Currently i want to refactor my project and remove the /faces/
from the urls. Reason is simple, that i want to avoid, that users can "remove" the faces part and see the source of the underlaying xhtml file.
I'm using Shiro for authentication. I'll first describe the prior situation (that worked) and now the new one, that's causing troubles.
Prior Situation:
web.xml:
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
shiro.ini
[urls]
/faces/index.xhtml = authc
/faces/pages/** = authc
/faces/templates/** = authc
/faces/resources/** = authc
Current Situation:
web.xml:
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
shiro.ini
[urls]
/index.xhtml = authc
/pages/** = authc
/templates/** = authc
/resources/** = authc
For people that might have still "faces" bookmarks, i added a filter, and doing this:
HttpServletRequest srequest = (HttpServletRequest) request;
HttpServletResponse sresponse = (HttpServletResponse) response;
String url = srequest.getRequestURI().trim();
System.out.println("Filtering url: " + url);
if (url.contains("/faces/")){
url = url.replace("/faces/", "/");
System.out.println("Redirecting to: " + url);
sresponse.setStatus(HttpResponseCodes.SC_MOVED_PERMANENTLY);
sresponse.sendRedirect(url);
}else{
//no filtering required, proceed with chain.
chain.doFilter(request, response);
}
Now, when i cleared the cache of the browser, and call http://localhost/project/login.xhtml
i receive a huge amount of attempts to find xhtml files inside the various resource folders:
12:27:46,735 INFO [stdout] (http--0.0.0.0-8090-6) Filtering url: /project/resources/css/login.xhtml
12:27:46,737 INFO [stdout] (http--0.0.0.0-8090-6) Filtering url: /project/resources/css/login.xhtml
12:27:46,836 INFO [stdout] (http--0.0.0.0-8090-6) Filtering url: /project/resources/js/login.xhtml
12:27:46,837 INFO [stdout] (http--0.0.0.0-8090-1) Filtering url: /project/resources/js/login.xhtml
...
which is obviously wrong. Switching back to the prior layout, but keeping the redirect filter does not cause any invalid requests.