1 Reply Latest reply on Nov 12, 2011 4:07 PM by Paul Baker

    xhtml not recognized after security configured

    Paul Baker Apprentice

      I have a jsf/richfaces web app that works fine when security is not enabled.

      However, when I add a security-constraint section to the web.xml

      then, after a successful login, JBoss tries to download resources such as:

      http://localhost:8080/webapp/javax.faces.resource/richfaces-base-component.js.xhtml

      instead of serving them up... I'm not sure what is happening...

      It is a difficult problem to describe.

       

      Without this section the web app works fine:

       

        <security-constraint>
          <web-resource-collection>
            <web-resource-name>webapp</web-resource-name>
            <url-pattern>/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
            <role-name>administrator</role-name>
            <role-name>supervisor</role-name>
          </auth-constraint>
        </security-constraint>
        <login-config>
          <auth-method>FORM</auth-method>
          <form-login-config>
            <form-login-page>/security/login.xhtml</form-login-page>
            <form-error-page>/security/login.xhtml</form-error-page>
          </form-login-config>
        </login-config>
        <security-role>
          <role-name>administrator</role-name>
        </security-role>
        <security-role>
          <role-name>supervisor</role-name>
        </security-role>
      

       

      Here is the complete web.xml: 

       

      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
        <display-name>webapp</display-name>
        <context-param>
          <param-name>javax.faces.PROJECT_STAGE</param-name>
          <param-value>Production</param-value>
        </context-param>
        <context-param>
          <param-name>org.jboss.jbossfaces.JSF_CONFIG_NAME</param-name>
          <param-value>Mojarra-2.1</param-value>
        </context-param>
        <context-param>
          <param-name>org.richfaces.enableControlSkinning</param-name>
          <param-value>enable</param-value>
        </context-param>
        <context-param>
          <param-name>org.richfaces.skin</param-name>
          <param-value>#{webapp.skin}</param-value>
        </context-param>
        <servlet>
          <servlet-name>Faces Servlet</servlet-name>
          <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
          <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
          <servlet-name>Faces Servlet</servlet-name>
          <url-pattern>*.xhtml</url-pattern>
        </servlet-mapping>
        <servlet-mapping>
          <servlet-name>Faces Servlet</servlet-name>
          <url-pattern>*.jsf</url-pattern>
        </servlet-mapping>
        
        <context-param>    
            <param-name>javax.faces.DEFAULT_SUFFIX</param-name>    
            <param-value>.xhtml</param-value>    
        </context-param>    
        
        <error-page>
          <exception-type>javax.faces.application.ViewExpiredException</exception-type>
          <location>/index.jsp</location>
        </error-page>
        <welcome-file-list>
          <welcome-file>index.jsp</welcome-file>
        </welcome-file-list>
        <security-constraint>
          <web-resource-collection>
            <web-resource-name>webapp</web-resource-name>
            <url-pattern>/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
            <role-name>administrator</role-name>
            <role-name>supervisor</role-name>
          </auth-constraint>
        </security-constraint>
        <login-config>
          <auth-method>FORM</auth-method>
          <form-login-config>
            <form-login-page>/security/login.xhtml</form-login-page>
            <form-error-page>/security/login.xhtml</form-error-page>
          </form-login-config>
        </login-config>
        <security-role>
          <role-name>administrator</role-name>
        </security-role>
        <security-role>
          <role-name>supervisor</role-name>
        </security-role>
      </web-app>
      

       

      When I launch the app In firefox the user-id password form is displayed.  I submit the credentials and then the xhmtl resources are download like:

      http://localhost:8080/webapp/rfRes/msg.ecss.xhtml?db=eAG7vM0sHgAGPQIf&ln=org.richfaces

       

      *.rf-msg, *.rf-msgs {

      font-family: Arial, Verdana, sans-serif ;

      font-size: 11px;

      height: 18ex;

      }

      *.rf-msg-err, *.rf-msgs-err, *.rf-msg-ftl, *.rf-msgs-ftl, *.rf-msg-inf, *.rf-msgs-inf, *.rf-msg-wrn, *.rf-msgs-wrn, *.rf-msg-ok, *.rf-msgs-ok {

      display: block;

      padding-right: 2px;

      padding-left: 20px;

      vertical-align: middle;

      background-repeat: no-repeat;

      background-position: left center;

      }

      *.rf-msg-err, *.rf-msgs-err {

      background-image: url(/webapp/javax.faces.resource/error.png.xhtml?ln=org.richfaces);

      color: #FF0000;

      }

      *.rf-msg-ftl, *.rf-msgs-ftl {

      background-image: url(/webapp/javax.faces.resource/fatal.png.xhtml?ln=org.richfaces);

      color: #FF0000;

      }

      *.rf-msg-inf, *.rf-msgs-inf {

      background-image: url(/webapp/javax.faces.resource/info.png.xhtml?ln=org.richfaces);

      color: #000000;

      }

      *.rf-msg-wrn, *.rf-msgs-wrn {

      background-image: url(/webapp/javax.faces.resource/warning.png.xhtml?ln=org.richfaces);

      color: #FFE6E6;

      }

      *.rf-msg-ok, *.rf-msgs-ok {

      background-image: url(/webapp/javax.faces.resource/ok.png.xhtml?ln=org.richfaces);

      color: #000000;

      }

      *.rf-msg-sum, *.rf-msgs-sum {

      display: inline;

      }

      *.rf-msg-det, *.rf-msgs-det {

      display: inline;

      }

       

       

      Without the security section everything works fine... and the page is rendered correctly.

