为什么我得到受保护的页面而不是登录页面? [英] why do i get the protected page instead of the login page?
问题描述
我正在使用JAAS保护我的Web应用程序.如标题所示,问题是我得到的主页位于受保护的文件夹中,而不是登录页面中.实际上,主页是我的欢迎页面.顺便说一句,当我在Web浏览器中写URL(/myappJaas/protected/admin/homeadmin.xhtml)时,它可以正常工作.这是web.xml文件:
I'm using JAAS to secure my web-application. As the title says, the problem is that i get the home page which is in the protected folder instead of the login page. Actually the home page is my welcome page. By the way, it works fine when i write the URL (/myappJaas/protected/admin/homeadmin.xhtml) in the web browser. This is the web.xml file:
<welcome-file-list>
<welcome-file>/protected/admin/homeadmin.xhtml</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>admins</web-resource-name>
<url-pattern>/protected/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/public/login.xhtml</form-login-page>
<form-error-page>/public/errorlogin.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
推荐答案
您误解了<welcome-file>
的目的.它应该代表目录默认索引文件的唯一文件名.当最终用户请求目录时,该文件将呈现给最终用户.然后,容器将透明地将配置的欢迎文件分派给最终用户,而无需发送重定向.但是,当前的URL仍处于公共领域.
You misunderstood the purpose of <welcome-file>
. It should represent the sole filename of the default index file of the directory. This file will be presented to the enduser when the enduser requests a directory. The container will then transparently dispatch the configured welcome file to the enduser without sending a redirect. However, the current URL is still in public domain.
您想发送一个完全有价值的重定向.您可以在过滤器中或在index.xhtml
欢迎文件中的<meta http-equiv="refresh">
中,或在与虚拟index.xhtml
欢迎文件相关联的托管bean的构造函数中执行此操作.
You want to send a fullworthy redirect instead. You could do that in a filter, or by a <meta http-equiv="refresh">
in the index.xhtml
welcome file, or in the constructor of the managed bean associated with the fictive index.xhtml
welcome file.
这篇关于为什么我得到受保护的页面而不是登录页面?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!