We Keep Coding

Wrong target URL

I've configured my project to load at this URL:
http://localhost:7101/foo/rs/user/home
However, when I deploy the application through JDeveloper I can see this in the Debugging: IntegratedWebLogicServer tab within the IDE:
Target Application WADL -- http://localhost:7101/foo/application.wadl
Target URL -- http://localhost:7101/foo/user/home
Note the /rs part is missing. It's mostly cosmetic (the site loads correctly in the browser when you use the correct URL) but, apart from confusing, it might be a symptom of some configuration issue. Where does JDeveloper get this URL from?
These are some of the hopefully relevant settings:
\ViewController\ViewController.jpr
<hash n="oracle.jdeveloper.model.J2eeSettings">
<value n="j2eeWebAppName" v="Foo-ViewController-webapp"/>
<value n="j2eeWebContextRoot" v="foo"/>
</hash>
ViewController\public_html\WEB-INF\web.xml
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>jersey</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>com.example.foo.view.rest</param-value>
</init-param>
<init-param>
<param-name>jersey.config.server.mvc.templateBasePath.jsp</param-name>
<param-value>/WEB-INF/jsp</param-value>
</init-param>
<init-param>
<param-name>jersey.config.server.provider.classnames</param-name>
<param-value>org.glassfish.jersey.media.multipart.MultiPartFeature, org.glassfish.jersey.server.mvc.jsp.JspMvcFeature</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey</servlet-name>
<url-pattern>/rs/*</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>js</extension>
<mime-type>application/javascript</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Jersey resources</web-resource-name>
<url-pattern>/rs/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
<ejb-local-ref>
<ejb-ref-name>ejb/FooEJB</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
<local>com.example.foo.model.FooEJB</local>
<ejb-link>FooEJB</ejb-link>
</ejb-local-ref>
<listener>
<listener-class>com.example.foo.view.listeners.SessionListener</listener-class>
</listener>
</web-app>
com.example.foo.view.rest.UserService
package com.example.foo.view.rest;
import org.glassfish.jersey.server.mvc.Viewable;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.security.RolesAllowed;
import javax.naming.NamingException;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
#Path("user")
#RolesAllowed("valid-users")
public class UserService extends BaseService {
public UserService() throws NamingException {
super();
}
#GET
#Path("/home")
#Produces(MediaType.TEXT_HTML)
public Response showHome() {
Map<String, Object> map = new HashMap<String, Object>();
map.put("title", "Home");
return Response.ok(new Viewable("/user/home", map)).build();
}
}
com.example.foo.view.rest.BaseService
package com.example.foo.view.rest;
import com.example.foo.commons.Constants;
import com.example.foo.model.FooEJB;
import javax.annotation.Resource;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
public class BaseService {
#Resource
protected FooEJB fooEJB;
#Context
protected HttpServletRequest request;
#Context
protected HttpServletResponse response;
#Context
protected SecurityContext securityContext;
public BaseService() throws NamingException {
InitialContext context = new InitialContext();
fooEJB = (FooEJB)context.lookup(Constants.EJB_JDNI_NAME);
}
}

Secured REST call on Websphere

I am trying to create a secured REST service on WebSphere 8.5.0.2. I want to secure using basic authentication. I modified my web.xml and tryed to read auto injected SecurityContext. I get an auto injected object but various operations are failing for e.g. securityContext.getAuthenticationScheme();
I have also mapped my role to all authentiacted realm's users.
I could not find anything in Wink's documentation too. Am i doing anything wrong ?
My web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>RESTModulation</display-name>
<!-- Wink SDK servlet configuration.
This servlet handles HTTP requests
of SDK web service on application server.-->
<servlet>
<description>
JAX-RS Tools Generated - Do not modify</description>
<servlet-name>EntryRestServlet</servlet-name>
<servlet-class>com.ibm.websphere.jaxrs.server.IBMRestServlet</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.demo.DemoResourceApplication</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>EntryRestServlet</servlet-name>
<url-pattern>
/resources/*</url-pattern>
</servlet-mapping>
<security-constraint id="SecurityConstraint_1">
<web-resource-collection id="WebResourceCollection_1">
<web-resource-name>EntryRestServlet</web-resource-name>
<description>Protection area for Rest Servlet</description>
<url-pattern>/resources/</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint id="AuthConstraint_1">
<description>Role1 for this rest servlet</description>
<role-name>Role1</role-name>
</auth-constraint>
</security-constraint>
<security-role id="SecurityRole_1">
<description>This is Role1</description>
<role-name>Role1</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>defaultWIMFileBasedRealm</realm-name>
</login-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
</web-app>
==========================================================================
Service implementation
#Path("/MyTestService")
public class MyTestService{
#Context
SecurityContext securityContext;
#GET
#Path("/getUser1")
#Produces(MediaType.TEXT_PLAIN)
public Response doInquiry()throws Exception {
String jsonData= "{'user':'I am here '}";
String authnScheme = securityContext.getAuthenticationScheme();
System.out.println("authnScheme : " + authnScheme);
// retrieve the name of the Principal that invoked the resource
String username = securityContext.getUserPrincipal().getName();
System.out.println("username : " + username);
// check if the current user is in Role1
Boolean isUserInRole = securityContext.isUserInRole("Role1");
System.out.println("isUserInRole : " + isUserInRole);
return Response.status(Response.Status.OK).entity(jsonData).build();
}
}

