I have problem with secure a page of my application. Here is my PrettyFaces rewrite rule:
<url-mapping id="cms">
<pattern value="/administrator" />
<view-id value="/faces/backend/index.xhtml" />
</url-mapping>
and here is my secure configuration in web.xml:
<security-constraint>
<display-name>Admin Pages</display-name>
<web-resource-collection>
<web-resource-name>Protected Admin Area</web-resource-name>
<description/>
<url-pattern>/faces/backend/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>JDBCRealm</realm-name>
<form-login-config>
<form-login-page>/faces/login/login.xhtml</form-login-page>
<form-error-page>/faces/login/loginerror.xhtml</form-error-page>
</form-login-config>
</login-config>
As you can see I would like to secure all views under:
/faces/backend/*
but problem is that. When i go to url (rewrite) like:
http://mydomain/administrator
Application should redirect to login page beacuse this url lead to secured view under /faces/backend/*. But user can enter on this page.
When i use url like:
http://mydomain/faces/backend/index.xhtml
Secure work correct. But i would like to secure rewrite rule too. How to fix it? I will greatful for help.
Aucun commentaire:
Enregistrer un commentaire