       

      The page that should be displayed begins with:

       

      <?xml version='1.0' encoding='UTF-8' ?>
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml"
       xmlns:ui="http://java.sun.com/jsf/facelets"
       xmlns:h="http://java.sun.com/jsf/html"
       xmlns:rich="http://richfaces.org/rich"
       xmlns:a4j="http://richfaces.org/a4j"
       xmlns:f="http://java.sun.com/jsf/core" xml:lang="en" lang="en">
       
       <ui:composition template="/layout/layoutfull.xhtml">
        <style type="text/css"> 
        </style>
      

       

       

      I would be grateful for any suggestions.

       

      Running:

      Windows 7

      JBoss AS6

      JRE 6

      JSF 2.1

      Richfaces 4.0

       

      Paul (thanks in advance).

        • 1. Re: xhtml not recognized after security configured
          Paul Baker Apprentice

          Found that problem was associated to the login.xhtml page.  I had cut and pasted some Richfaces/Facelets tags that were not needed.  When these were removed then the forwarded page rendered correctly.

           

          Original login.xhtml page:

           

          <?xml version='1.0' encoding='UTF-8' ?>
          <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
              "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
          <html xmlns="http://www.w3.org/1999/xhtml"
          xmlns:ui="http://java.sun.com/jsf/facelets"
          xmlns:h="http://java.sun.com/jsf/html"
          xmlns:rich="http://richfaces.org/rich"
          xmlns:f="http://java.sun.com/jsf/core" xml:lang="en" lang="en">
          <ui:composition template="#{my.layout}">
            <ui:define name="content">
             <center>
              <h:outputLabel value="Authorization" styleClass="TitleNormal" />
             </center>
             <rich:messages layout="list" infoClass="msgInfoText"
              errorClass="msgErrorText" fatalClass="msgFatalText">
              <f:facet name="header">
               <h:outputText value="Entered Data Status:"></h:outputText>
              </f:facet>
              <f:facet name="infoMarker">
               <h:graphicImage value="/images/GreenFlag.gif" />
              </f:facet>
              <f:facet name="errorMarker">
               <h:graphicImage value="/images/Exclamation.gif" />
              </f:facet>
             </rich:messages>
             <center>
              <form method="post" name="loginForm" action="j_security_check">
               <h:panelGrid id="panel" columns="2" border="0"
                columnClasses="CtaRvaM, CtaLvaM">
                <h:outputLabel for="j_username" value="User:" styleClass="LblNormal" />
                <h:inputText id="j_username" name="j_username" autocomplete="off"  />
                <h:outputLabel for="j_password" value="Password:" styleClass="LblNormal" />
                <h:inputSecret id="j_password" autocomplete="off"  />
               </h:panelGrid>
               <br />
               <h:commandButton type="submit" value="Login" />
              </form>
             </center>
            </ui:define>
          </ui:composition>
          </html>
          

           

          Updated page:

           

          <?xml version='1.0' encoding='UTF-8' ?>
          <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
              "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
          <html xmlns="http://www.w3.org/1999/xhtml"
           xmlns:ui="http://java.sun.com/jsf/facelets"
           xmlns:h="http://java.sun.com/jsf/html"
           xmlns:rich="http://richfaces.org/rich"
           xmlns:f="http://java.sun.com/jsf/core" xml:lang="en" lang="en">
          <h:head>
           <title>LogIn</title>
           <style type="text/css">
           
           .CtaLvaM {text-align: left;
              vertical-align: middle;}
              .CtaRvaM {text-align: right;
              vertical-align: middle;}
           
              </style>
          </h:head>
          <h:body>
           <center>
            <h:outputLabel value="Authorization" styleClass="TitleNormal" />
           </center>
           <center>
            <form method="post" name="loginForm" action="j_security_check">
             <h:panelGrid id="panel" columns="2" border="0"
              columnClasses="CtaRvaM, CtaLvaM">
              <h:outputLabel for="j_username" value="User:" />
              <h:inputText id="j_username" name="j_username" autocomplete="off" />
              <h:outputLabel for="j_password" value="Password:" />
              <h:inputSecret id="j_password" autocomplete="off" />
             </h:panelGrid>
             <br />
             <h:commandButton type="submit" value="Login" />
            </form>
           </center>
          </h:body>
          </html>