Adding user role constraint redirects Browser to jsf.js script?
Posted
by
simgineer
on Stack Overflow
See other posts from Stack Overflow
or by simgineer
Published on 2012-06-20T21:05:52Z
Indexed on
2012/06/20
21:16 UTC
Read the original article
Hit count: 227
My JSF form login was working with Constraint 1 however when I added Constraint 2 to my web.xml doing a submit on the form now takes me to a jsf javascript page. Can someone tell me what I am doing wrong?
I would like only administrators to be able to access the /admin/* pages and only registered users to access the entire site included admin files. BTW after I see the java script page I can still navigate to the intended page in the browser, I just don't want the user to see the intermediate js page or need to know the target page URL.
Constraint 1
<security-constraint>
<display-name>Admin</display-name>
<web-resource-collection>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
</security-constraint>
Constraint 2
<security-constraint>
<display-name>Users</display-name>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
Here is the undesired url I am being redirected to:
javax.faces.resource/jsf.js.xhtml?ln=javax.faces&stage=Development
Here is the start of the jsf.js.xhtml...
/**
@project JSF JavaScript Library
@version 2.0
@description This is the standard implementation of the JSF JavaScript Library.
*/
/**
* Register with OpenAjax
*/
if (typeof OpenAjax !== "undefined" &&
typeof OpenAjax.hub.registerLibrary !== "undefined") {
OpenAjax.hub.registerLibrary("jsf", "www.sun.com", "2.0", null);
}
// Detect if this is already loaded, and if loaded, if it's a higher version
if (!((jsf && jsf.specversion && jsf.specversion >= 20000 ) &&
(jsf.implversion && jsf.implversion >= 3))) {
...
Notes
I'm using Firefox 10.0.4, Glassfish 3.1 w JSF2.0 lib, j_security_check, and my login realm setup is similar to this
© Stack Overflow or respective owner