I am developing an application where I want the users to have some protection from the Internet and snooping. I want to force all users to use https:// rather than just http:// so that encryption is used. When a user logs in, I would like to redirect them to an https:// session if needed. JSF seems to take a relative .jsp for the <to-view-id> value. I thought about just setting up a .jsp that would issue a jsp-forward, or an http refresh, but that would require me to hard code the full server url, whereas I would like the page to be relative to my server and only need to change the protocol, so that I can move the .ear file to my test server and production server without having to modify the code. How would I implement a redirection to https:// when the user logs in successfully?
Works well for setting the base path relative to the server and application path. So you could just substitute request.getScheme() with https in some sort of redirect code, probably a forward on detecting http request.
There are also security constraints you can setup on the web.xml file to ensure http allways and have the container check for it rather than each individual jsf.
The method Props.getProps().getStringProperty("httpsPort") gets the port number with a leading : from my properties file. This allows me to migrate the application to a server where https: is configured to a different port.
index.jsp is the page (not jsf) that is coded in web.xml as the welcome page. It contains: <jsp:forward page="faces/login.jsp"></jsp:forward>
I don't understand why, but if I link to the login.jsp page with the https: protocol, I get an error message "Cannot find FacesContext."