Container managed authentication (CMA) only supports path-based or
extension-based mappings. That means the following works:
/directory/* (path-based)
*.jsp (extension-based)
And that's it. For this reason, I recommend using something like
Acegi Security or SecurityFilter - they're much more flexible.
Matt
On 6/23/06, sarma <[EMAIL PROTECTED]> wrote:
I want to protect these pages :
/utilisateur.*
/menugen.*
sniplet of my web.xml and it security section:
<web-app>
....
<welcome-file-list>
<welcome-file>index.jsf</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>
Prevent access to raw JSP pages that are for JSF
pages.
</display-name>
<web-resource-collection>
<web-resource-name>Raw-JSF-JSP-Pages</web-resource-name>
<!-- Add url-pattern for EACH raw JSP page -->
<url-pattern>/utilisateur.*</url-pattern>
<url-pattern>/menugen.*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>No roles, so no direct
access</description>
</auth-constraint>
</security-constraint>
</web-app>
When i directly type the URL :
http://localhost:9000/supLegerWebJSF/utilisateur.jsf
the page is shown !
what did i miss ?
JL PASTUREL
--
View this message in context:
http://www.nabble.com/how-i-protect-my-jsf-pages-from-direct-access-t1836501.html#a5012556
Sent from the MyFaces - Users forum at Nabble.com.
