I believe the problem is that security constraints aren't applied when
using RequestDispatcher.forward() as default JSF NavigationHandler
will do for a navigation rule that doesn't specify the redirect element.
Try defining your navigation rule like this:
<navigation-rule>
<navigation-case>
<from-outcome>login</from-outcome>
<to-view-id>/users/userhome.xhtml</to-view-id>
</redirect>
</navigation-case>
</navigation-rule>
glassfish_at_javadesktop.org wrote:
> Using this navigation rule
>
> <navigation-rule>
> <navigation-case>
> <from-outcome>login</from-outcome>
> <to-view-id>/users/userhome.xhtml</to-view-id>
> </navigation-case>
> </navigation-rule>
>
> and this security constraint
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>User Pages</web-resource-name>
> <url-pattern>/users/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>users</role-name>
> <role-name>doctor</role-name>
> <role-name>admin</role-name>
> <role-name>acctmgr</role-name>
> <role-name>sales</role-name>
> <role-name>inhouse</role-name>
> </auth-constraint>
> </security-constraint>
>
> when a user clicks a command link for command login it goes right to /users/userhome.faces right away, if I click, the link a second time it asks for a login. Is this a bug, or an issue on my end?
> [Message sent by forum member 'amattas' (amattas)]
>
> http://forums.java.net/jive/thread.jspa?messageID=229703
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>