I'm still learning about JSF (Core Java Server Faces) and was wondering how to add two types of security. I've tried searching the list archives at marc.theaimsgroup.com, used search engines (i.e. Google), and even tried checking out the old and myfaces sites (wiki, javadoc, jira, etc.). I couldn't find what I was looking for so here are my 2 security related Faces questions:
1. How can I access my JSP files if I hide them under /WEB-INF? I am a current Struts developer (thinking of moving to MyFaces and Shale) and access my pages through Actions so I can keep my JSP's hidden from prying eyes in /WEB-INF/pages. I haven't figured out how to do that with MyFaces yet. 2. Does anyone have suggestions on how to do SSL switching like the Struts SSLExt package? I would like some links to be forced to go to a secure (HTTPS) URL [true], while others are HTTP only [false] and some are allowed to be both [any]. SSLExt(.sourceforge.net) has that for Struts but don't (yet?) see how to do that with MyFaces/JSF. Thank you for any constructive suggestions. Regards, David ([EMAIL PROTECTED])
