We have a bug filed against that console that complains of 404s when the
user hits back. From the issue, here's my analysis and best guess:
The root cause of this is our ajax-based navigation. It seems that when the user clicks back, the
browser attempts to navigate to the j_security_check, which is where the login form was POSTed to.
The problem, it seems, is that the container only recognizes the "magic" URI (j_security_check) for
POSTs. The GET request from the back button, then, looks for a file by that name in the app, which is
not there, currently. I added a file by that name that redirects to / (which should probably be smarter
at some point), but I'm not sure what the security implications of that are. I'll follow up on the mailing
list for more input.
I have that file in my local build, and it DOES fix the back button
issue, but, as I noted above, I'm not sure if there are any security
concerns with this approach.
Can someone more familiar with j_security_check chime in? If someone
has an alternate solution, I'm open to suggestion there too. :)
--
Jason Lee
Senior Member of Technical Staff
GlassFish REST API / Administration Console
Oracle Corporation
Phone +1 405-216-3193
Blog http://blogs.steeplesoft.com