JSF Directive

Similar Messages

• JSF Navigation and page access out-of-order issue

  I've been searching the web and the forums for an answer to what I thought would be at least a well-documented issue with JSF, but have been coming up empty. (which to me might mean its not an issue and just a lack of understanding on my part)
  Lets say I have two pages, one (license.jsf) that has a simple form that presents the user with a license agreement along with two commandButtons with actions "accept" and "decline".
  The other page is a landing page, lets call it "results.jsf" which the user gets navigated to should they choose to accept the license agreement.
  The problem I have is whats to stop a user from just typing in results.jsf. Granted my controller can store a value somewhere as to whether they have accepted the terms of the license and not display the content on the results.jsf page, but what I'd really like to do is intercept that initial request to results.jsf and redirect them to the license.jsf page.
  I can fathom a bunch of different "hacks" to make this work, but I'm really hoping that somebody knows of some more elegant solution for addressing this whether its in JSF directly or using some support framework like a SEAM or Spring(?) (I'm vaguely familiar with SEAM and I'm figuring since its got a workflow on the back end, its kinda hard to drop into the middle of a process flow, so maybe it addresses that some how). Or I'll happily take any suggested URL's to other threads/websites that offer advice on this subject.
  Thanks.

  Yes, I've tried that. It really is puzzling. I am also fighting the battle of the counters (trying to get them to stay centered, and (as mentioned in a separate post) trying to figure out why I have a duplicate entry in my RSS feed.
  I wonder if that problem is connected to this one?

• Getting 'taglib directive for "f" does not exist or TLD is not found'

  Hi,
  I'm using Eclipse 3.4 and when I open my JSF page in Eclipse, I'm getting red "x"'s next to my JSF directives. For example,
  <f:view>
  has a red "x" along the left margin and when I roll over it, it gives me the error, 'taglib directive for "f" does not exist or TLD is not found.' This is odd because I have the appropriate directives, including
  <%@ taglib uri="http://java.sun.com/jsf/core" prefix="f" %>
  at the top of my page. Strangely, the "<%@" portion appears in red. Does anyone know how I can get Eclipse to recognize the listed directives?
  Thanks, - Dave

  Hi, I went to the link
  http://java.sun.com/javaee/javaserverfaces/download.html
  but following the steps only got to a place where I could download JavaServer(TM) Faces Specification Maintainance Release -- jsf-1_1-mr-spec.pdf. I did not see anywhere on here where I could download the actual jsf-api.jar or jsf-impl.jar files.
  Any further clarification you can provide is appreciated, - Dave

• Wrong security configuration in web.xml

  Hi all
  I am developing an application with JDeveloper 10.1.3.3 using ADF-BC/JSF. I have followed the example of SRDemo and my .jspx files are located in two folders : public_html/app and public_html/pricelist/
  My application will have two user roles. The administrators who access everything and the users that need to access only the pages located in faces/app and get access denied mesages in all pricelist management pages.
  I have used file based security and defined users and roles in jaz-data.xml. I have also verified that the data in that file are correct using the isUserInRole() function.
  What I cannot get to work correctly is the security in the web.xml since the way I have it both users and admins are granted full access to the faces/app/pricelist pages.
  The security constrains on my web.xml look like this :
      <security-constraint>
          <web-resource-collection>
              <web-resource-name>PricelistData</web-resource-name>
              <description> Price list management pages</description>
              <url-pattern>faces/app/pricelist/*</url-pattern>           
          </web-resource-collection>
          <auth-constraint>
              <role-name>admin</role-name>
          </auth-constraint>
      </security-constraint>
      <security-constraint>
          <web-resource-collection>
              <web-resource-name>UserData</web-resource-name>
              <url-pattern>faces/app/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
              <role-name>user</role-name>
              <role-name>admin</role-name>
          </auth-constraint>
      </security-constraint>
      <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>jazn.com</realm-name>
      </login-config>
      <security-role>
          <role-name>user</role-name>
      </security-role>
      <security-role>
          <role-name>admin</role-name>
      </security-role>Can anyone tell me what am I doing wrong, or suggest anything else I should check ?
  Thanassis

  Well you're orion-application.xml file looks okay to me, and addition if the isUserInRole is returning proper values, it's hooked up correctly.
  (By the way, a useful bean/free piece of code to do just what you're doing is the JSF-Security scope as written by Duncan Mills on Sourceforge)
  As such I'd be looking at the security constraints URLs. You haven't by chance changed the url-pattern for the Faces Servlet? The default is this:
  <servlet-mapping>
      <servlet-name>Faces Servlet</servlet-name>
      <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>...and your url-patterns assumes it starts with faces. Note it is correct in your url-patten to not include a forward slash before faces in the security constraint.
  Another thing that springs to mind, when you navigate to the protected page through your menu structure, what URL do you see in the browser? Is it the URL of the page you came from, or the URL of the page you navigated to ... and in addition ..... another thing to try is in your browser, rather than navigating through your menu structure, go straight to the URL of the page. Does the login page then show?
  The reason I mention this is if you're using the default navigation style in JSF for JDev 10.1.3 (if memory serves me well, it's direct), the Servlet may not actually inforce your protected page navigation as the navigated-to page is never actually served by the Faces servlet to the JEE engine to enforce security. I think I had a b1tch about this issue in the following OTN Re: ER: JSF direct navigation ignores JAZN container based security. Could this be what you're hitting?
  As such try changing the navigation type to redirect.
  CM.

