0

My JSF form login was working with Constraint 1 however when I added Constraint 2 to my web.xml doing a submit on the form now takes me to a jsf javascript page. Can someone tell me what I am doing wrong? I'm hoping this is a quick configuration mistake.

I would like only administrators to be able to access the /admin/* pages and only registered users to access the entire site included admin files. BTW after I see the java script page I can still navigate to the intended page in the browser, I just don't want the user to see the intermediate js page or need to know the target page URL.

Constraint 1

<security-constraint>
    <display-name>Admin</display-name>
    <web-resource-collection>
        <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ADMIN</role-name>
    </auth-constraint>
</security-constraint>

Constraint 2

<security-constraint>
    <display-name>Users</display-name>
    <web-resource-collection>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>USER</role-name>
    </auth-constraint>
</security-constraint>

Here is the undesired url I am being redirected to:

javax.faces.resource/jsf.js.xhtml?ln=javax.faces&stage=Development

Here is the start of the jsf.js.xhtml... which is displayed on Firefox

/**
 @project JSF JavaScript Library
 @version 2.0
 @description This is the standard implementation of the JSF JavaScript Library.
 */

/**
 * Register with OpenAjax
 */
if (typeof OpenAjax !== "undefined" &&
    typeof OpenAjax.hub.registerLibrary !== "undefined") {
    OpenAjax.hub.registerLibrary("jsf", "www.sun.com", "2.0", null);
}

// Detect if this is already loaded, and if loaded, if it's a higher version
if (!((jsf && jsf.specversion && jsf.specversion >= 20000 ) &&
      (jsf.implversion && jsf.implversion >= 3))) {

...

On Internet Explorer 8.0.7 I get this popup

js_popup

Notes

I'm using Firefox 10.0.4, IE 8.03, Glassfish 3.1 w JSF2.0 lib, j_security_check, and my login realm setup is similar to this

4

1 回答 1

0

尝试添加

<intercept-url pattern="/javax.faces.resource/**" access="hasRole('ROLE_ANONYMOUS')"/>

到您的security.xml。请参阅下面的评论接受答案JSF with Spring security - 登录后重定向到指定页面

于 2013-04-23T13:02:33.757 回答