I am depading the same issue. Servlet filters allow you to apply them on REQUEST and FORWARD, but I don't think you can change the settings for the built-in authentication that I know of (I'm not even sure it is required by the spec to be a filter for security). You could therefore write your own filter to listen for FORWARD requests, but it begs the question of how to interact with the authentication model of the Servlet host (IMO, Sun REALLY dropped the ball with servlet authentication. It is really hard to work with. It would be MUCH better if there was a server side API that you could hook into from filters, JSF beans, servlets, etc.)
-Andrew On 2/28/06, Joey Geiger <[EMAIL PROTECTED]> wrote: > I've run into issues with Spring and the OpenSessionInViewFilter, or > anything in general that needs to be displayed and is in a request scope. > That is one of the most frustrating things for me coming from a PHP/Perl > programming background. > > Ming Hu wrote: > > <redirect/> inside of a <navigation-case> works fine. And I like it > > for the following reasons: > > 1. I can use container managed authentication, hence container managed > > authorization on the EJB/middle tier. > > 2. My browser's address bar displays the corresponding link when a > > command link/button is clicked, hence I can bookmark the URL. > > > > However I'd like to know more about the ramifications of using redirect. > > > > Cristi mentioned the lost of validation messages. Is this caused by > > the faces servlet renders a different view for "redirected" URL? Are > > there any other potential issues? > > > > I really appreciate your time spent looking into this. > > > > Regards, > > > > Ming > > > > > > On 2/28/06, *Grigoras Cristinel* < [EMAIL PROTECTED] <mailto:[EMAIL > > PROTECTED]>> > > wrote: > > > > Hi, > > > > You have tried to use redirect inside navigation case like this? > > <navigation-case> > > <from-outcome>nav_page_domain_op_list</from-outcome> > > <to-view-id>/page_domain_op_list</to-view-id> > > <redirect/> > > </navigation-case> > > in this case you loose validation messages. > > > > other solution is to write your own navigation handler. > > > > Cristi > > > > Ming Hu wrote: > > > Redirect works but it's not what I wanted. The functionality I'd > > like > > > to have is to put security constraints on the action values of > > > JSF/Myfaces command links or buttons. > > > > > > Regards, > > > > > > Ming > > > > > > On 2/27/06, *Grigoras Cristinel* < [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL > > PROTECTED]>>> > > > wrote: > > > > > > Hi, > > > Is working if you use redirect. > > > > > > Cristi > > > > > > > > > Ming Hu wrote: > > > > I have the following navigation case: > > > > > > > > <navigation-case> > > > > <from-outcome>nav_page_domain_op_list</from-outcome> > > > > <to-view-id>/page_domain_op_list</to-view-id> > > > > </navigation-case> > > > > > > > > and the following security constraint: > > > > ... > > > > <url-pattern>/page_domain_op_list.jsf</url-pattern> > > > > ... > > > > > > > > If I point my browser to > > > localhost:8080/myapp/page_domain_op_list.jsf, > > > > the web app works fine and the sign-in page is popup up by the > > > > container automatically. > > > > > > > > However I run into issues when I want to add same control on a > > > > JSF/Myfaces command link or command button. I tried to use > > > > "page_domain_op_list.jsf" or "nav_page_domain_op_list.jsf" > > as the > > > > action value, but neither worked. > > > > > > > > How should I handle this kind of situation? Has anyone put any > > > > thoughts into this? I'd really appreciate your inputs. > > > > > > > > Regards, > > > > > > > > Ming > > > > > > > > > > > > > > > > >
