As a part of a assignment we're supposed to implement a user login to restricted pages. Now I know that you're supposed to use j_security_check or configure security realms on your application server for this kind of problem but I was wondering whether it would pe possible to put the restricted xhtml-pages inside the WEB-INF folder and give access to these programatically via the application's own classes (controllers or managed beans), i.e. would it be possible to do something like this:
With a setup like this:
...Or will something like this not work at all?
I would appreciate any suggestions on better ways (maybe you can do this kind of thing directly inside a JSF 2 tag?) of solving this that doesn't involve hacking xml-files or setting up security realms and stuff like that.