G
gallasr
Hello,
Before I was programing pure JSP`s on Tomcat and recently I want to
switch to Glassfish and Java Server Faces.
I`m facing login confudion with faces on Glassfish
In the server admin I configure prefered realm "file" within that I
have defined a user.
Next using Netbeans created application and wanted to test security.
But no logon screen is called even it is defined.
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>foo</web-resource-name>
<description/>
<url-pattern>/pages/secured/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/pages/logon.jsp</form-login-page>
<form-error-page>/pages/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>users</role-name>
</security-role>
As every request goes through faces servlet I`m not sure what should be
te correct <url-pattern> "/faces/pages/secured/*" or
"/pages/secured/*".
But with both url-patterns it is not functional and I`m always able to
access secured resource without authentication.
Any idea?
Regards
Robert.
Before I was programing pure JSP`s on Tomcat and recently I want to
switch to Glassfish and Java Server Faces.
I`m facing login confudion with faces on Glassfish
In the server admin I configure prefered realm "file" within that I
have defined a user.
Next using Netbeans created application and wanted to test security.
But no logon screen is called even it is defined.
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>foo</web-resource-name>
<description/>
<url-pattern>/pages/secured/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/pages/logon.jsp</form-login-page>
<form-error-page>/pages/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>users</role-name>
</security-role>
As every request goes through faces servlet I`m not sure what should be
te correct <url-pattern> "/faces/pages/secured/*" or
"/pages/secured/*".
But with both url-patterns it is not functional and I`m always able to
access secured resource without authentication.
Any idea?
Regards
Robert.