JDBC Security Popup on Glassfish 3.1.2.2

Question

I am running a JSF application on Glassfish 3.1.2.2 with JDBC Realms authentication.

I was wondering if there was anyway that I can disable the login popup that appears whenever someone tries to access a restricted page and is not logged in and instead raise an Error 401 (which automatically redirects to my page's login page) for consistency of UX.

Answer 1

You'll have to set your web.xml security constraints login-config auth-method to FORM login:

 <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>You can but you are not forced to supply a realm here</realm-name>
        <form-login-config>
            <form-login-page>/login.xhtml</form-login-page>
            <form-error-page>/access-forbidden.xhtml</form-error-page>
        </form-login-config>
    </login-config>  

Secure your pages like this:

<security-constraint>
    <web-resource-collection>
        <url-pattern>/index.xhtml</url-pattern>       
    </web-resource-collection>
    <auth-constraint>
        <role-name>Manager</role-name>
    </auth-constraint>
</security-constraint>

<security-role>
    <role-name>Manager</role-name>
</security-role>