Skip to main content

JSF and authorization

1 reply [Last post]
jebrie
Offline
Joined: 2006-10-06

I just set up a small project that has a set of pages that are visible for everybody and some pages under auth/ that are only visible for authenticated users (using Glassfish ur1) .

when I address a proteced page with the browser by accessing it directly, i.e. http://localhost:8080/test/auth/secret.jsf the login-Box is displayed and access is denied if I do not provide the correct login/password.

However if I use a on the home page with the following navigation-case:

secret
/auth/secret.jsf

the page is visible without authentication (I did restart the browser inbetween the above two testcases).

Is this behavior correct?

Any hints appreciated...

Jens

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
jebrie
Offline
Joined: 2006-10-06

ah well - of course my fault. Included a tag in my navigation case and now it works...