• Oracle ADF viewScope causing session size bloat

  As I'm sure you know, ADF introduces some additional scopes (pageFlowScope, viewScope and backingBeanScope) on top of the standard JSF ones. Our use of one of the ADF scopes, viewScope, appears to be causing our session size to bloat over time.
  Objects that are view scoped (e.g. our Backing Beans) are managed by ADF and appear to be put into the session in a org.apache.myfaces.trinidadinternal.application.StateManagerImpl$PageState object. The number of these objects in the session is equal to the org.apache.myfaces.trinidad.CLIENT_STATE_MAX_TOKENS in our web.xml configuration file.
  Once all of the tokens are ‘used up’, by navigating around the application, the oldest one of these objects is removed from the session and (should be) garbage collected at some point. However, the reclaim of this space is observed much later, after the session has expired. Because of this, when load testing the application we see the heap space usage gradually increasing, before causing the JVM to crash.
  The monitoring of the creation and destruction of our objects is done by adding log statements in the default constructor and in the finalize method (Which overrides the finalize method on object). The logging statements on object creation are seen when we would expect them, but the logging statements from the finalize method are only seen after session expiry. When a garbage collection is triggered using Oracle JRocket Mission Control we see the heap usage drop significantly, but don’t observe any logging from the finalize method calls.
  Does anyone have any thoughts on why the garbage collector might not be able to reclaim view scoped objects after they are removed from the session?
  Thanks in advance.
  P.S. I have already found VIEW SCOPE IS NOT RELEASING PROPERLY IN ADF which is a very closesly related thread, but unfortunately was not able to use the replies on there to resolve our issue. I've also posted this same question on Stack Overflow (http://stackoverflow.com/questions/13380151/lifetime-of-view-scoped-objects-oracle-adf). I'll try and update both threads if I find a solution.
  Edited by: 971217 on 14-Nov-2012 07:08

  Hi Frank,
  Thanks for your very useful reply. I've managed to recreate the problem today by doing the following.
  1. Create pageOne.jspx and pageTwo.jspx
  2. Create PageOneBB.java and PageTwoBB.java
  3. Register PageOneBB.java and PageTwoBB.java in the adfc-config.xml as view scoped managed beans.
  Then after building and deploying out to my Weblogic server I continue by doing the following:
  4. Open pageOne.jspx in a browser. Observe the constructor of pageOneBB being called and the correct default text being shown in the box. [Optional] Set the text value to a new string and click on the button.
  5. Get redirected to pageTwo.jspx. Observe the constructor of pageTwoBB being called and the correct default text being shown in the box. [Optional] Set the value to a new string and click on the button.
  6. Monitor the Weblogic server using Oracle JRocket Mission Control. Observe the large lists of booleans being created as expected (5,000,000 per click!).
  7. Note that this number is never reduced - even though the old view scoped beans should have been released for garbage collection.
  8. Repeat steps 4 and 5 until I see the Weblogic server crash due to a java.lang.OutOfMemoryError.
  9. Wait for all of the sessions to expire. I've set my session expiry to be 180s for the purpose of this test.
  10. After 180s observe the finalize method being called on all of the backing bean objects and the heap usage drop significantly.
  11. The server works again but the problem has been demonstrated in a reproducible way.
  adfc-config.xml
  <managed-bean>
      <managed-bean-name>pageOneBB</managed-bean-name>
      <managed-bean-class>presentation.adf.test.PageOneBB</managed-bean-class>
      <managed-bean-scope>view</managed-bean-scope>
  </managed-bean>
  <managed-bean>
      <managed-bean-name>pageTwoBB</managed-bean-name>
      <managed-bean-class>presentation.adf.test.PageTwoBB</managed-bean-class>
      <managed-bean-scope>view</managed-bean-scope>
  </managed-bean>
  pageOne.jspx
  <?xml version='1.0' encoding='utf-8?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
      xlmns:f="http://java.sun.com/jsf/core"
      xmlns:h="http://java.sun.com/jsf/html"
      xmlns:af="http://xmlns.oracle.com/adf/faces/rich"
      xmlns:c="http://java.sun.com/jsp/jstl/core" >
      <jsf:directive.page contentType="text/html;charset=UTF-8" />
      <f:view>
          <af:document id="t" title="Page One">
              <af:form>
                  <af:inputText id="pgOneIn" value="#{viewScope.pageOneBB.testData}" />
                  <af:commandButton id="pgOneButton" partialSubmit="true"
                      blocking="true" action="#{viewScope.pageOneBB.goToPageTwo}"
                      text="Submit" />
              </af:form>
          <af:document>
      </f:view>
  </jsp:root> pageTwo.jspx
  <?xml version='1.0' encoding='utf-8?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
      xlmns:f="http://java.sun.com/jsf/core"
      xmlns:h="http://java.sun.com/jsf/html"
      xmlns:af="http://xmlns.oracle.com/adf/faces/rich"
      xmlns:c="http://java.sun.com/jsp/jstl/core" >
      <jsf:directive.page contentType="text/html;charset=UTF-8" />
      <f:view>
          <af:document id="t" title="Page Two">
              <af:form>
                  <af:inputText id="pgTwoIn" value="#{viewScope.pageTwoBB.testData}" />
                  <af:commandButton id="pgTwoButton" partialSubmit="true"
                      blocking="true" action="#{viewScope.pageTwoBB.goToPageOne}"
                      text="Submit" />
              </af:form>
          <af:document>
      </f:view>
  </jsp:root> PageOneBB.java
  package presentation.adf.test;
  import java.io.IOException;
  import java.io.Serializable;
  import java.util.ArrayList;
  import java.util.List;
  import javax.faces.context.FacesContext;
  import org.apache.log4j.Logger;
  import logger.log4j.RuntimeConfigurableLogger;
  public class PageOneBB implements Serialiable
      /** Default serial version UID. */
      private static final long serialVersionUID = 1L;
      /** Page one default text. */
      private String pageOneData = "Page one default text";
      /** A list of booleans that will become large. */
      private List<Boolean> largeBooleanList = new ArrayList<Boolean>();
      /** The logger */
      private static final Logger LOG = RuntimeConfigurableLogger.gotLogger(PageOneBB.class);
      /** Default constructor for PageOneBB. */
      public PageOneBB()
          for (int i = 0; i < 5000000; i++)
              largeBooleanList.add(new Boolean(true));
          if (LOG.isTraceEnabled())
              LOG.trace("Constructor called on PageOneBB. This object has a hash code of " + this.hashCode());
      /** Method for redirecting to page two. */
      public void goToPageTwo()
          try
              FacesContext.getCurrentInstance().getExternalContext.redirect("pageTwo.jspx");
          catch (IOException e)
              e.printStackTrace();
      * {@inheritDoc}
      @Override
      protected void finalize() throws Exception
          if (LOG.isTraceEnabled())
              LOG.trace("Finalize method called on PageOneBB. This object has a hash code of " + this.hashCode());
      * Set the testData
      * @param testData
      *        The testData to set.
      public void setTestData(String testData)
          if (LOG.isTraceEnabled())
              LOG.trace("setTestData method called on PageOneBB with a parameter of " + testData);
          this.pageOneData = testData;
      * Get the testData
      * @return The testData.
      public String getTestData()
          if (LOG.isTraceEnabled())
              LOG.trace("getTestData method called on PageOneBB");
          return pageOneData;
  PageTwoBB.java
  package presentation.adf.test;
  import java.io.IOException;
  import java.io.Serializable;
  import java.util.ArrayList;
  import java.util.List;
  import javax.faces.context.FacesContext;
  import org.apache.log4j.Logger;
  import logger.log4j.RuntimeConfigurableLogger;
  public class PageTwoeBB implements Serialiable
      /** Default serial version UID. */
      private static final long serialVersionUID = 1L;
      /** Page one default text. */
      private String pageTwoData = "Page two default text";
      /** A list of booleans that will become large. */
      private List<Boolean> largeBooleanList = new ArrayList<Boolean>();
      /** The logger */
      private static final Logger LOG = RuntimeConfigurableLogger.gotLogger(PageTwoBB.class);
      /** Default constructor for PageTwoBB. */
      public PageTwoBB()
          for (int i = 0; i < 5000000; i++)
              largeBooleanList.add(new Boolean(true));
          if (LOG.isTraceEnabled())
              LOG.trace("Constructor called on PageTwoBB. This object has a hash code of " + this.hashCode());
      /** Method for redirecting to page one. */
      public void goToPageOne()
          try
              FacesContext.getCurrentInstance().getExternalContext.redirect("pageOne.jspx");
          catch (IOException e)
              e.printStackTrace();
      * {@inheritDoc}
      @Override
      protected void finalize() throws Exception
          if (LOG.isTraceEnabled())
              LOG.trace("Finalize method called on PageTwoBB. This object has a hash code of " + this.hashCode());
      * Set the testData
      * @param testData
      *        The testData to set.
      public void setTestData(String testData)
          if (LOG.isTraceEnabled())
              LOG.trace("setTestData method called on PageTwoBB with a parameter of " + testData);
          this.pageTwoData = testData;
      * Get the testData
      * @return The testData.
      public String getTestData()
          if (LOG.isTraceEnabled())
              LOG.trace("getTestData method called on PageTwoBB");
          return pageTwoData;
  }

