On 2/27/06, Ming Hu <[EMAIL PROTECTED]> wrote:
Container managed security is *only* invoked on an initial request, not on a RequestDispatcher.forward() call, so you are not going to be able to accomplish what you are after. The container always assumes that, the application will do a forward only if it is appropriate to do so.
Best solution is to just do the redirect. If that means you have to save some state information in session scope, just do it.
Craig
Redirect works but it's not what I wanted. The functionality I'd like to have is to put security constraints on the action values of JSF/Myfaces command links or buttons.
Container managed security is *only* invoked on an initial request, not on a RequestDispatcher.forward() call, so you are not going to be able to accomplish what you are after. The container always assumes that, the application will do a forward only if it is appropriate to do so.
Best solution is to just do the redirect. If that means you have to save some state information in session scope, just do it.
Regards,
Ming
Craig
On 2/27/06, Grigoras Cristinel <[EMAIL PROTECTED]> wrote:Hi,
Is working if you use redirect.
Cristi
Ming Hu wrote:
> I have the following navigation case:
>
> <navigation-case>
> <from-outcome>nav_page_domain_op_list</from-outcome>
> <to-view-id>/page_domain_op_list</to-view-id>
> </navigation-case>
>
> and the following security constraint:
> ...
> <url-pattern>/page_domain_op_list.jsf</url-pattern>
> ...
>
> If I point my browser to localhost:8080/myapp/page_domain_op_list.jsf,
> the web app works fine and the sign-in page is popup up by the
> container automatically.
>
> However I run into issues when I want to add same control on a
> JSF/Myfaces command link or command button. I tried to use
> "page_domain_op_list.jsf" or "nav_page_domain_op_list.jsf" as the
> action value, but neither worked.
>
> How should I handle this kind of situation? Has anyone put any
> thoughts into this? I'd really appreciate your inputs.
>
> Regards,
>
> Ming
>
