Alin,
Please see [1]. I hope you find a solution that fits your needs.
[1] http://www.jsfcentral.com/listings/A92000?link
(When I click this link, I get a message from yahoo groups about
cookies, but if I then click the "try again" link, I see the article)
Regards,
Jeff Bischoff
Kenneth L Kurz & Associates, Inc.
Alin Dosoniu wrote:
Hi Jeff,
Can you give me some ideas about how you use phase listener for
security? Or give me a link for more details.
Thank you,
Alin.
> I tried to modify the jsp-examples/security/protected example from
> Tomcat to see if the same problem appears with plain jsp. It does not
> appear.
Hmm, interesting...
I'm afraid I can't speak to that myself, as we use a phase listener
for security.
Is anyone here using the built-in FORM security model with Tomcat?
Alin Dosoniu wrote:
Hi Jeff,
Thank you for your quick answer.
Let me tell you more details about my application.
So, I use Tomcat and as security I have configured the FORM method.
The security constraint just say that under /app/* there is a
protected area and only "user" and "admin" users are allowed. There
are /error.jsp and /login.jsp pages used by authentication system.
In my application I have a commandLink like this
<h:commandLink id="logout_link" action="go_firstpage"
styleClass="header_right" >
<h:outputText value="#{msg['log_out']}"/>
<f:actionListener
type="app.listeners.LogOutListener"></f:actionListener>
</h:commandLink>
Navigation setting for go_firstpage is like this
<navigation-case>
<from-outcome>go_firstpage</from-outcome>
<to-view-id>/app/index.jsp</to-view-id>
</navigation-case>
/app/index.jsp only makes a sendRedirect to a page ending in jsf..
(main.jsf).
The navigation rule starts like this
<navigation-rule>
<from-view-id>*</from-view-id>
This is what I do in LogOutListener's processAction method:
FacesContext facesContext = FacesContext.getCurrentInstance();
HttpSession httpSession =
((HttpSession)facesContext.getExternalContext().getSession(false));
httpSession.invalidate();
I tried to modify the jsp-examples/security/protected example from
Tomcat to see if the same problem appears with plain jsp. It does not
appear.
Thanks in advanced,
Alin.
