我有一个在 GlassFish 3 上构建的 JSF 2 Web 应用程序。我正在使用容器管理的安全性来处理登录。我的网络应用程序中的每个页面都需要安全。所有页面与登录页面一起位于根目录中。问题是当我输入一个 URL 以直接访问受保护的页面时,即使用户未登录,它也会显示。我希望我网站上的每个页面都受到保护,但登录页面除外,因此用户必须访问该站点通过这个登录页面。有什么想法为什么在用户未登录时它不阻止对其他页面的请求?
这是我的 web.xml 中的相关片段:
<welcome-file-list>
<welcome-file>index.jsf</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>EmployeeConstraint</display-name>
<web-resource-collection>
<web-resource-name>Pages</web-resource-name>
<description/>
<url-pattern>/home.jsf</url-pattern>
<url-pattern>/applicantHome.jsf</url-pattern>
<url-pattern>/assessmentFinished.jsf</url-pattern>
<url-pattern>/help.jsf</url-pattern>
<url-pattern>/memberInfo.jsf</url-pattern>
<url-pattern>/phrases1.jsf</url-pattern>
<url-pattern>/phrases2.jsf</url-pattern>
<url-pattern>/quotations1.jsf</url-pattern>
<url-pattern>/quotations2.jsf</url-pattern>
<!--url-pattern>/myProfile.jsf</url-pattern-->
</web-resource-collection>
<auth-constraint>
<role-name>Employee</role-name>
<role-name>Applicant</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>ApplicantConstraint</display-name>
<web-resource-collection>
<web-resource-name>Pages</web-resource-name>
<description/>
<url-pattern>/home.jsf</url-pattern>
<url-pattern>/applicantHome.jsf</url-pattern>
<url-pattern>/assessmentFinished.jsf</url-pattern>
<url-pattern>/help.jsf</url-pattern>
<url-pattern>/memberInfo.jsf</url-pattern>
<url-pattern>/phrases1.jsf</url-pattern>
<url-pattern>/phrases2.jsf</url-pattern>
<url-pattern>/quotations1.jsf</url-pattern>
<url-pattern>/quotations2.jsf</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<display-name>ReportsConstraint</display-name>
<web-resource-collection>
<web-resource-name>Pages</web-resource-name>
<description/>
<url-pattern>/reports.jsf</url-pattern>
<url-pattern>/indReport.jsf</url-pattern>
<url-pattern>/indReportResults.jsf</url-pattern>
<url-pattern>/groupReport.jsf</url-pattern>
<url-pattern>/cloneReport.jsf</url-pattern>
<url-pattern>/home.jsf</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<display-name>AdministratorConstraints</display-name>
<web-resource-collection>
<web-resource-name>Pages</web-resource-name>
<description/>
<url-pattern>/admin.jsf</url-pattern>
<url-pattern>/home.jsf</url-pattern>
<url-pattern>/applicantHome.jsf</url-pattern>
<url-pattern>/assessmentFinished.jsf</url-pattern>
<url-pattern>/cloneBuilder.jsf</url-pattern>
<url-pattern>/cloneBuilderMenu.jsf</url-pattern>
<url-pattern>/cloneBuilderRangeEditor.jsf</url-pattern>
<url-pattern>/cloneReport.jsf</url-pattern>
<url-pattern>/cloneReport.jsf</url-pattern>
<url-pattern>/groupReport.jsf</url-pattern>
<url-pattern>/help.jsf</url-pattern>
<url-pattern>/indReport.jsf</url-pattern>
<url-pattern>/indReportResults.jsf</url-pattern>
<url-pattern>/licenseManager.jsf</url-pattern>
<url-pattern>/management.jsf</url-pattern>
<url-pattern>/memberInfo.jsf</url-pattern>
<url-pattern>/phrases1.jsf</url-pattern>
<url-pattern>/phrases2.jsf</url-pattern>
<url-pattern>/quotations1.jsf</url-pattern>
<url-pattern>/quotations2.jsf</url-pattern>
<url-pattern>/reports.jsf</url-pattern>
<url-pattern>/userAdmin.jsf</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>PerProUserAuth</realm-name>
<form-login-config>
<form-login-page>/index.jsf</form-login-page>
<form-error-page>/index.jsf</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>Employee</role-name>
</security-role>
<security-role>
<description/>
<role-name>Applicant</role-name>
</security-role>
<security-role>
<description/>
<role-name>Administrator</role-name>
</security-role>
<security-role>
<description/>
<role-name>Reports</role-name>
</security-role>
<security-role>
<description/>
<role-name>Former Employee</role-name>
</security-role>