glassfish and faces security


G

gallasr

Hello,

Before I was programing pure JSP`s on Tomcat and recently I want to
switch to Glassfish and Java Server Faces.

I`m facing login confudion with faces on Glassfish

In the server admin I configure prefered realm "file" within that I
have defined a user.

Next using Netbeans created application and wanted to test security.
But no logon screen is called even it is defined.

<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>foo</web-resource-name>
<description/>
<url-pattern>/pages/secured/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/pages/logon.jsp</form-login-page>
<form-error-page>/pages/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>users</role-name>
</security-role>

As every request goes through faces servlet I`m not sure what should be
te correct <url-pattern> "/faces/pages/secured/*" or
"/pages/secured/*".

But with both url-patterns it is not functional and I`m always able to
access secured resource without authentication.

Any idea?

Regards
Robert.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top