DEVHIDE
Login Or Sign up

Java Container Managed Security Not Redirecting to Login Page

511 Views Asked by At

I have a JSF 2 web application I am building on GlassFish 3. I am using container managed security to handle the login. Every page in my web app needs to be secure. All pages are in the root directory along with the login page. The problem is when I type a URL to directly access a protected page, it displays even though a user is not logged in. I would like every page on my site except for the login page to be secured so the user has to access the site through this login page. Any ideas why it's not blocking requests for other pages when the user is not logged in?

Here is the relevant snippet from my web.xml:

<welcome-file-list>
    <welcome-file>index.jsf</welcome-file>
</welcome-file-list>
<security-constraint>
    <display-name>EmployeeConstraint</display-name>
    <web-resource-collection>
        <web-resource-name>Pages</web-resource-name>
        <description/>
        <url-pattern>/home.jsf</url-pattern>
        <url-pattern>/applicantHome.jsf</url-pattern>
        <url-pattern>/assessmentFinished.jsf</url-pattern>
        <url-pattern>/help.jsf</url-pattern>
        <url-pattern>/memberInfo.jsf</url-pattern>
        <url-pattern>/phrases1.jsf</url-pattern>
        <url-pattern>/phrases2.jsf</url-pattern>
        <url-pattern>/quotations1.jsf</url-pattern>
        <url-pattern>/quotations2.jsf</url-pattern>
        <!--url-pattern>/myProfile.jsf</url-pattern-->
    </web-resource-collection>
    <auth-constraint>
        <role-name>Employee</role-name>
        <role-name>Applicant</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>
    <display-name>ApplicantConstraint</display-name>
    <web-resource-collection>
        <web-resource-name>Pages</web-resource-name>
        <description/>
        <url-pattern>/home.jsf</url-pattern>
        <url-pattern>/applicantHome.jsf</url-pattern>
        <url-pattern>/assessmentFinished.jsf</url-pattern>
        <url-pattern>/help.jsf</url-pattern>
        <url-pattern>/memberInfo.jsf</url-pattern>
        <url-pattern>/phrases1.jsf</url-pattern>
        <url-pattern>/phrases2.jsf</url-pattern>
        <url-pattern>/quotations1.jsf</url-pattern>
        <url-pattern>/quotations2.jsf</url-pattern>
    </web-resource-collection>
</security-constraint>
<security-constraint>
    <display-name>ReportsConstraint</display-name>
    <web-resource-collection>
        <web-resource-name>Pages</web-resource-name>
        <description/>
        <url-pattern>/reports.jsf</url-pattern>
        <url-pattern>/indReport.jsf</url-pattern>
        <url-pattern>/indReportResults.jsf</url-pattern>
        <url-pattern>/groupReport.jsf</url-pattern>
        <url-pattern>/cloneReport.jsf</url-pattern>
        <url-pattern>/home.jsf</url-pattern>
    </web-resource-collection>
</security-constraint>
<security-constraint>
    <display-name>AdministratorConstraints</display-name>
    <web-resource-collection>
        <web-resource-name>Pages</web-resource-name>
        <description/>
        <url-pattern>/admin.jsf</url-pattern>
        <url-pattern>/home.jsf</url-pattern>
        <url-pattern>/applicantHome.jsf</url-pattern>
        <url-pattern>/assessmentFinished.jsf</url-pattern>
        <url-pattern>/cloneBuilder.jsf</url-pattern>
        <url-pattern>/cloneBuilderMenu.jsf</url-pattern>
        <url-pattern>/cloneBuilderRangeEditor.jsf</url-pattern>
        <url-pattern>/cloneReport.jsf</url-pattern>
        <url-pattern>/cloneReport.jsf</url-pattern>
        <url-pattern>/groupReport.jsf</url-pattern>
        <url-pattern>/help.jsf</url-pattern>
        <url-pattern>/indReport.jsf</url-pattern>
        <url-pattern>/indReportResults.jsf</url-pattern>
        <url-pattern>/licenseManager.jsf</url-pattern>
        <url-pattern>/management.jsf</url-pattern>
        <url-pattern>/memberInfo.jsf</url-pattern>
        <url-pattern>/phrases1.jsf</url-pattern>
        <url-pattern>/phrases2.jsf</url-pattern>
        <url-pattern>/quotations1.jsf</url-pattern>
        <url-pattern>/quotations2.jsf</url-pattern>
        <url-pattern>/reports.jsf</url-pattern>
        <url-pattern>/userAdmin.jsf</url-pattern>
    </web-resource-collection>
</security-constraint>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>PerProUserAuth</realm-name>
    <form-login-config>
        <form-login-page>/index.jsf</form-login-page>
        <form-error-page>/index.jsf</form-error-page>
    </form-login-config>
</login-config>
<security-role>
    <description/>
    <role-name>Employee</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>Applicant</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>Administrator</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>Reports</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>Former Employee</role-name>
</security-role>
java jakarta-ee glassfish-3 web.xml container-managed
Original Q&A
1

There are 1 best solutions below

1
On

There's a tutorial here with a quote that may be relevant.

Because security role mapping happens at deployment time, the default mapping must be turned on before the application is deployed. To turn on the default mapping, choose Configuration -> Security in the admin console. Click Enabled next to Default Principal to Role Mapping and Save.

Related Questions in JAVA

Related Questions in JAKARTA-EE

Related Questions in GLASSFISH-3

Related Questions in WEB.XML

Related Questions in CONTAINER-MANAGED

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.