• I want to display a jsf page directly.

  I want to display a jsf page directly. In my project I am using jsf frame work and we are using org.apache.myfaces.component.html.util.ExtensionsFilter to redirect the request to the login.jsf. please any one help me on this.

  my requirement is I have to display a jsf page which is there in the project directly, without going through login page. Right now Iif i am trying to open it in browser directly, it is redirecting to login.jsf. I have following 'extensionsFilter' content in web.xml
  <filter>
  <filter-name>extensionsFilter</filter-name>
  <filter-class>org.apache.myfaces.component.html.util.ExtensionsFilter</filter-class>
  <init-param>
  <param-name>uploadMaxFileSize</param-name>
  <param-value>100m</param-value>
  <description>Set the size limit for uploaded files.
  Format: 10 - 10 bytes
  10k - 10 KB
  10m - 10 MB
  1g - 1 GB
  </description>
  </init-param>
  <init-param>
  <param-name>uploadThresholdSize</param-name>
  <param-value>100k</param-value>
  <description>Set the threshold size - files
  below this limit are stored in memory, files above
  this limit are stored on disk.
  Format: 10 - 10 bytes
  10k - 10 KB
  10m - 10 MB
  1g - 1 GB
  </description>
  </init-param>
  </filter>
  <filter-mapping>
  <filter-name>extensionsFilter</filter-name>
  <url-pattern>*.jsf</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>extensionsFilter</filter-name>
  <url-pattern>/faces/*</url-pattern>
  </filter-mapping>

• JSF 2.0 page navigation vs direct page access

  I've been experimenting with JSF for some time now and I still don't understand the page navigation part. I know that in JSF, if you aren't using the redirect option in navigation that the URL is one page behind the page you are on.
  I've seen articles where people say you should put your pages in a directory under WEB-INF to protect against directly accessing the page. I don't understand how you can create an application that is multiple pages using that option, because won't you run into the problem of having a form with an action URL of WEB-INF/somepage.xhtml?
  I've also read articles that say the way to fix this is to add security-constraints to web.xml that prevent "direct access" to pages, when you want your user to follow a page flow, such as start on page1.xhtml, then page2.xthml, then end on page2.xhtml. If page3.xhtml depends on page2.xhtml, the articles I've read say that a security constraint prevents users from simply requesting page3.xhtml out of sequence.
  And what happens if the page you are on encounters an error or the session times out, which page handles that? The one you're on, or the one from before that forwarded you to the page you're on?
  In this example, should page2.xhtml and page3.xhtml go in the root of the webapps directory, or in a directory under WEB-INF?
  Webapps
    index.xhtml
    page1.xhtml
    page2.xhtml
    page3.xhtml
    WEB-INF
      faces-config.xml
      web.xml
      page-directory
        page2.xhtml
        page3.xhtml

  A session timeout should actually net a view expiry exception.
  You do know that JSF 2.0 made page navigation that bit easier by not requiring you to do the XML configuration? There is now a convention built in plus some new components to add GET enabled requests to the JSF lifecycle (notably h:button and h:link). If you have an action method that returns the following:
  public String doSomething(){
    return "something";
  }then JSF will by default want to render a view 'something.xhtml' when you don't define any navigation rules. If you want to make that a redirect you can do this:
  public String doSomething(){
    return "something?faces-redirect";
  }(of course this is a prime target to turn into a utility method on a backing bean base class).
  Navigation rules are still necessary when you want to put views in a subdirectory, but at least this way you can greatly simplify general cases. Other than that I can only say: research research research because this material is vital to understand if you want to be productive using the framework; navigation and the 6 JSF lifecycle phases are two items you should put on the top of your list to hammer out until you really get it. A good JSF book will help you immensely there. Balusc's blog is also a good source of deeper understanding:
  http://balusc.blogspot.com/
  Most of his articles are on JSF 1.2 but most of the information still applies.
  Oh and its no surprise that you're a bit confused - this framework is not easy to pick up especially when you don't know any other web frameworks. If you keep running into a wall you should consider checking out something else like Wicket or Play framework. It might just be that JSF simply isn't the tool for the job you're trying to do.

