Prettyfaces and the container based security

StackOverflow https://stackoverflow.com/questions/17133638

  •  31-05-2022
  •  | 
  •  

Question

I have problem using the container-based security with prettyfaces. As far as I disable prettyfaces (remove its existence in pom.xml), the container-based security is working fine and pages are secured well. However, with using prettyfaces, the security is not working anymore and the secured pages can be accessed without authentication (i am not applying pretty-faces filter on the secured pages). Even when I am using the empty pretty-config.xml (the only).

i am using Jboss AS

Edit:

With this setup, pages /user/* are accessed without the need of authentication. After removing the prettyfaces from pom.xml it works well.

part of the web.xml:

   <security-role>
    <description>Users</description>
    <role-name>user</role-name>
   </security-role>

   <security-constraint>
    <web-resource-collection>
        <web-resource-name>General use.</web-resource-name>
        <url-pattern>/user/*</url-pattern>
        <http-method>DELETE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>PUT</http-method>
        <http-method>HEAD</http-method>
        <http-method>TRACE</http-method>
        <http-method>OPTIONS</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>user</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login.xhtml</form-login-page>
        <form-error-page>/login-fail.xhtml</form-error-page>
    </form-login-config>
</login-config>

prettyfaces-config.xml (when using empty pretty-config.xml):

<pretty-config xmlns="http://ocpsoft.org/schema/rewrite-config-prettyfaces" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://ocpsoft.org/schema/rewrite-config-prettyfaces
                  http://ocpsoft.org/xml/ns/prettyfaces/rewrite-config-prettyfaces.xsd">


</pretty-config>
Was it helpful?

Solution

EDIT: As it happens, this was a bug in Rewrite that is fixed in version 2.0.4.Final. (See related forum post - http://ocpsoft.org/support/topic/prettyfaces-with-container-based-security/ )

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top