This content has been marked as final.
Show 2 replies
-
1. Re: page flow question
jacob.orshalick Sep 14, 2007 9:32 AM (in response to panpur)Since you don't say, I would assume given your requirement you want all pages to require login except the login page (makes sense). This can be accomplished through the following:
<pages login-view-id="/auth/login.xhtml"> <page view-id="*" login-required="true"/> <page view-id="/auth/login.xhtml" login-required="false" /> ...
-
2. Re: page flow question
bsmithjj Sep 14, 2007 9:48 AM (in response to panpur)you can also use basic Servlet-container security to achieve a similar result:
<security-constraint> <web-resource-collection> <web-resource-name>restricted-urls</web-resource-name> <url-pattern>/myapp/auth/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> <!--user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint--> </security-constraint>
where 'auth' is a directory in your web application that contains pages requiring authentication. Of course you would not put your login page in the auth directory.