• JSF 2.0 - ADF Direction

  Can any Oracle people provide information about the direction/roadmap/plan for ADF and JSF 2 support?
  Actually ADF supports just JSF 1.2, right?
  Thks in advance

  Hi,
  It's impressive how http://forums.oracle.com/forums/search.jspa?objID=f83&q=JSF+2.0 gave the following result:
  Re: JSF 2 - JDeveloper Direction
  Regards,
  ~ Simon

• JSF restricting direct URL access

  I have created a servlet that checks to see if the user is logged in and hidden it in a .jspf and included that fragment into each page. It seems to work ok in most pages but.....
  If I have a page that contains selectOne lists that are populated via another managed bean. The program seems to be trying to process out the entire page before the redirect occurs, and if the list is based on a logged in user I of course am getting a nullpointer exception.
  My question is: Is there a way to short-curcuit the JSF lifecycle based on the fragment. If the user is not logged in I do not want the lifecycle to continue but to redirect to the logon screen.
  Any ideas will be appreciated. If anyone knows of a better way by all means let me know. This is the first major JSF project I have been involved with.
  Thanks,
  Thom

  Hi Suvidha,
  thanks for your reply. Indeed I tried using this technique already. On our project we are using this to send links in Emails. This way the user can directly access all information in CRM.
  For the interested reader: SAP has at least some documentation on this one. It is freely available form the [Service Market Place|https://websmp203.sap-ag.de/crm-inst]. [DirectLink|https://websmp203.sap-ag.de/~sapdownload/011000358700001715762008E/Cookbook_Ex_Comp_CRM2007.pdf]
  Anyhow, the result for me can be described as rather odd:
  - WebClient opens in a new session. --> Logon necessary
  - WebClient opens not just the single component, but the whole UI Frame. Meaning: NavBar, WorkArea, Header, BreadCrumbs, MessageArea
  - As I tried to put the result into a DIV, it rendered not as 800*600 as statically specified but as some thumbnail
  What I do need is just the component as the test in the component workbench does open it. It has to be same session.
  I got a little spare time today so I guess I will start fiddling around again. My best guess is, that I can somehow initialize a component usage and then open it via a bsp call an a page with flow logic. For this it is no problem to get a URL
  cheers Carsten

• How to get security roles in a JSF portlet

  I need to get the LDAP user-roles available in the Sun Portal Server 7 in my JSF-168 portlet.
  I've added the mapping file, updated the portlet.xml and web.xml, deployed the portlet (psconsole). But the portlet shows the "content not available" error with javax....title title.
  I've probably messed up the descriptors, but I don't see what is wrong. Here they are:
  roleMaps.properties
  cn\=VSM.Administrator,dc\=neco,dc\=cz=Administrator
  web.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <web-app version="2.4">
    <context-param>
      <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
      <param-value>server</param-value>
    </context-param>
    <context-param>
      <param-name>javax.faces.CONFIG_FILES</param-name>
      <param-value>/WEB-INF/navigation.xml,/WEB-INF/managed-beans.xml</param-value>
    </context-param>
    <context-param>
      <param-name>com.sun.faces.validateXml</param-name>
      <param-value>true</param-value>
    </context-param>
    <context-param>
      <param-name>com.sun.faces.verifyObjects</param-name>
      <param-value>false</param-value>
    </context-param>
    <filter>
      <filter-name>UploadFilter</filter-name>
      <filter-class>com.sun.rave.web.ui.util.UploadFilter</filter-class>
      <init-param>
        <description>
            The maximum allowed upload size in bytes.  If this is set
            to a negative value, there is no maximum.  The default
            value is 1000000.
          </description>
        <param-name>maxSize</param-name>
        <param-value>1000000</param-value>
      </init-param>
      <init-param>
        <description>
            The size (in bytes) of an uploaded file which, if it is
            exceeded, will cause the file to be written directly to
            disk instead of stored in memory.  Files smaller than or
            equal to this size will be stored in memory.  The default
            value is 4096.
          </description>
        <param-name>sizeThreshold</param-name>
        <param-value>4096</param-value>
      </init-param>
    </filter>
    <filter-mapping>
      <filter-name>UploadFilter</filter-name>
      <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>
    <servlet>
      <servlet-name>Faces Servlet</servlet-name>
      <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
      <servlet-name>ExceptionHandlerServlet</servlet-name>
      <servlet-class>com.sun.errorhandler.ExceptionHandler</servlet-class>
      <init-param>
        <param-name>errorHost</param-name>
        <param-value>localhost</param-value>
      </init-param>
      <init-param>
        <param-name>errorPort</param-name>
        <param-value>25444</param-value>
      </init-param>
    </servlet>
    <servlet>
      <servlet-name>ThemeServlet</servlet-name>
      <servlet-class>com.sun.rave.web.ui.theme.ThemeServlet</servlet-class>
    </servlet>
    <servlet>
      <description>Generated By Sun Java Studio Creator</description>
      <display-name>CreatorPortlet Wrapper</display-name>
      <servlet-name>VSMPortal</servlet-name>
      <servlet-class>org.apache.pluto.core.PortletServlet</servlet-class>
      <init-param>
        <param-name>portlet-class</param-name>
        <param-value>com.sun.faces.portlet.FacesPortlet</param-value>
      </init-param>
      <init-param>
        <param-name>portlet-guid</param-name>
        <param-value>VSMPortal.VSMPortal</param-value>
      </init-param>
    </servlet>
    <servlet-mapping>
      <servlet-name>ExceptionHandlerServlet</servlet-name>
      <url-pattern>/error/ExceptionHandler</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>ThemeServlet</servlet-name>
      <url-pattern>/theme/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>VSMPortal</servlet-name>
      <url-pattern>/VSMPortal/*</url-pattern>
    </servlet-mapping>
    <welcome-file-list>
      <welcome-file>faces/null</welcome-file>
    </welcome-file-list>
    <error-page>
      <exception-type>javax.servlet.ServletException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <error-page>
      <exception-type>java.io.IOException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <error-page>
      <exception-type>javax.faces.FacesException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <error-page>
      <exception-type>com.sun.rave.web.ui.appbase.ApplicationException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <jsp-config>
      <jsp-property-group>
        <url-pattern>*.jspf</url-pattern>
        <is-xml>true</is-xml>
      </jsp-property-group>
    </jsp-config>
       <security-role>
            <role-name>Administrator</role-name>
       </security-role>          
  </web-app>
  portlet.xml
  <?xml version='1.0' encoding='UTF-8' ?>
  <portlet-app xmlns='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd                         http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' version='1.0'>
       <portlet>
            <description>Created By Java Studio Creator</description>
            <portlet-name>VSMPortal</portlet-name>
            <display-name>VSMPortal Portlet</display-name>
            <portlet-class>com.sun.faces.portlet.FacesPortlet</portlet-class>
            <init-param>
                 <name>com.sun.faces.portlet.INIT_VIEW</name>
                 <value>/Uctarna.jsp</value>
            </init-param>
            <expiration-cache>0</expiration-cache>
            <supports>
                 <mime-type>text/html</mime-type>
                 <portlet-mode>VIEW</portlet-mode>
            </supports>
            <supported-locale>en</supported-locale>
            <portlet-info>
                 <title>VSMPortal</title>
                 <short-title>VSMPortal</short-title>
                 <keywords>Creator</keywords>
            </portlet-info>
            <security-role-ref>
                 <role-name>Administrator</role-name>
                 <role-link>Administrator</role-link>
            </security-role-ref>          
       </portlet>
  </portlet-app>If I don't use the security-role and security-role-ref tags, the portlet works, and the isUserInRole method obviously doesn't.

