web.xml file
<?xml version='1.0' encoding = 'ISO-8859-1'?>
<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5"
>
<servlet>
<servlet-name>SpringContextServlet</servlet-name>
<servlet-class>
org.springframework.web.context.ContextLoaderServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<description>
Use *.xhtml documents for JavaServer Faces (for Facelets
config)
</description>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>
/WEB-INF/delegates.xml,/WEB-INF/faces-navigation.xml
</param-value>
</context-param>
<context-param>
<description>
This parameter tells MyFaces if javascript code should be
allowed in the rendered HTML output. If javascript is
allowed, command_link anchors will have javascript code that
submits the corresponding form. If javascript is not
allowed, the state saving info and nested parameters will be
added as url parameters Default: "true"
</description>
<param-name>org.apache.myfaces.ALLOW_JAVASCRIPT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<description>
If both this and org.apache.myfaces.ALLOW_JAVASCRIPT are
true, MyFaces will attempt to detect whether the client
supports Javascript in order to decide whether to use
Javascript. If this is false, Javascript will be used or not
according to the value of
org.apache.myfaces.ALLOW_JAVASCRIPT.
</description>
<param-name>org.apache.myfaces.DETECT_JAVASCRIPT</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>
If true, rendered HTML code will be formatted, so that it is
"human readable". i.e. additional line separators and
whitespace will be written, that do not influence the HTML
code. Default:"true"
</description>
<param-name>org.apache.myfaces.PRETTY_HTML</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<description>
If true, a javascript function will be rendered that is able
to restore the former vertical scroll on every request.
Convenient feature if you have pages with long lists and you
do not want the browser page to always jump to the top if
you trigger a link or button action that stays on the same
page. Default: "false"
</description>
<param-name>org.apache.myfaces.AUTO_SCROLL</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>
org.apache.myfaces.CHECK_EXTENSIONS_FILTER
</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<description>
Turns off RichFaces skins as best as possible to allow the
components to better integrate into our existing design
</description>
<param-name>org.richfaces.SKIN</param-name>
<param-value>plain</param-value>
</context-param>
<context-param>
<param-name>facelets.LIBRARIES</param-name>
<param-value>
/WEB-INF/facelets/clientsidevalidators.taglib.xml;/WEB-INF/facelets/custom.taglib.xml
</param-value>
</context-param>
<context-param>
<description>Special debug output for development</description>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<description>
Should comments be included in generated HTML?
</description>
<param-name>facelets.SKIP_COMMENTS</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>
Interval at which the compiler should check for changes
</description>
<param-name>facelets.REFRESH_PERIOD</param-name>
<param-value>2</param-value>
</context-param>
<!-- Faces Servlet -->
<servlet>
<description>Java Server Faces servlet</description>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/myFacesExtensionResource/*</url-pattern>
</servlet-mapping>
<!-- Faces Servlet Mapping -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<!-- RichFaces -->
<filter>
<display-name>RichFaces Filter</display-name>
<filter-name>richfaces</filter-name>
<filter-class>org.ajax4jsf.Filter</filter-class>
</filter>
<filter-mapping>
<filter-name>richfaces</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>zecom.web.access.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
<filter>
<filter-name>MyFacesExtensionsFilter</filter-name>
<filter-class>
org.apache.myfaces.webapp.filter.ExtensionsFilter
</filter-class>
<init-param>
<param-name>maxFileSize</param-name>
<param-value>20m</param-value>
</init-param>
</filter>
<!-- extension mapping for serving page-independent resources
(javascript, stylesheets, images, etc.) -->
<filter-mapping>
<filter-name>MyFacesExtensionsFilter</filter-name>
<url-pattern>/faces/myFacesExtensionResource/*</url-pattern>
</filter-mapping>
<!-- extension mapping for serving page-independent resources
(javascript, stylesheets, images, etc.) -->
<filter-mapping>
<filter-name>MyFacesExtensionsFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<!-- extension mapping for adding <script/>, <link/>, and other resource tags to JSF-pages -->
<filter-mapping>
<filter-name>MyFacesExtensionsFilter</filter-name>
<!-- servlet-name must match the name of your javax.faces.webapp.FacesServlet entry -->
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<!-- extension mapping for adding <script/>, <link/>, and other resource tags to JSF-pages -->
<filter-mapping>
<filter-name>MyFacesExtensionsFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>300</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!-- ######################################## -->
<!-- ### Security -->
<!-- ######################################## -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/open/login.faces</form-login-page>
<form-error-page>/open/fail_login.faces</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login-common</web-resource-name>
<url-pattern>/secure/access/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Superuser</role-name>
<role-name>Administrator</role-name>
<role-name>Content Manager</role-name>
<role-name>Customer</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>ProtectedForSuperuser</web-resource-name>
<url-pattern>/secure/company/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Superuser</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>ProtectedForInternal</web-resource-name>
<url-pattern>/secure/productType/*</url-pattern>
<url-pattern>/secure/productCategory/*</url-pattern>
<url-pattern>/secure/product/*</url-pattern>
<url-pattern>/secure/promo/*</url-pattern>
<url-pattern>/secure/order/*</url-pattern>
<url-pattern>/secure/role/*</url-pattern>
<url-pattern>/secure/user/*</url-pattern>
<url-pattern>/secure/test/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Superuser</role-name>
<role-name>Administrator</role-name>
<role-name>Content Manager</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>
Customer's account edit/view
</web-resource-name>
<url-pattern>/secure/user/userBasket.faces</url-pattern>
<url-pattern>/secure/user/userBasket.jsf</url-pattern>
<url-pattern>/secure/order/orderDetails.jsf</url-pattern>
<url-pattern>/secure/order/orderDetails.faces</url-pattern>
<url-pattern>/secure/order/shoppingCart.jsf</url-pattern>
<url-pattern>/secure/order/shoppingCart.faces</url-pattern>
<url-pattern>
/secure/order/sessionDownloadableProducts.faces
</url-pattern>
<url-pattern>
/secure/order/sessionDownloadableProducts.jsf
</url-pattern>
<url-pattern>/secure/user/userDetails.faces</url-pattern>
<url-pattern>/secure/user/userDetails.jsf</url-pattern>
<url-pattern>/secure/user/userEdit.faces</url-pattern>
<url-pattern>/secure/user/userEdit.jsf</url-pattern>
<url-pattern>/secure/payment/Error.faces</url-pattern>
<url-pattern>/secure/payment/Error.jsf</url-pattern>
<url-pattern>/secure/payment/APIError.faces</url-pattern>
<url-pattern>/secure/payment/APIError.jsf</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Superuser</role-name>
<role-name>Administrator</role-name>
<role-name>Content Manager</role-name>
<role-name>Customer</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>ProtectedForCustomer</web-resource-name>
<url-pattern>/secure/search/*</url-pattern>
<url-pattern>/secure/customerAccount/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Customer</role-name>
</auth-constraint>
</security-constraint>
</web-app>