    super.successfulAuthentication(request, response, authResult);

    HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper(response);
    Writer out = responseWrapper.getWriter();
    out.write(“{success:true}”);
    out.close();
    }
    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request,
    HttpServletResponse response, AuthenticationException failed)
    throws IOException, ServletException {

    HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper(response);
    Writer out = responseWrapper.getWriter();
    out.write(“{success: false, errors: ‘” + failed.getMessage() + “‘}”);
    out.close();

    }
    }

    Noting the implementation of the RedirectStrategy – otherwise Spring by default does a redirect, destroying your ‘success’ JSON response and causing a script error in IE. Seems to be ignored by Firefox, though.

  12. Jon,

    I’d appreciate a copy of your applicationContext-security.xml changes for Spring Security 3 as well!

    If you can mail them to me at this address, I’d appreciate it!
    bsub[at]brianvillanueva.net

    Thanks,
    Brian

  13. ‘Spent AGES trying to get this adapted to Spring Security 3. It seems as though a number of things have changed, namely:

    * applicationContext-security.xml *

    now looks something like:’

    thanks Jon, u definitely saved my ass 😀

  14. My 2 cents :)
    For spring-security 3.0.x, just use AuthenticationFailureHandler and AuthenticationSuccessHandler :)

  15. Hi,

    I am facing a issue with your project (location : http://github.com/loiane/spring-security-extjs-login”).

    After i logout, the session should end rite!!
    but, it is not ending, i am able to access main.action page of your application.
    Please let me know about the solution. 
    thank you!!!!:)

  16. Pingback: extjstutorial.org
  17. Hi Loiane,

    I am new to extjs and springframework. after run this tutorial I got the following error…  Please help me to fix it up. Bellow I place the console output…. Please help me… I am waiting…