  Nobody uses the LDAP roles in a portlet? Anybody knows other thread discussing similar issue (I can't find anything)?

• Can't reference methods in a Bean from a Composite JSF Component.

  I have the following composite component TestCC.xhtml:
  <html xmlns="http://www.w3.org/1999/xhtml" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html"
  xmlns:cc="http://java.sun.com/jsf/composite" xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
  <cc:interface>
  <cc:attribute name="manager" method-signature="java.lang.String helloTest()" required="true"/>
  </cc:interface>
  <cc:implementation>
  Hello #{cc.attrs.manager} !!!!!!!!!!!!!!!!!!!!!
  </cc:implementation>
  </html>
  When I try to call it in a JSFF file:
  <?xml version='1.0' encoding='UTF-8'?>
  <ui:composition xmlns:ui="http://java.sun.com/jsf/facelets"
  xmlns:af="http://xmlns.oracle.com/adf/faces/rich"
  xmlns:f="http://java.sun.com/jsf/core"
  xmlns:icc="http://java.sun.com/jsf/composite/IchipComponent">
  <icc:TestCC manager="#{viewScope.PatientClinicalBean.helloTest}"/>
  The page crashes at my composite tag with the following message in the console:
  javax.el.ELException: //C:/Documents and Settings/tlam/Application Data/JDeveloper/system11.1.2.3.39.62.76.1/o.j2ee/drs/iCHIP/ViewControllerWebApp.war/WEB-INF/classes/META-INF/resources/IchipComponent/TestCC.xhtml: javax.el.PropertyNotFoundException: //C:/Documents and Settings/tlam/Application Data/JDeveloper/system11.1.2.3.39.62.76.1/o.j2ee/drs/iCHIP/ViewControllerWebApp.war/Patient/Profile/Clinical.jsff @13,86 manager="#{viewScope.PatientClinicalBean.helloTest}": The class 'patient.profile.PatientClinicalBean' does not have the property 'helloTest'.
  But my managed bean does have a public String helloTest() method, as well as other methods that work fine elsewhere in my JSFF page:
  public class PatientClinicalBean{
  String test = "TESTING";
  public String helloTest() {
  return test;
  I have tried this many times with different methods, all with the same result. Yet if my composite component outputs just a string and I enter the expression <icc:TestCC manager="#{viewScope.PatientClinicalBean.test}"/> to access the String test field directly it executes properly. I can't seem to reference any of the methods in PatientClinicalBean from only my composite component, when other method calls work fine in the same JSFF page. All other examples I've seen on the web have no problems doing this the same way I have, am I missing something?!
  Edited by: tnology on 24-Oct-2012 14:13
  Edited by: tnology on 24-Oct-2012 14:14
  Edited by: tnology on 24-Oct-2012 14:16

  What if you change the method in the class like this?
  public String getHelloTest() {
    return test;
  }If you attempt to read a property call abc from a bean, you need to have a method called getAbc(). If you attempt to set a property called abc, you need to have a method called setAbc(...). This is JavaBeans convention.

• I can't view dataTable in JSF

  Hi, anyone who can help me with java server faces, i want to put data from a resultset to dataTable, i made everithing but my table is not visible.
  My code is:
  <?xml version='1.0' encoding='windows-1252'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:f="http://java.sun.com/jsf/core">
  <jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
  doctype-system="http://www.w3.org/TR/html4/loose.dtd"
  doctype-public="-//W3C//DTD HTML 4.01 Transitional//EN"/>
  <jsp:directive.page contentType="text/html;charset=windows-1252"/>
  <f:view>
  <html>
  <head>
  <meta http-equiv="Content-Type"
  content="text/html; charset=windows-1252"/>
  <title>Consultas</title>
  </head>
  <body><h:form binding="#{backing_Consultas.form1}" id="form1">
  <h:commandButton value="commandButton1"
  binding="#{backing_Consultas.commandButton1}"
  id="commandButton1"
  action="#{backing_Consultas.commandButton1_action}"/>
  </p>
  <p>
  <h:dataTable border="1" var="#{backing_Consultas.dataTable1}"
  id="dataTable1">
  <h:column binding="#{backing_Consultas.column1}"/>
  <h:column binding="#{backing_Consultas.column2}"/>
  <h:column binding="#{backing_Consultas.column3}"/>
  <h:column binding="#{backing_Consultas.column4}"/>
  </h:dataTable>
  </h:form></body>
  </html>
  </f:view>
  <!--oracle-jdev-comment:auto-binding-backing-bean-name:backing_Consultas-->
  </jsp:root>
  This es a JSPX page.
  Please any idea
  thanks
  alex

  Try to disable the hardware acceleration in the Flash Player.
  See [[Cannot view full screen Flash videos]]
  Flash "Display settings" window:
  * http://www.macromedia.com/support/documentation/en/flashplayer/help/help01.html

• Facelets and jsf-extensions problem.

