Win a copy of Rust Web Development this week in the Other Languages forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Confusing with JSF redirect

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My JSF 2.0 web app is executed under a corporate portal (novell). I've a login page to get one HTTP header, and if found, it will be redirected to a restricted page inside. (using: home?faces-redirect=true)

However, the URL is like https://corporate.portal/MYAPP/home.xhtml. I don't know why it cannot show http://myserver/MYAPP/home.xhtml. How can JSF go to an absolute path after logged-in?

Another problem is that, whenever it redirects to another JSF page, the I.E. browser shows warning "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" I cannot control users' browser so I've already tried self-signed certificate on the server, but it is the same. How can JSF redirect to a home page in my server without showing the warning? (note: The web apps on the portal developed by .NET vendors do not have such problem!)

Thanks in advance!
 
Saloon Keeper
Posts: 24825
172
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Actually, "home.xhtml" is a resource. The URL would more commonly be something like https://corporate.portal/MYAPP/home.jsf JSF (and Facelets) would then deconstruct the URL in order to locate the View resource, then employ that resource (home.xhtm) to construct the HTML page view.

You can redirect a URL to either an absolute or relative path. If you want to build an absolute path from a relative URL, you can use J2EE functions to get the components of the incoming request URL and steal the parts needed to make your outgoing URL absolute.

The message about "both secure and nonsecure items" has to do with the sub-URLs on the displayed page such as images, CSS and JavaScript. It's saying that at least one of them is "http" instead of "https". Since HTTP is a clear text protocol, a man-in-the-middle attacker could potentially replace the proper content with a malware-infected equivalent, thereby defeating the advantages of having sent the enclosing page via a secure protocol. This is not a JSF issue, it's an HTML page design issue.

 
Andus Chan
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't know the difference between these 2 kinds of code inside the backing bean. Will the first one goes to an absolute path, while the second one goes to relative path? Any other methods to do page redirect using JSF 2.0?



By the way, what's the major problem when I set the *.xhtml in the <url-pattern> of web.xml?
reply
    Bookmark Topic Watch Topic
  • New Topic