All geek questions in one place

Welcome page is displayed without redirecting to the login page

I have the following web.xml file. I continued to welcome the page in the security check so that it redirects to the login page, but the welcome page is displayed without the user logging in. Is it correct? enter image description here

<welcome-file-list> <welcome-file>/GISPages/welcome.xhtml</welcome-file> </welcome-file-list> <resource-ref> <res-ref-name>jdbc/Gis_WebApp</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref> <security-constraint> <web-resource-collection> <web-resource-name>Protected Pages</web-resource-name> <url-pattern>/GISPages/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>registereduser</role-name> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>Live</realm-name> <form-login-config> <form-login-page>/login.xhtml</form-login-page> <form-error-page>/noauth.xhtml</form-error-page> </form-login-config> </login-config> <security-role> <role-name>registereduser</role-name> </security-role> <security-role> <role-name>admin</role-name> </security-role>
+4
source share
1 answer

Security restrictions protect the URL pattern, but in this case, because of the setup of the welcome file, your default URL will change to something like http: //: port / webcontext / and welcome.xhtml. If, according to the URL pattern, the secure URL must have a URL, for example, http: //: port / webcontext / GISPages / welcome.xhtml Since the URL pattern does not match the application server, display the contents of the page.

The only solution that worked for me is to check UserPrincipal in the prerender event

 <f:event type="preRenderComponent" listener="#{bean.forwardToLoginIfNotLoggedIn}" />

and redirect to login.xhtml if UserPrincipal returns null.

Sorry for opening the old thread. I recently ran into a similar problem, so I thought it might be useful for some.

+1
source

Source: https://habr.com/ru/post/1398218/

More articles:


All Articles