1 Reply Latest reply on Jan 7, 2017 6:26 AM by kmranganathan

    Prevent direct access URL with picketlink

    r3glisse

      I'm devlopping a Java web application with Picketlink and I've managed all the page access with the class HttpSecurityConfiguration.java. So when I log with the administrator login I can access to the "protected" pages which are located in the admin folder while navigating on the website. If I do not log with the administrator login I cannot access to the pages which are in the admin folder. But as user I can directly access to the admin pages by enter the direct URL link into the navigation search. How can I avoid this ?

      This is my HttpSecurityConfiguration.java

       

       

      package fr.esisar.frigolo.portail;

      import javax.enterprise.event.Observes;

      import org.picketlink.config.SecurityConfigurationBuilder;
      import org.picketlink.event.SecurityConfigurationEvent;

      public class HttpSecurityConfiguration {

      public void onInit(@Observes SecurityConfigurationEvent event) {
        
      SecurityConfigurationBuilder builder = event.getBuilder();

        builder
        
      .http()
        
      .forPath("/*.xhtml")
        
      .authenticateWith()
        
      .form()
        
      .authenticationUri("/loginTonic.xhtml")
        
      .loginPage("/loginTonic.xhtml")
        
      .errorPage("/error.xhtml")
        
      .restoreOriginalRequest()



        
      .logout()
        
      .redirectTo("/portail.xhtml"); */
        
      .forPath("/admin/adminPage.xhtml")
        
      .authorizeWith()
        
      .role("administrateur");

        
      }

      }