My JSF form login was working with Constraint 1 however when I added Constraint 2 to my web.xml doing a submit on the form now takes me to a jsf javascript page. Can someone tell me what I am doing wrong? I'm hoping this is a quick configuration mistake.
I would like only administrators to be able to access the /admin/* pages and only registered users to access the entire site included admin files. BTW after I see the java script page I can still navigate to the intended page in the browser, I just don't want the user to see the intermediate js page or need to know the target page URL.
Constraint 1
<security-constraint>
<display-name>Admin</display-name>
<web-resource-collection>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
</security-constraint>
Constraint 2
<security-constraint>
<display-name>Users</display-name>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
Here is the undesired url I am being redirected to:
javax.faces.resource/jsf.js.xhtml?ln=javax.faces&stage=Development
Here is the start of the jsf.js.xhtml... which is displayed on Firefox
/**
@project JSF JavaScript Library
@version 2.0
@description This is the standard implementation of the JSF JavaScript Library.
*/
/**
* Register with OpenAjax
*/
if (typeof OpenAjax !== "undefined" &&
typeof OpenAjax.hub.registerLibrary !== "undefined") {
OpenAjax.hub.registerLibrary("jsf", "www.sun.com", "2.0", null);
}
// Detect if this is already loaded, and if loaded, if it's a higher version
if (!((jsf && jsf.specversion && jsf.specversion >= 20000 ) &&
(jsf.implversion && jsf.implversion >= 3))) {
...
On Internet Explorer 8.0.7 I get this popup
Notes
I'm using Firefox 10.0.4, IE 8.03, Glassfish 3.1 w JSF2.0 lib, j_security_check, and my login realm setup is similar to this