Hi Michael, Following are the servlet mappings:
<servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>*.faces</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>*.jspx</url-pattern> </servlet-mapping> <!-- Persistent Faces Servlet Mapping --> <servlet-mapping> <servlet-name>Persistent Faces Servlet</servlet-name> <url-pattern>*.iface</url-pattern> </servlet-mapping> The navigation case in faces-config.xml is: <navigation-rule> <navigation-case> <from-outcome>OPERATION_LANDING</from-outcome> <to-view-id>/jsp/operations/user/operationsLanding.iface</to-view-id> </navigation-case> </navigation-rule> This has been configured as per the icefaces documentation. If we disregard spring security filter issue the forward happens properly. Spring security filter gets invoked once after the return "OPERATION_LANDING" from within the action method has been executed. The strange part is that the URL is still the previous one. It is strange because when using jsp:forward from index.jsp to login.jsp spring security filter gets both the URL's. What could be the issue? Regards, Madhav From: Michael Kurz [mailto:michi.k...@gmx.at] >Hi, > >which mapping do you use for your faces servlet: postfix (like *.jsf) or >prefix (like /faces/*)? Maybe the "real" JSF urls are not listed in your >intercepter config. > >regards >Michael > >Madhav Bhargava schrieb: > Hi All, > > I am using myfaces 1.1, icefaces 1.8.1, spring 2.5.6, spring security -2.0.5, > WAS 6.0 (app server) > > I have configured spring security for my JSF application along with > SiteMinder as an external authentication mechanism. It works fine till a > forward happens from within myfaces. > > Here is my spring servlet filter chain declaration: > <filter> > <description> > Spring delegating filter which will initiate > the spring > security filter chain > </description> > <display-name>springSecurityFilterChain</display-name> > <filter-name>springSecurityFilterChain</filter-name> > <filter-class> > > org.springframework.web.filter.DelegatingFilterProxy > </filter-class> > </filter> > > <filter-mapping> > <filter-name>springSecurityFilterChain</filter-name> > <url-pattern>/*</url-pattern> > <dispatcher>FORWARD</dispatcher> > <dispatcher>REQUEST</dispatcher> > </filter-mapping> > > And in my spring application context I have followed the advice from spring > forums and done necessary settings: > Excerpt is: > > <security:http > entry-point-ref="preAuthenticatedProcessingFilterEntryPoint" > once-per-request="false"> > <security:intercept-url pattern="/index.jsp" filters="none" /> > <security:intercept-url pattern="/login.jsp" filters="none" /> > <security:intercept-url pattern="/authenticationservlet" > filters="none"/> > <security:intercept-url pattern="**/jsp/common/**" > filters="none"/> > <security:intercept-url pattern="/**/css/**" filters="none"/> > <security:intercept-url pattern="/**/*.js" filters="none"/> > <security:intercept-url pattern="/images/**" filters="none"/> > <security:intercept-url pattern="/**/secure/**" > access="ROLE_USER" /> > <security:intercept-url pattern="/**/operations/**" > access="ROLE_OPERATIONS"/> > <security:intercept-url pattern="/**" > access="IS_AUTHENTICATED_ANONYMOUSLY" /> > </security:http> > > Now when I forward a request from index.jsp to login.jsp then the spring > filters are called with the login.jsp URL even though the browser shows the > old URL. > > However when from within an action method a navigation case is handled then > it is not intercepted by the spring filters at all. However if I give a > <redirect/> then it is properly intercepted with the correct URL as expected. > > What can be the reason? > > Regards, > Madhav > **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS******** End of Disclaimer ********INFOSYS***