Hi all,
I'm corrently managing security in my webapps with an session Bean
with user data, ad at top of every page something similar:
<c:if test="${ub.currentUser.isValid}">
<c:redirect url="login.jsf"/>
</c:if>
now, I'd like to use something more modern, and I'm investigating
securityContext and <security-constraint>
tags.
I created a web.xml section as is:
<security-constraint>
<web-resource-collection>
<web-resource-name>JSF pages</web-resource-name>
<url-pattern>*.jsf</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>desc</description>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsf</form-login-page>
<form-error-page>/invlevelpage.jsf</form-error-page>
</form-login-config>
</login-config>
But it doesn't work. I obtain and ampty page and the following error:
javax.servlet.ServletException: ExtensionsFilter not correctly
configured. JSF mapping missing. JSF pages not covered. Please see:
http://myfaces.apache.org/tomahawk/extensionsFilter.html
Obviously, extensionFilter is already defined since the application
exists. :-)
what's am I doing wrong ? and, more general question: is it the right
way to apply security to webapp ?
thanks to all,
--
Francesco Consumi
Ufficio Sistemi informativi
Istituto degli Innocenti
Piazza SS.Annunziata, 12
50122 Firenze
consumi at istitutodeglinnocenti.it
Tel. +39 055 2037320
ICQ# 12516133