  I'm fairly certain I've run into a problem between facelets and jsf-extensions. I'm working with JSF 1.2 RI, Woodstock, Facelets 1.1.13, on Tomcat 6.
  When trying to get Woodstock autoValidation to work I get a javascript error the "I has no properties". The error occurs in the com_sun_faces_ajax.js file in the jsf-extensions-dynamic-faces-0.1.jar (I've used both the RC4 and a build today ,10/18/07 from source with the same results). Here is the code snippet where it happens (with my comment).
  var I = G.getElementsByTagName("components")[0];
  var C = I.getElementsByTagName("render");
  for(var F = 0; F < C.length; F++) {
  In the second line there it looks like the variable I is null, but based on the post response below I don't know why.
  The response from the post looks like this:
  <partial-response><components><render id="PayableForm:vendorGci"><markup><![CDATA[{"valid":true,"id":"PayableForm:vendorGci"}]]></markup></render></components>
  However the server side code (validation method) never gets executed. I'm willing to do some digging and debug work, but I'd need to be pointed in the right direction.
  The following is more potentially useful code snippets.
  Here is the textField code:
  <w:form id="PayableForm">
  <w:textField style="display:none;" />
  <w:message for="vendorGci" />
  <w:label id="vendorGciLabel" for="vendorGci" text="Vendor: " />
  <w:textField id="vendorGci" autoValidate="true"
  text="${vendorBean.searchGci}" maxlength="8" required="true"
  validatorExpression="#{ vendorBean.validateVendor}" />
  Here is the javascript in the page (the init function is called from the body: onLoad="setTimeout('init();', 0);" , this does happen):
  <w:script type="text/javascript">
  function VendorListener(){
  function VendorNotify(props){
  alert("VendorNotify called!"); <--------------- I never see this alert message
  if ( props.id != "PayableForm:vendorGci") { return; }
  var field = document.getElementById("PayableForm:vendorGciLabel");
  field.setProps({
  valid: props.valid
  VendorListener.prototype.notify = VendorNotify;
  function initAccountRows(){
  var table = document.getElementById("PayableForm:vendorAccountTable");
  table.initAllRows();
  function init(){
  initAccountRows();
  var listener = new VendorListener();
  dojo.subscribe(
  webui.suntheme.widget.textField.event.validation.endTopic ,
  listener, listener.notify);
  Here is the validator method. It currently doesn't do anything, just trying to get something to work. I never see the output, and I never hit the breakpoint in the method.
  public void validateVendor(FacesContext context, UIComponent comp, Object value){
  System.out.println("**********************************");
  System.out.println("validateVendor called");
  System.out.println(value);
  System.out.println("**********************************");
  }

  Actually I don't need a global variable. I need to refer in my included template the actual backing bean used in the current page. As all my backing bean extends a abstract class I could bind my component to a property of the current backing bean, no matters which one. Just like a polymorphic call but without the parameter. Let's imagine I could get this object of the facesContext object I would be able to do:
  <rich:datascroller renderIfSinglePage="false" align="right" for="listagem" maxPages="12" fastStep="10"
  pageIndexVar="pageIndex" pagesVar="pages" stepControls="show" fastControls="hide" boundaryControls="show"
  inactiveStyleClass="paginacaoInativa" selectedStyleClass="paginacaoSelecionada"
  styleClass="paginacao" tableStyleClass="paginacaoTabela"
  binding="#{facesContext.currentBackingbean.formDataScroller}" id="paginacao">
  Instead of pass the backing bean to the ui:param of this template... Dou you get the point?

• Unable to open local file using af:goLink and anchor link in JSF page.

  Hi,
  I want to open a file at a perticular location on client machine. I am using af:goLink to openg the file. But when i tried to click on the link it is not opening the file. If i give any other value like name of other site, it opens the link. It is not giving any exception also. I tried by puting notmal HTML anchor link. That is also not working. But if i put this anchor link in normal HTML page, it works.
  Following is the JSPX page that i have created. Here c:\dmmsi.log is a temp file on my local system.
  <?xml version='1.0' encoding='windows-1252'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:f="http://java.sun.com/jsf/core"
  xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
  <jsp:directive.page contentType="text/html;charset=windows-1252"/>
  <f:view>
  <af:document title="File Upload">
  <af:form usesUpload="true">
  File Uploader Test
  <af:inputFile label="Input File" autoSubmit="true"/>
  <af:spacer height="20" width="50"/>
  <af:goLink targetFrame="_new" destination="file:///c:/dmmsi.log" text="Test"/>
  <af:spacer height="20" width="50"/>
  <!--a id="you" href="c:\dmmsi.log" target="_new">Open File</a-->
  </af:form>
  </af:document>
  </f:view>
  </jsp:root>
  HTML Page i tried using anchor link
  <html>
  <body>
  <form>
  Please specify a file from your local machine</b>
  <input name="file" type="file" onblur="document.forms[0].hello.value = document.forms[0].file.value; document.getElementById('you').innerHTML =document.forms[0].file.value; document.getElementById('you').href = 'file://'+document.forms[0].file.value;">
  <br><br>
  <input type="text" name="hello" value="">
  <br><br>
  <!-- a id="you" href="c:\dmmsi.log" target="_new">Click Me to Open file< / a -->
  </form>
  </body>
  </html>
  (Note: Please remove the comments that i have added in creating anchor link. I was facing some issue in putting my code in this editor. It was creating the HTML link when i see the preview.)
  I hope you will be able to reproduce my problem.
  Sujay

  What version of IE are you using? IIRC, IE 7 is supposed to prompt you. ("The web site is attempting to open a page in your Trusted Zone. This can let hax0rs pwnz0r you. Continue?" or something to that effect.)
  If you use the verbatim tags, do you get an actual error message? That might help diagnose the problem.

