Hi Cristi, that's a problem with all server-side technologies which use a "forward" to go to the next page (a forward is not reflected in the URL, only a redirect is). So it is not a specific facelets problem, not even a JSF problem...
This evaluation already points to the solution: you can either use "<redirect/>" elements in your faces-config.xml file whenever you cross the boundary between secured and not secured pages, or, second solution, you decorate the JSF view-handler. The view-handler is where the view to be rendered is determined, and in the view-handler you can make sure that the final page will not be rendered if it is secured (you can also forward to the login-page there). regards, Martin On 11/14/06, Cristi Toth <[EMAIL PROTECTED]> wrote:
Hi, I'm trying to secure a Facelets application with Acegi Security The problem is that with facelets the URL rendered is that of the previous page, not the current one so Acegi checks for authorization rights for the previous page this way I can see a "secured" page and Acegi will give a "access denied" only when I leave the page please help! Cristi Toth
-- http://www.irian.at Your JSF powerhouse - JSF Consulting, Development and Courses in English and German Professional Support for Apache MyFaces
