j_security_check url problem

Question

Hello

hope you can help me with this: I'm working with j_security_check and have this problem

I have a profile page that must be restricted to any unloged user, so i add a security constraint in the web.xml file and works fine if i try to access by adress bar, this show me the login page perfectly ok

now the problem is that: In my index page example:

http://localhost/mySite/index.xhtml

have a link

<h:commandLink action="user/Profile" />

this redirect me to profile page ok but the URL still the same

http://localhost/mySite/index.xhtml

so j_security_check don't show the login page as far as i've seen j_security_check works with url and jsf don't and if in the profile page press a link to ex:myImages then now the url says:

ex: http://localhost/mySite/user/Profile.xhtml

Why is this happend? is there anyway to fix this ?? Thanks in advance

an alternative i've been using is put a like

<a href="user/Profile.xhtml" >Profile</a>

this show me the login page but if i go to the index.xhtml and press profile this don't find the page because redirects me to:

ex: http://localhost/mySite/user/user/Profile.xhtml

Answer 1

<h:commandLink action="user/Profile" />

A h:commandLink and h:commandButton fires a HTTP POST request (by the h:form) to the current page which in turn forwards to the given resource.

You don't want to use POST for page-to-page navigation. It's not only bad user experience (URL doesn't change, unintuive behaviour when going back/forward in browser history), but also not SEO friendly (searchbots doesn't index POST).

You need to replace it by h:outputLink or, as you found out, by a simple <a> element if you don't need any JSF-ish features at all.

As to your last problem of going directed to the wrong URL (with duplicated path): this is solved when you use h:outputLink. JSF will then take the current context path into account.