With Facelets, one can also put XHTML files under the /WEB-INF, if they are templates or included files (same restrictions as with JSP essentially).
A common trick to use in addition is to use the built in security of J2EE prevent direct serving of XHTML files:
<security-constraint>
<display-name>Restrict XHTML Documents</display-name>
<web-resource-collection>
<web-resource-name>XHTML</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Only let 'developer's access XHTML pages</description>
<role-name>developer</role-name>
</auth-constraint>
</security-constraint>
-----Original Message-----
From: lmk [mailto:
lotfi65@...]
Sent: Monday, April 21, 2008 11:24
To:
users@...
Subject: how to prevent direct access to jsf pages?
Id like to prevent direct access to pages jsf, even the user is allowed to
get the page requested,
it's possible to allow only pages redirected or forwarded by the
FacesServlet ?
with only JSF, we can put jsp pages under /WEB-INF/ directory, so it can not
be viewed by user.
JSF can not redirect page under /WEB-INF/ directory, the directory wich
user has no access...
with facelets it seems impossible.
there any solution?
thanks !
--
View this message in context:
http://www.nabble.com/how-to-prevent-direct-access-to-jsf-pages--tp16807991p16807991.htmlSent from the java.net - facelets users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail:
users-unsubscribe@...
For additional commands, e-mail:
users-help@...
---------------------------------------------------------------------
To unsubscribe, e-mail:
users-unsubscribe@...
For additional commands, e-mail:
users-help@...
