Dario Cimafonte's Blog Software developer and human being


Integrating JSF and Spring Security

Just a quick hint.

If you are using Spring Web Flow you don't need to read this post. If unluckily you are not, you could find this informations useful.

In particular, if you are tackling form authentication with Spring Security (and no web flow) and you are missing a "principal" bean in the session scope, try this:

public class JsfAuthenticationSuccessHandler extends org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler {
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
        super.onAuthenticationSuccess(request, response, authentication);
            Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
            if (principal instanceof UserDetails) {
                ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
                externalContext.getSessionMap().put("principal", principal);


By the way, i was implementing a UserDetailsService and I was only interested in that kind of object; your case may be different.

Afterwards, in your security context XML file, instantiate and link the bean the the form-login tag:

<bean id="jsfAuthenticationSuccessHandler" class="com.acme.security.JsfAuthenticationSuccessHandler" />
            default-target-url="/" />


That's it!



In the end, I achieved the OCP Java Certification. The final score was a flattering 96%, so I had a pretty nice day.

Like most IT professionals, I don't believe a certification alone would prove your proficiency.

Nevertheless, it makes sense to me to certify a proficiency you achieved throughout many years of hands-on experience; and at the same time refining those skills that although not strictly necessary in your daily activities, would make you more efficient by reducing the time you spend at debugging or searching through the reference documentation.

Oracle Certified Professional - Java Progammer Exam Report

Afterwards, the testing center personnel asked me for my business card :-)


The Protected access level in Java

Just a quick refresher.

Provided they are in different packages, a superclass' protected member can't be accessed through a reference of the type "superclass". It can be through a reference of the child class or its subclasses, though.

A class "Child" can see a protected member in a superclass (say "Parent") located in a different package, only through a reference which happens to be declared as type Child or a subclass of Child.


package pkgA;
public class Parent {
  protected int secret = 42;

package pkgB;
public class Child extends Parent {
  public void go() {
    Grandchild refGrandchild = new Grandchild();
    Child refChild = refGrandchild;
    Parent refParent = refChild;
    System.out.println(refChild.secret); // Legal: accessing through inheritance
    System.out.println(refGrandchild.secret); // Legal: using a reference of a subclass type
    System.out.println(refParent.secret); // COMPILER ERROR: can't see b. refParent is of a superclass type  }
class Grandchild extends Child {

the code fragment should be self-explanatory.

Tagged as: No Comments

My team


Me and my colleagues

When you share a project with your colleagues, working hard from 9am - 7pm or more, eventually they become your life companions, and you get to share with them more than code: feelings, hopes, successes, and bad hair days.

Once a contract is coming to its natural end, you start to feel that something will still go on, and the project you're going to leave will always be a part of your life, along with your team mates.

Kudos to all of you guys, being a good professional is nothing without being a good team player, and you are both.


Using Spring 3 GenericConverter for domain objects

Spring 3 Formatters are a great way to deal with data parsing and presentation in a web application. In case you need, for a quick refresher you can have a look at the online reference guide.

The typical example you will find on the reference manuals concerns formatting dates and money, nevertheless formatters can be more flexible than that.

To put it simple, I wanted to bind a <form:select /> to a persistent entity, treating the object lookup (request phase) and the value/label extraction (rendering phase) as part of a generic conversion and binding process. This way I would be free of a tedious and repetitive task, also benefiting from the centralization of this cross-cutting concern.

The aforementioned entities had to be selected from the Hibernate-backed dropdown lists in my web application, showing countries, states, categories, etc.. each entity having a pair of String attributes named id and description., and specialised a base class called ListItem:

/* an abstract persistent entity */
public abstract class ListItem implements Serializable {
	private String id;
	private String description;
	/* getters and setters omitted */
public class Country extends ListItem {
public class State extends ListItem {
/* more specialized classes */

So I needed a way to handle the form binding for an entire class hierarchy of immutable objects, which happened to be depended on by other domain objects, this way:


High cohesion and encapsulation with enumerated types

In Java, enums are much more powerful than they are in other languages, and they're not always used as much as they could be.

When you need to deal with a fixed (and immutable) set of "values", well-known at design time, which can be represented or identified by a "label" - then the enumerations usually come in handy. But sometimes the label alone (and its ordinal position) is just not enough to describe the value, and we need to resort to or integrate it with something else.

Let's imagine we've got to code something simple, like the billing software for a Space Travel company bound to trips within the Solar System; our destinations will be:

public class Trip {
    public enum Planet {
        Mercury, Venus, Earth, Mars, Jupiter, Saturn, Uranus, Neptune


Put your JSF Client Behaviors in a JAR

In JavaServer Faces 2.0, ClientBehaviors are a great way to attach reusable bits of javascript code to HTML tags in a declarative way; among other things, this allows to mix pure javascript with bits of information coming straight from the server side. Here I'm going to assume that you already know how to write a ClientBehavior, otherwise have a look here.

To get an even more reusable code, I spent some time in order to packageĀ  my own client behaviours collection in a JAR.

Once set up your JAR project, if your java sources are located in a /src directory, create your resources directory as /src/META-INF

In this directory you're going to put two files:

  • whateveryouwant.taglib.xml
  • faces-config.xml

The former is a taglib definition file that must end with a .taglib.xml extension in order for the JSF framework to automatically locate it in the JAR.