-----Original Message-----
From: lmk [mailto:
lotfi65@...]
Sent: Wednesday, April 23, 2008 03:18
To:
users@...
Subject: RE: RE: how to prevent direct access to jsf pages?
> I put tempalate file under /WEB-INF- directory..
> I have a page index.xhtml,
>
> <ui:composition template="/WEB-INF/layout/template.xhtml"
> xmlns="
http://www.w3.org/1999/xhtml"
> xmlns:ui="
http://java.sun.com/jsf/facelets"
> xmlns:h="
http://java.sun.com/jsf/html"
> xmlns:f="
http://java.sun.com/jsf/core"
> <ui:define name="title">Home</ui:define>
> <ui:define name="body">
> <h:outputText value="Welcome"></h:outputText>
> </ui:define>
></ui:composition>
>
>navigation rules is like :
>
> <navigation-rule>
> <from-view-id>/register.xhtml</from-view-id>
> <navigation-case>
> <from-outcome>register</from-outcome>
> <to-view-id>/index.xhtml</to-view-id> <!-- cant put
>/WEB-INF/index.xhtml-->
> </navigation-case>
> </navigation-rule>
>
>so user after login he can access to URL /index.jsf himself, I have to
>restrict navigation only by JSF action.
I'm not sure what you mean. Assuming you have mapped *.jsf to the FacesServlet, every request ending in .jsf will be processed by the FacesServlet. If you want to prevent the user from typing in a .jsf request directly, the security constraints in the web.xml can be configured to prevent GET requests to these URLs (just be careful to allow the original /index.jsf request). You might also be interested in a technique called "friendly URLs" where the JSF details are hidden.
>using only myfaces without JSF, I can do this,
MyFaces is an implementation of JSF, so I do not know what you mean here.
>have I implemete an
>alternative ResourceResolver.?
---------------------------------------------------------------------
To unsubscribe, e-mail:
users-unsubscribe@...
For additional commands, e-mail:
users-help@...
