Securing JSF pages

Hi guys

Could enyone help with some advice on how to protect secure pages in a JSF2.0 webapp?

My basic page structure is

/pages/ - standard pages
/pages/secure - secure pages

I have implemented a Filter which uses the url-pattern "/secure/*", this Filter checks to see if the HttpSession has a value called 'isAuthenticated', if not it redirects to the login page.

My welcome-page is [http://localhost/pages/index.jsf]

This Filter works if you type in the URL manually, say:
- http://localhost/pages/secure/myaccount.jsf

The will pass into the Filter and redirects as expected, the problem comes when I use a commandLink. Even though it has this action [action="/pages/secure/myaccount.jsf"] it loads the secure page, bypassing the Filter. I believe this is because the URL still has the following:

- http://localhost/pages/index.jsf

How can I get the JSF page to go through the Filter when called from a commandLink (or similar)?

Cheers in advance

KS

try with a <redirect/> in the faces-config, where you specify what the outcome for your command link action goes.


<from-outcome>your outcome</from-outcome>
<to-view-id>view</to-view-id>
<redirect/>

Thanks for that, I am using JSF2.0 so I have avoided the XML thing.

Would the same thing work if I had a class called something like NavigationController which has a method for this redirect and called that method in the commandLink?

Say
@ManagedBean(name="nav") public class NavigationController { loadMyAccount(){ // code for redirecting here [/pages/secure/myaccount.jsf] - probably getting the URL from a property file or something } } <h:commandLink name="my account" action=#{nav.loadMyAccount}/>

Or something.

The redirect thingy performs an additional request to the server, so when you click the link it actually hits the server twice. I haven't touched JSF 2, so i don't know how you can achieve this.