It's not a secret anymore!*
The moose likes JSF and the fly likes Faces URL pattern Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "Faces URL pattern" Watch "Faces URL pattern" New topic
Author

Faces URL pattern

Josh Reeves
Greenhorn

Joined: Oct 03, 2005
Posts: 10
Hi,

Here're my Qs (sorry, if banal to some):
1. if faces servlet has the following mapping:


respectively, welcome-file should look:



then, by the same pattern form-login-config should look like:


Well, this doesn't work. So, how form-login-config should look like?

2. Why servlet mapping can't simply be:


Thanks a lot!
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

You'll need to give us the details on "it won't work". What happens? Do you get an error message? Does it render anything? Also, it helps to know what JSF RI you are using and how you are typing the page request as the URL in the web browser.


GenRocket - Experts at Building Test Data
Josh Reeves
Greenhorn

Joined: Oct 03, 2005
Posts: 10
Thank you for getting back, Gregg.

Won't work means that myEclipse marks



as invalid, stating that it should start off the root:
<form-login-page>/pages/security/login.jsp</form-login-page>

I'm trying to build it against RI (jsf1.1).

Hope that helps.

Many thanks!
Josh Reeves
Greenhorn

Joined: Oct 03, 2005
Posts: 10
... besides, Exadel feels the same: it's not a facet-valid value.
On the same token: should



have faces prepending the URL?
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

Well, the form-login-page does need a prefix of /

That tag looks for a page starting with your application context. As far as your welcome file, it won't work no matter what you do. The welcome file won't get processed by the FacesServlet. What I do is have it go to index.jsp and the contents of that page is:


At last but not least, you need to not rely so much on what the IDE is telling you. You might have found your problems sooner had you actually deployed the app and tested it. Just because the IDE doesn't like the syntax doesn't alway make it wrong, although it was a bit in your case today.
Josh Reeves
Greenhorn

Joined: Oct 03, 2005
Posts: 10
So, let me summarize:

with /faces/* mapping the following SHOULD have faces
prepended:
1. welcome-page
2. web-resource-collection -> url-pattern

These shuoldn't:

1. form-login-page

Correct?

(BTW, prior to adding faces to welcome-page URL it was reported as not found.)

Subsequent Qs:
1. How can I acheeve the same (as you proposed for index.jsp) without a
scriplet?
2. Does it make sense to have more than 1 servlet mapping?

Thank you!
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6



Will look for the page located at

http://localhost:8080/appname/faces/pages/security/login.jsp

1. How can I acheeve the same (as you proposed for index.jsp) without a
scriplet?


I do not know of a way except using JSTL's redirect tag.

2. Does it make sense to have more than 1 servlet mapping?

You can have as many as you want? Why do you want more than 1?
Josh Reeves
Greenhorn

Joined: Oct 03, 2005
Posts: 10

2. Does it make sense to have more than 1 servlet mapping?
Why do you want more than 1?


That was my Q, actually.

No, "security" doesn't work. What do I need to submit for your review to
get an expert review? Can I attach a zip to somewhere?

Many thanks, Gregg!
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

First, let's start with exactly what you are trying to do and with what tools.

So from the looks of things I would guess that you are using container managed security. What container? (Tomcat, Resin, etc)?

And next, just explain to me what the process is you are looking to achieve. To be honest, I don't use container managed security and I am not 100% sure on how well JSF fits in with it. I'd asume it should work ok, but with the j_security_check I am not sure how/if that hits the FacesServlet or not. We might have to do a bit of research on that.

So let's start there and continue.
[ October 03, 2005: Message edited by: Gregg Bolinger ]
Josh Reeves
Greenhorn

Joined: Oct 03, 2005
Posts: 10
Morning, Gregg!

Yes, the purpose of the exercise is to see how faces could be blended into CMS. If you have reservations (CMS itself or faces & CMS) - spill it.
Container is Tom 5.5.9 configured for JDBC realm.

A couple of Q remained, though:
1. Why servlet mapping can't just be /* ?
2. What might be (if any) the reason to have multiple mappings?

Later,
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

1. Why servlet mapping can't just be /* ?

Technically, it can be. I just don't know how that all works with CMS.

2. What might be (if any) the reason to have multiple mappings?

I see no reason for multiple mappings UNLESS you ever need a reason to completely bypass the FacesServlet.

As far as my opinion on CMS, I'll just point this this very thread. Also, what happens when you need to move your app to run under Resin or Websphere? The app itself won't change, but the config for CMS will. Some people will argue that is negligable. I personally think it's a pain. I find that using a ServletFilter that handles all your security works 100% no matter what container and no matter what framework.

I use the *.jsf mapping for my JSF pages. I seperate protected content into folders. For example, guest pages that don't require login are always on the root. User priveleged pages are usually under a user folder. Admin pages, admin folder. My SecurityFilter just looks at the request and decides whether or not to go ahead and forward the page on. Filters are always hit before servlets.

I handle all roles either in the managed bean or via EL in the JSF page itself. For example, I typically have a User class that has a getRole method. This method does not query the database because the value of role is populated when the user logs in. So I can just check that method in EL.
Josh Reeves
Greenhorn

Joined: Oct 03, 2005
Posts: 10
Wait ... are you saying that under sphere my web.xml is going to be that much
different? To the point that <security-constraint> won't serve the purpose?
The whole idea was to keep code "security ignorant".
The layout you proposed is very reasonable and we're planning to have smth
very similar. Faces conditional rendering also looks promising: role-based
access.

Anyway, with *.jsf mapping my "security" stopped securing. Suggestions?
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

I don't know 100% sure that websphere is different. But I know I had to do some tweaking in Resin to port one of my apps. And it wasn't fun.

As far as the mapping change, I don't know. Maybe because you are still using /faces/ and you don't need it anymore if you changed to .jsf?
Josh Reeves
Greenhorn

Joined: Oct 03, 2005
Posts: 10
No /faces/*
Per your suggestion moved to *.jsf, however user prompted for login
only on the 2nd page within protected area. Smth isn't right.
 
 
subject: Faces URL pattern
 
Similar Threads
Having serious trouble configuring Authorization
security constraint with jsp forward
simple problem with web.xml
java.lang.RuntimeException: Cannot find FacesContext
JSF file as welcome-file in web.xml