I want to protect these pages :
/utilisateur.*
/menugen.*
sniplet of my web.xml and it security section:
<web-app>
....
<welcome-file-list>
<welcome-file>index.jsf</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>
Prevent access to raw JSP pages that are for JSF
pages.
</display-name>
<web-resource-collection>
<web-resource-name>Raw-JSF-JSP-Pages</web-resource-name>
<!-- Add url-pattern for EACH raw JSP page -->
<url-pattern>/utilisateur.*</url-pattern>
<url-pattern>/menugen.*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>No roles, so no direct
access</description>
</auth-constraint>
</security-constraint>
</web-app>
When i directly type the URL :
http://localhost:9000/supLegerWebJSF/utilisateur.jsf
the page is shown !
what did i miss ?
JL PASTUREL
--
View this message in context:
http://www.nabble.com/how-i-protect-my-jsf-pages-from-direct-access-t1836501.html#a5012556
Sent from the MyFaces - Users forum at Nabble.com.
