What url-patern should I use in ADF in the web.xml to protect a page? The URL shows the previous page.

Question

I have the following security constraint in my web.xml file to make the help.jspx page available only for some specific users.

<security-constraint>
  <web-resource-collection>
    <web-resource-name>protected</web-resource-name>
    <url-pattern>/faces/help</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>admin_role</role-name>
  </auth-constraint>
</security-constraint>

As you can see, faces/help is the pattern that is protected. But let me explian what happens in ADF.

1. If I run the home.jspx I will get this url: http://mydomain.com/something/faces/home
2. Then, if I navigate to the page about.jspx, the url will still show the same http://mydomain.com/something/faces/home
3. Now if I navigate to help.jspx, the url will show the previous page name "about" http://mydomain.com/something/faces/about, so I will be able to view help.jspx even if I have not logged in yet.
4. This is not it, now if I navigate to home.jspx once again, the url will show the previous page "help" http://mydomain.com/something/faces/help, so I will be asked to log in before I am able to access to the "home" page.

Answer 1

I found the way to refresh the URL so the new URL gets the new page name on it. Go to your task flow and add

<redirect/>

inside the view tags that you want their URL's to be refreshed.

 <view id="help_id">
   <page>/help.jspx</page>
   <redirect/>
 </view>

This is what the Jdev help says about the redirect tag:

Redirect: Choose true if the ADF controller should issue an HTTP redirect for a view activity request. The redirected request creates a new browser URL for the view activity. The original view URL is no longer used.