Ok, is there a similar way to solve this when using security-constraint (and not security-filter)? The only settings I can see for security-constraint is related to the http-method on which to apply to security (post, get, put)..
Or is the solution to start to use a security-filter instead? :) Thanks for your answer anyway! Eivind ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 24. april 2007 08:33 To: [email protected] Subject: RE: Authentication doesn't trigger when using navigation rules ?? Hei This is because this happens ( the rendering of the page) on the way out. You need to set: <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> on your filter definition of your security definition This is a well known issue with JSF. Remember that you are not requesting a page, but posting a submit. The respons to that submit is rendering of some page. Hermod -----Original Message----- From: Rønnevik, Eivind [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 8:16 AM To: MyFaces Discussion Subject: Authentication doesn't trigger when using navigation rules ?? Hi! In my application I have some jsp's that are "public", others are protected. In my web.xml I have specified FORM as auth-method like this: <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/WEB-INF/jsp/Login.faces</form-login-page> <form-error-page>/WEB-INF/jsp/LoginFailed.faces</form-error-page> </form-login-config> </login-config> And my security constraint is set like this: <web-resource-name>PROTECTED AREA</web-resource-name> <url-pattern>/jsp/protected/*</url-pattern> If I try to access a page that is within the protected folder by entering the url in my browser, login triggers, I'm forwarded to the login-page and everything is fine. But if I use navigation rules, and from an actionString returned by one of my public pages set a navigation rule to a protected page, the login does not trigger.. <navigation-rule> <navigation-case> <from-outcome>doLogin</from-outcome> <to-view-id>/jsp/protected/login.jsp</to-view-id> </navigation-case> </navigation-rule> Why is this? :) Regards, Eivind Roennevik * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * This email with attachments is solely for the use of the individual or entity to whom it is addressed. Please also be aware that the DnB NOR Group cannot accept any payment orders or other legally binding correspondence with customers as a part of an email. This email message has been virus checked by the anti virus programs used in the DnB NOR Group. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
