xhtml not recognized after security configured
I have a jsf/richfaces web app that works fine when security is not enabled.
However, when I add a security-constraint section to the web.xml
then, after a successful login, JBoss tries to download resources such as:
http://localhost:8080/webapp/javax.faces.resource/richfaces-base-component.js.xhtml
instead of serving them up... I'm not sure what is happening...
It is a difficult problem to describe.
Without this section the web app works fine:
<security-constraint> <web-resource-collection> <web-resource-name>webapp</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>administrator</role-name> <role-name>supervisor</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/security/login.xhtml</form-login-page> <form-error-page>/security/login.xhtml</form-error-page> </form-login-config> </login-config> <security-role> <role-name>administrator</role-name> </security-role> <security-role> <role-name>supervisor</role-name> </security-role>
Here is the complete web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>webapp</display-name>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Production</param-value>
</context-param>
<context-param>
<param-name>org.jboss.jbossfaces.JSF_CONFIG_NAME</param-name>
<param-value>Mojarra-2.1</param-value>
</context-param>
<context-param>
<param-name>org.richfaces.enableControlSkinning</param-name>
<param-value>enable</param-value>
</context-param>
<context-param>
<param-name>org.richfaces.skin</param-name>
<param-value>#{webapp.skin}</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/index.jsp</location>
</error-page>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>webapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
<role-name>supervisor</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/security/login.xhtml</form-login-page>
<form-error-page>/security/login.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>administrator</role-name>
</security-role>
<security-role>
<role-name>supervisor</role-name>
</security-role>
</web-app>
When I launch the app In firefox the user-id password form is displayed. I submit the credentials and then the xhmtl resources are download like:
http://localhost:8080/webapp/rfRes/msg.ecss.xhtml?db=eAG7vM0sHgAGPQIf&ln=org.richfaces
*.rf-msg, *.rf-msgs {
font-family: Arial, Verdana, sans-serif ;
font-size: 11px;
height: 18ex;
}
*.rf-msg-err, *.rf-msgs-err, *.rf-msg-ftl, *.rf-msgs-ftl, *.rf-msg-inf, *.rf-msgs-inf, *.rf-msg-wrn, *.rf-msgs-wrn, *.rf-msg-ok, *.rf-msgs-ok {
display: block;
padding-right: 2px;
padding-left: 20px;
vertical-align: middle;
background-repeat: no-repeat;
background-position: left center;
}
*.rf-msg-err, *.rf-msgs-err {
background-image: url(/webapp/javax.faces.resource/error.png.xhtml?ln=org.richfaces);
color: #FF0000;
}
*.rf-msg-ftl, *.rf-msgs-ftl {
background-image: url(/webapp/javax.faces.resource/fatal.png.xhtml?ln=org.richfaces);
color: #FF0000;
}
*.rf-msg-inf, *.rf-msgs-inf {
background-image: url(/webapp/javax.faces.resource/info.png.xhtml?ln=org.richfaces);
color: #000000;
}
*.rf-msg-wrn, *.rf-msgs-wrn {
background-image: url(/webapp/javax.faces.resource/warning.png.xhtml?ln=org.richfaces);
color: #FFE6E6;
}
*.rf-msg-ok, *.rf-msgs-ok {
background-image: url(/webapp/javax.faces.resource/ok.png.xhtml?ln=org.richfaces);
color: #000000;
}
*.rf-msg-sum, *.rf-msgs-sum {
display: inline;
}
*.rf-msg-det, *.rf-msgs-det {
display: inline;
}
Without the security section everything works fine... and the page is rendered correctly.
The page that should be displayed begins with:
<?xml version='1.0' encoding='UTF-8' ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.org/rich" xmlns:a4j="http://richfaces.org/a4j" xmlns:f="http://java.sun.com/jsf/core" xml:lang="en" lang="en"> <ui:composition template="/layout/layoutfull.xhtml"> <style type="text/css"> </style>
I would be grateful for any suggestions.
Running:
Windows 7
JBoss AS6
JRE 6
JSF 2.1
Richfaces 4.0
Paul (thanks in advance).