• Using container managed form-based security in JSF

  h1. Using container managed, form-based security in a JSF web app.
  A Practical Solution
  h2. {color:#993300}*But first, some background on the problem*{color}
  The Form components available in JSF will not let you specify the target action, everything is a post-back. When using container security, however, you have to specifically submit to the magic action j_security_check to trigger authentication. This means that the only way to do this in a JSF page is to use an HTML form tag enclosed in verbatim tags. This has the side effect that the post is not handled by JSF at all meaning you can't take advantage of normal JSF functionality such as validators, plus you have a horrible chimera of a page containing both markup and components. This screws up things like skinning. ([credit to Duncan Mills in this 2 years old article|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form&more=1&c=1&tb=1&pb=1]).
  In this solution, I will use a pure JSF page as the login page that the end user interacts with. This page will simply gather the input for the username and password and pass that on to a plain old jsp proxy to do the actual submit. This will avoid the whole problem of having to use verbatim tags or a mixture of JSF and JSP in the user view.
  h2. {color:#993300}*Step 1: Configure the Security Realm in the Web App Container*{color}
  What is a container? A container is basically a security framework that is implemented directly by whatever app server you are running, in my case Glassfish v2ur2 that comes with Netbeans 6.1. Your container can have multiple security realms. Each realm manages a definition of the security "*principles*" that are defined to interact with your application. A security principle is basically just a user of the system that is defined by three fields:
  - Username
  - Group
  - Password
  The security realm can be set up to authenticate using a simple file, or through JDBC, or LDAP, and more. In my case, I am using a "file" based realm. The users are statically defined directly through the app server interface. Here's how to do it (on Glassfish):
  1. Start up your app server and log into the admin interface (http://localhost:4848)
  2. Drill down into Configuration > Security > Realms.
  3. Here you will see the default realms defined on the server. Drill down into the file realm.
  4. There is no need to change any of the default settings. Click the Manage Users button.
  5. Create a new user by entering username/password.
  Note: If you enter a group name then you will be able to define permissions based on group in your app, which is much more usefull in a real app.
  I entered a group named "Users" since my app will only have one set of permissions and all users should be authenticated and treated the same.
  That way I will be able to set permissions to resources for the "Users" group that will apply to all users that have this group assigned.
  TIP: After you get everything working, you can hook it all up to JDBC instead of "file" so that you can manage your users in a database.
  h2. {color:#993300}*Step 2: Create the project*{color}
  Since I'm a newbie to JSF, I am using Netbeans 6.1 so that I can play around with all of the fancy Visual Web JavaServer Faces components and the visual designer.
  1. Start by creating a new Visual Web JSF project.
  2. Next, create a new subfolder under your web root called "secure". This is the folder that we will define a Security Constraint for in a later step, so that any user trying to access any page in this folder will be redirected to a login page to sign in, if they haven't already.
  h2. {color:#993300}*Step 3: Create the JSF and JSP files*{color}
  In my very simple project I have 3 pages set up. Create the following files using the default templates in Netbeans 6.1:
  1. login.jsp (A Visual Web JSF file)
  2. loginproxy.jspx (A plain JSPX file)
  3. secure/securepage.jsp (A Visual Web JSF file... Note that it is in the sub-folder named secure)
  Code follows for each of the files:
  h3. {color:#ff6600}*First we need to add a navigation rule to faces-config.xml:*{color}
      <navigation-rule>
  <from-view-id>/login.jsp</from-view-id>
          <navigation-case>
  <from-outcome>loginproxy</from-outcome>
  <to-view-id>/loginproxy.jspx</to-view-id>
          </navigation-case>
      </navigation-rule>
  NOTE: This navigation rule simply forwards the request to loginproxy.jspx whenever the user clicks the submit button. The button1_action() method below returns the "loginproxy" case to make this happen.
  h3. {color:#ff6600}*login.jsp -- A very simple Visual Web JSF file with two input fields and a button:*{color}
  <?xml version="1.0" encoding="UTF-8"?>
  <jsp:root version="2.1"
  xmlns:f="http://java.sun.com/jsf/core"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:jsp="http://java.sun.com/JSP/Page"
  xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
      <jsp:directive.page
  contentType="text/html;charset=UTF-8"
  pageEncoding="UTF-8"/>
      <f:view>
          <webuijsf:page
  id="page1">
  <webuijsf:html id="html1">
  <webuijsf:head id="head1">
  <webuijsf:link id="link1"
  url="/resources/stylesheet.css"/>
  </webuijsf:head>
  <webuijsf:body id="body1" style="-rave-layout: grid">
  <webuijsf:form id="form1">
  <webuijsf:textField binding="#{login.username}"
  id="username" style="position: absolute; left: 216px; top:
  96px"/>
  <webuijsf:passwordField binding="#{login.password}" id="password"
  style="left: 216px; top: 144px; position: absolute"/>
  <webuijsf:button actionExpression="#{login.button1_action}"
  id="button1" style="position: absolute; left: 216px; top:
  216px" text="GO"/>
  </webuijsf:form>
  </webuijsf:body>
  </webuijsf:html>
          </webuijsf:page>
      </f:view>
  </jsp:root>h3. *login.java -- implent the
  button1_action() method in the login.java backing bean*
      public String button1_action() {
          setValue("#{requestScope.username}",
  (String)username.getValue());
  setValue("#{requestScope.password}", (String)password.getValue());
          return "loginproxy";
      }h3. {color:#ff6600}*loginproxy.jspx -- a login proxy that the user never sees. The onload="document.forms[0].submit()" automatically submits the form as soon as it is rendered in the browser.*{color}
  {code}
  <?xml version="1.0" encoding="UTF-8"?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
  version="2.0">
  <jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
  doctype-system="http://www.w3.org/TR/html4/loose.dtd"
  doctype-public="-W3CDTD HTML 4.01 Transitional//EN"/>
  <jsp:directive.page contentType="text/html"
  pageEncoding="UTF-8"/>
  <html>
  <head> <meta
  http-equiv="Content-Type" content="text/html;
  charset=UTF-8"/>
  <title>Logging in...</title>
  </head>
  <body
  onload="document.forms[0].submit()">
  <form
  action="j_security_check" method="POST">
  <input type="hidden" name="j_username"