    8/05/2011 17:49:12 com.springsource.insight.tcserver.WeavingHelper findRepositoriesForClassPathINFO: file:/C:/springsource/tc-server-developer-2.1.1.RELEASE/spring-insight-instance/insight/collection-plugins/insight-collection-1.0.0.RELEASE.jar: aspects will be woven into the main Tomcat classloader8/05/2011 17:49:12 com.springsource.insight.tcserver.WeavingHelper findRepositoriesForClassPathINFO: file:/C:/springsource/tc-server-developer-2.1.1.RELEASE/spring-insight-instance/insight/collection-plugins/insight-plugin-jdbc-1.0.0.RELEASE.jar: aspects will be woven into the main Tomcat classloader8/05/2011 17:49:12 com.springsource.insight.tcserver.WeavingHelper findRepositoriesForClassPathINFO: file:/C:/springsource/tc-server-developer-2.1.1.RELEASE/spring-insight-instance/insight/collection-plugins/insight-plugin-tomcat-1.0.0.RELEASE.jar: aspects will be woven into the main Tomcat classloaderASPECTJ: aspectj.overweaving=true: overweaving switched ON8/05/2011 17:49:13 com.springsource.tcserver.security.PropertyDecoder INFO: tc Runtime property decoder using memory-based key8/05/2011 17:49:13 com.springsource.tcserver.security.PropertyDecoder INFO: tcServer Runtime property decoder has been initialized in 342 ms8/05/2011 17:49:14 com.springsource.tcserver.serviceability.rmi.JmxSocketListener initINFO: Started up JMX registry on 127.0.0.1:6969 in 185 ms8/05/2011 17:49:14 org.apache.coyote.http11.Http11Protocol initINFO: Initializing Coyote HTTP/1.1 on http-80808/05/2011 17:49:14 org.apache.catalina.startup.Catalina loadINFO: Initialization processed in 1392 ms8/05/2011 17:49:14 org.apache.catalina.core.StandardService startINFO: Starting service Catalina8/05/2011 17:49:14 org.apache.catalina.core.StandardEngine startINFO: Starting Servlet Engine: SpringSource tc Runtime 2.1.1.RELEASE/6.0.29.C.RELEASE8/05/2011 17:49:14 org.apache.catalina.startup.HostConfig deployDescriptorINFO: Deploying configuration descriptor CoreCPM.xml8/05/2011 17:49:15 org.apache.catalina.core.StandardContext listenerStartSEVERE: Error configuring application listener of class org.springframework.web.context.ContextLoaderListenerjava.lang.ClassNotFoundException: org.springframework.web.context.ContextLoaderListener at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1645) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1491) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4078) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4630) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:568) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1282) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:807) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445) at org.apache.catalina.core.StandardService.start(StandardService.java:519) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:581) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)8/05/2011 17:49:15 org.apache.catalina.core.StandardContext listenerStartSEVERE: Skipped installing application listeners due to previous error(s)8/05/2011 17:49:15 org.apache.catalina.core.StandardContext startSEVERE: Error listenerStart8/05/2011 17:49:15 org.apache.catalina.core.StandardContext startSEVERE: Context [/CoreCPM] startup failed due to previous errors2011-05-08 17:49:23,975 WARN  [net.sf.ehcache.hibernate.AbstractEhcacheProvider][main] – A configurationResourceName was set to /META-INF/ehcache.xml but the resource could not be loaded from the classpath.Ehcache will configure itself using defaults.2011-05-08 17:49:24,374 WARN  [org.hibernate.cache.impl.bridge.EntityRegionAdapter][main] – read-only cache configured for mutable entity [com.springsource.insight.repo.metric.persist.PersistedMetric]2011-05-08 17:49:24,382 WARN  [org.hibernate.cache.impl.bridge.EntityRegionAdapter][main] – read-only cache configured for mutable entity [com.springsource.insight.repo.tag.persist.PersistedTag]2011-05-08 17:49:28,121 WARN  [org.springframework.jmx.support.JmxUtils][main] – Found more than one MBeanServer instance. Returning first from list.[TomcatWeavingInsightClassLoader@1142653] warning ignoring duplicate definition: jar:file:/C:/springsource/tc-server-developer-2.1.1.RELEASE/spring-insight-instance/insight/collection-plugins/insight-plugin-jdbc-1.0.0.RELEASE.jar!/META-INF/aop.xml[TomcatWeavingInsightClassLoader@1142653] warning ignoring duplicate definition: jar:file:/C:/springsource/tc-server-developer-2.1.1.RELEASE/spring-insight-instance/insight/collection-plugins/insight-collection-1.0.0.RELEASE.jar!/META-INF/aop.xml[TomcatWeavingInsightClassLoader@1142653] warning ignoring duplicate definition: jar:file:/C:/springsource/tc-server-developer-2.1.1.RELEASE/spring-insight-instance/insight/collection-plugins/insight-plugin-jdbc-1.0.0.RELEASE.jar!/META-INF/aop-ajc.xml[TomcatWeavingInsightClassLoader@1142653] warning ignoring duplicate definition: jar:file:/C:/springsource/tc-server-developer-2.1.1.RELEASE/spring-insight-instance/insight/collection-plugins/insight-plugin-tomcat-1.0.0.RELEASE.jar!/META-INF/aop-ajc.xml[TomcatWeavingInsightClassLoader@1142653] warning ignoring duplicate definition: jar:file:/C:/springsource/tc-server-developer-2.1.1.RELEASE/spring-insight-instance/insight/collection-plugins/insight-collection-1.0.0.RELEASE.jar!/META-INF/aop-ajc.xmlASPECTJ: aspectj.overweaving=true: overweaving switched ON

    1. Hi Tanvir,
      It is missing a jar file on your classpath.
      Please get all the jar files from the sample project and it should work.
      Thanks!

  18. Thanks for the tutorials, i followed these.

    please provide a guide to use Extjs 3.2 with struts2. I tried to do a login like the above using struts2.But i’m stuck on forwarding the success to a jsp page. When i click login it goes to action class ,but it’s not redirecting to the other page. it will be helpful, if you can give a guide for struts2+Extjs

  19. Pingback: JavaPins

Comments are closed.