JSF and authorization
I just set up a small project that has a set of pages that are visible for everybody and some pages under auth/ that are only visible for authenticated users (using Glassfish ur1) .
when I address a proteced page with the browser by accessing it directly, i.e. http://localhost:8080/test/auth/secret.jsf the login-Box is displayed and access is denied if I do not provide the correct login/password.
However if I use a on the home page with the following navigation-case:
the page is visible without authentication (I did restart the browser inbetween the above two testcases).
Is this behavior correct?
Any hints appreciated...