  value="${requestScope.username}" />
  <input type="hidden" name="j_password"
  value="${requestScope.password}" />
  </form>
  </body>
  </html>
  </jsp:root>
  {code}
  h3. {color:#ff6600}*secure/securepage.jsp -- A simple JSF{color}
  target page, placed in the secure folder to test access*
  {code}
  <?xml version="1.0" encoding="UTF-8"?>
  <jsp:root version="2.1"
  xmlns:f="http://java.sun.com/jsf/core"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
  <jsp:directive.page
  contentType="text/html;charset=UTF-8"
  pageEncoding="UTF-8"/>
  <f:view>
  <webuijsf:page
  id="page1">
  <webuijsf:html id="html1">
  <webuijsf:head id="head1">
  <webuijsf:link id="link1"
  url="/resources/stylesheet.css"/>
  </webuijsf:head>
  <webuijsf:body id="body1" style="-rave-layout: grid">
  <webuijsf:form id="form1">
  <webuijsf:staticText id="staticText1" style="position:
  absolute; left: 168px; top: 144px" text="A Secure Page"/>
  </webuijsf:form>
  </webuijsf:body>
  </webuijsf:html>
  </webuijsf:page>
  </f:view>
  </jsp:root>
  {code}
  h2. {color:#993300}*_Step 4: Configure Declarative Security_*{color}
  This type of security is called +declarative+ because it is not configured programatically. It is configured by declaring all of the relevant parameters in the configuration files: *web.xml* and *sun-web.xml*. Once you have it configured, the container (application server and java framework) already have the implementation to make everything work for you.
  *web.xml will be used to define:*
  - Type of security - We will be using "form based". The loginpage.jsp we created will be set as both the login and error page.
  - Security Roles - The security role defined here will be mapped (in sun-web.xml) to users or groups.
  - Security Constraints - A security constraint defines the resource(s) that is being secured, and which Roles are able to authenticate to them.
  *sun-web.xml will be used to define:*
  - This is where you map a Role to the Users or Groups that are allowed to use it.
  +I know this is confusing the first time, but basically it works like this:+
  *Security Constraint for a URL* -> mapped to -> *Role* -> mapped to -> *Users & Groups*
  h3. {color:#ff6600}*web.xml -- here's the relevant section:*{color}
  {code}
  <security-constraint>
  <display-name>SecurityConstraint</display-name>
  <web-resource-collection>
  <web-resource-name>SecurePages</web-resource-name>
  <description/>
  <url-pattern>/faces/secure/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  <http-method>HEAD</http-method>
  <http-method>PUT</http-method>
  <http-method>OPTIONS</http-method>
  <http-method>TRACE</http-method>
  <http-method>DELETE</http-method>
  </web-resource-collection>
  <auth-constraint>
  <description/>
  <role-name>User</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name/>
  <form-login-config>
  <form-login-page>/faces/login.jsp</form-login-page>
  <form-error-page>/faces/login.jsp</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description/>
  <role-name>User</role-name>
  </security-role>
  {code}
  h3. {color:#ff6600}*sun-web.xml -- here's the relevant section:*{color}
  {code}
  <security-role-mapping>
  <role-name>User</role-name>
  <group-name>Users</group-name>
  </security-role-mapping>
  {code}
  h3. {color:#ff6600}*Almost done!!!*{color}
  h2. {color:#993300}*_Step 5: A couple of minor "Gotcha's"_ *{color}
  h3. {color:#ff6600}*_Gotcha #1_*{color}
  You need to configure the "welcome page" in web.xml to point to faces/secure/securepage.jsp ... Note that there is *_no_* leading / ... If you put a / in there it will barf all over itself .
  h3. {color:#ff6600}*_Gotcha #2_*{color}
  Note that we set the <form-login-page> in web.xml to /faces/login.jsp ... Note the leading / ... This time, you NEED the leading slash, or the server will gag.
  *DONE!!!*
  h2. {color:#993300}*_Here's how it works:_*{color}
  1. The user requests the a page from your context (http://localhost/MyLogin/)
  2. The servlet forwards the request to the welcome page: faces/secure/securepage.jsp
  3. faces/secure/securepage.jsp has a security constraint defined, so the servlet checks to see if the user is authenticated for the session.
  4. Of course the user is not authenticated since this is the first request, so the servlet forwards the request to the login page we configured in web.xml (/faces/login.jsp).
  5. The user enters username and password and clicks a button to submit.
  6. The button's action method stores away the username and password in the request scope.
  7. The button returns "loginproxy" navigation case which tells the navigation handler to forward the request to loginproxy.jspx
  8. loginproxy.jspx renders a blank page to the user which has hidden username and password fields.
  9. The hidden username and password fields grab the username and password variables from the request scope.
  10. The loginproxy page is automatically submitted with the magic action "j_security_check"
  11. j_security_check notifies the container that authentication needs to be intercepted and handled.
  12. The container authenticates the user credentials.
  13. If the credentials fail, the container forwards the request to the login.jsp page.
  14. If the credentials pass, the container forwards the request to *+the last protected resource that was attempted.+*
  +Note the last point! I don't know how, but no matter how many times you fail authentication, the container remembers the last page that triggered authentication and once you finally succeed the container forwards your request there!!!!+
  +The user is now at the secure welcome page.+
  If you have read this far, I thank you for your time, and I seriously question your ability to ration your time pragmatically.
  Kerry Randolph

  If you want login security on your web app, this is one way to do it. (the easiest way i have seen).
  This method allows you to create a custom login form and error page using JSF.
  The container handles the actual authentication and protection of the resources based on what you declare in web.xml and sun-web.xml.
  This example uses a statically defined user/password, stored in a file, but you can also configure JDBC realm in Glassfish, so that that users can register for access and your program can store the username/passwrod in a database.
  I'm new to programming, so none of this may be a good practice, or may not be secure at all.
  I really don't know what I'm doing, but I'm learning, and this has been the easiest way that I have found to add authentication to a web app, without having to write the login modules yourself.
  Another benefit, and I think this is key ***You don't have to include any extra code in the pages that you want to protect*** The container manages this for you, based on the constraints you declare in web.xml.
  So basically you set it up to protect certain folders, then when any user tries to access pages in that folder, they are required to authenticate.
  --Kerry