Java容器管理的安全性不重定向到登录页面

Question

I have a JSF 2 web application I am building on GlassFish 3. I am using container managed security to handle the login. 我有一个基于GlassFish 3构建的JSF 2 Web应用程序。我正在使用容器管理的安全性来处理登录。 Every page in my web app needs to be secure. Web应用程序中的每个页面都必须安全。 All pages are in the root directory along with the login page. 所有页面和登录页面都在根目录中。 The problem is when I type a URL to directly access a protected page, it displays even though a user is not logged in. I would like every page on my site except for the login page to be secured so the user has to access the site through this login page. 问题是，当我键入URL以直接访问受保护的页面时，即使用户未登录，该URL也会显示。我希望网站上除登录页面外的所有页面都得到保护，以便用户必须访问该网站通过此登录页面。 Any ideas why it's not blocking requests for other pages when the user is not logged in? 有什么想法为什么当用户未登录时它不会阻止其他页面的请求？

Here is the relevant snippet from my web.xml: 这是我的web.xml中的相关代码段：

<welcome-file-list>
    <welcome-file>index.jsf</welcome-file>
</welcome-file-list>
<security-constraint>
    <display-name>EmployeeConstraint</display-name>
    <web-resource-collection>
        <web-resource-name>Pages</web-resource-name>
        <description/>
        <url-pattern>/home.jsf</url-pattern>
        <url-pattern>/applicantHome.jsf</url-pattern>
        <url-pattern>/assessmentFinished.jsf</url-pattern>
        <url-pattern>/help.jsf</url-pattern>
        <url-pattern>/memberInfo.jsf</url-pattern>
        <url-pattern>/phrases1.jsf</url-pattern>
        <url-pattern>/phrases2.jsf</url-pattern>
        <url-pattern>/quotations1.jsf</url-pattern>
        <url-pattern>/quotations2.jsf</url-pattern>
        <!--url-pattern>/myProfile.jsf</url-pattern-->
    </web-resource-collection>
    <auth-constraint>
        <role-name>Employee</role-name>
        <role-name>Applicant</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>
    <display-name>ApplicantConstraint</display-name>
    <web-resource-collection>
        <web-resource-name>Pages</web-resource-name>
        <description/>
        <url-pattern>/home.jsf</url-pattern>
        <url-pattern>/applicantHome.jsf</url-pattern>
        <url-pattern>/assessmentFinished.jsf</url-pattern>
        <url-pattern>/help.jsf</url-pattern>
        <url-pattern>/memberInfo.jsf</url-pattern>
        <url-pattern>/phrases1.jsf</url-pattern>
        <url-pattern>/phrases2.jsf</url-pattern>
        <url-pattern>/quotations1.jsf</url-pattern>
        <url-pattern>/quotations2.jsf</url-pattern>
    </web-resource-collection>
</security-constraint>
<security-constraint>
    <display-name>ReportsConstraint</display-name>
    <web-resource-collection>
        <web-resource-name>Pages</web-resource-name>
        <description/>
        <url-pattern>/reports.jsf</url-pattern>
        <url-pattern>/indReport.jsf</url-pattern>
        <url-pattern>/indReportResults.jsf</url-pattern>
        <url-pattern>/groupReport.jsf</url-pattern>
        <url-pattern>/cloneReport.jsf</url-pattern>
        <url-pattern>/home.jsf</url-pattern>
    </web-resource-collection>
</security-constraint>
<security-constraint>
    <display-name>AdministratorConstraints</display-name>
    <web-resource-collection>
        <web-resource-name>Pages</web-resource-name>
        <description/>
        <url-pattern>/admin.jsf</url-pattern>
        <url-pattern>/home.jsf</url-pattern>
        <url-pattern>/applicantHome.jsf</url-pattern>
        <url-pattern>/assessmentFinished.jsf</url-pattern>
        <url-pattern>/cloneBuilder.jsf</url-pattern>
        <url-pattern>/cloneBuilderMenu.jsf</url-pattern>
        <url-pattern>/cloneBuilderRangeEditor.jsf</url-pattern>
        <url-pattern>/cloneReport.jsf</url-pattern>
        <url-pattern>/cloneReport.jsf</url-pattern>
        <url-pattern>/groupReport.jsf</url-pattern>
        <url-pattern>/help.jsf</url-pattern>
        <url-pattern>/indReport.jsf</url-pattern>
        <url-pattern>/indReportResults.jsf</url-pattern>
        <url-pattern>/licenseManager.jsf</url-pattern>
        <url-pattern>/management.jsf</url-pattern>
        <url-pattern>/memberInfo.jsf</url-pattern>
        <url-pattern>/phrases1.jsf</url-pattern>
        <url-pattern>/phrases2.jsf</url-pattern>
        <url-pattern>/quotations1.jsf</url-pattern>
        <url-pattern>/quotations2.jsf</url-pattern>
        <url-pattern>/reports.jsf</url-pattern>
        <url-pattern>/userAdmin.jsf</url-pattern>
    </web-resource-collection>
</security-constraint>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>PerProUserAuth</realm-name>
    <form-login-config>
        <form-login-page>/index.jsf</form-login-page>
        <form-error-page>/index.jsf</form-error-page>
    </form-login-config>
</login-config>
<security-role>
    <description/>
    <role-name>Employee</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>Applicant</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>Administrator</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>Reports</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>Former Employee</role-name>
</security-role>

Answer 1

There's a tutorial here with a quote that may be relevant. 这里有一个教程，其中的引用可能是相关的。

Because security role mapping happens at deployment time, the default mapping must be turned on before the application is deployed. 由于安全角色映射是在部署时发生的，因此必须在部署应用程序之前打开默认映射。 To turn on the default mapping, choose Configuration -> Security in the admin console. 要打开默认映射，请在管理控制台中选择“配置”->“安全性”。 Click Enabled next to Default Principal to Role Mapping and Save. 单击“默认主体到角色映射和保存”旁边的“启用”。

Java容器管理的安全性不重定向到登录页面

问题描述

1 个解决方案

解决方案1
0 2011-12-27 01:38:58

Java容器管理的安全性不重定向到登录页面

问题描述

1 个解决方案

解决方案1 0 2011-12-27 01:38:58

解决方案1
0 2011-12-27 01:38:58