• Post Reply Bookmark Topic Watch Topic
  • New Topic

Confusing with JSF redirect

 
Andus Chan
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My JSF 2.0 web app is executed under a corporate portal (novell). I've a login page to get one HTTP header, and if found, it will be redirected to a restricted page inside. (using: home?faces-redirect=true)

However, the URL is like https://corporate.portal/MYAPP/home.xhtml. I don't know why it cannot show http://myserver/MYAPP/home.xhtml. How can JSF go to an absolute path after logged-in?

Another problem is that, whenever it redirects to another JSF page, the I.E. browser shows warning "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" I cannot control users' browser so I've already tried self-signed certificate on the server, but it is the same. How can JSF redirect to a home page in my server without showing the warning? (note: The web apps on the portal developed by .NET vendors do not have such problem!)

Thanks in advance!
 
Tim Holloway
Bartender
Posts: 18419
60
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, "home.xhtml" is a resource. The URL would more commonly be something like https://corporate.portal/MYAPP/home.jsf JSF (and Facelets) would then deconstruct the URL in order to locate the View resource, then employ that resource (home.xhtm) to construct the HTML page view.

You can redirect a URL to either an absolute or relative path. If you want to build an absolute path from a relative URL, you can use J2EE functions to get the components of the incoming request URL and steal the parts needed to make your outgoing URL absolute.

The message about "both secure and nonsecure items" has to do with the sub-URLs on the displayed page such as images, CSS and JavaScript. It's saying that at least one of them is "http" instead of "https". Since HTTP is a clear text protocol, a man-in-the-middle attacker could potentially replace the proper content with a malware-infected equivalent, thereby defeating the advantages of having sent the enclosing page via a secure protocol. This is not a JSF issue, it's an HTML page design issue.

 
Andus Chan
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't know the difference between these 2 kinds of code inside the backing bean. Will the first one goes to an absolute path, while the second one goes to relative path? Any other methods to do page redirect using JSF 2.0?



By the way, what's the major problem when I set the *.xhtml in the <url-pattern> of web.xml?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!