I did not pass correct password from REST client. After providing correct credentials, it has started working.

File upload doesn't work with PrimeFaces 4.0, JSF Mojarra 2.2.3 and Wildfly Beta 1

I have a web application running on:
Wildfly Beta 1
JSF Mojarra 2.2.3 (from Wildfly)
Primefaces 4.0
rewrite-servlet-2.0.7.Final / rewrite-config-prettyfaces-2.0.7.Final
commons-io-2.4 / commons-fileupload-1.3
And I have problem with file upload component (advanced and simple mode doesn't work, never print inside upload()).
Same is even run without rewrite-servlet-2.0.7.Final/rewrite-config-prettyfaces-2.0.7.Final libs.
My upload.xhtml file:
<h:form prependId="false" id="formLateralUpload" enctype="multipart/form-data">
<h:panelGrid columns="1" cellpadding="5">
<p:fileUpload mode="advanced" multiple="true" update="#widgetVar(msg)"
fileUploadListener="#{test.upload}" auto="true" sizeLimit="10500000"/>
</h:panelGrid>
</h:form>
My bean:
#ManagedBean(name = "test")
#ViewScoped
public class Test {
private UploadedFile file;
public UploadedFile getFile() {
return file;
}
public void setFile(UploadedFile file) {
this.file = file;
}
public void upload(FileUploadEvent event) {
System.out.println("inside upload()");
}
}
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="test"
version="3.1">
<display-name>test</display-name>
<welcome-file-list>
<welcome-file>/</welcome-file>
</welcome-file-list>
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<context-param>
<param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
<param-value>true</param-value>
</context-param>
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/redirect</location>
</error-page>
</web-app>

I have the same issue with Wildfly 8.1, PrimeFaces 5.1, Pretty faces and file upload. There is a HACK to make this work in Tomcat, but I can't find one in undertow. PrettyFaces appears to be doing something bad to multipart post requests that prevents them from working correctly... They seem to be pushing it back to Undertow/Wildfly because the hack exists in Tomcat instead of fixing the actual issue.
Wildfly Discussion: http://ocpsoft.org/support/topic/pretty-primefaces-fileupload/
Tomcat Hack: http://ocpsoft.org/support/topic/split-prettyfaces-anchor-with-primefaces-file-upload-not-working/
I'm road blocked on this and I can't really extract either PrettyFaces, PrimeFaces-Fileupload (I need background ajax/html5 uploading) or Wildfly... Anyone with a suggestion other than "use an iframe/simple mode" would be much appreciated.

Apache CXF - How to register a SOAP service without Spring?

I need to register a SOAP service without Spring configuration.
I know it it is possible to do that in case of RESTFUL service (by using the CXFNonSpringJaxrsServlet and configuring in web.xml) but how could I use something similar for a SOAP service?
This is my original applicationContext.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cxf="http://cxf.apache.org/core"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:jaxrs="http://cxf.apache.org/jaxrs"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/jaxrs
http://cxf.apache.org/schemas/jaxrs.xsd"
default-autowire="byName">
<!-- Load CXF modules from cxf.jar -->
<import resource="classpath:META-INF/cxf/cxf.xml"/>
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml"/>
<import resource="classpath:META-INF/cxf/cxf-servlet.xml"/>
<import resource="classpath:META-INF/cxf/cxf-extension-jaxrs-binding.xml"/>
<bean id="businessServiceabilityService"
class="XXXXXXXXXXXXXXXXXXServiceImpl"
autowire="autodetect"/>
<bean id="jaxbBean"
class="org.apache.cxf.jaxb.JAXBDataBinding"
scope="prototype"/>
<bean id="jaxws-and-aegis-service-factory"
class="org.apache.cxf.jaxws.support.JaxWsServiceFactoryBean"
scope="prototype">
<property name="dataBinding" ref="jaxbBean"/>
<property name="serviceConfigurations">
<list>
<bean class="org.apache.cxf.jaxws.support.JaxWsServiceConfiguration"/>
<bean class="org.apache.cxf.aegis.databinding.AegisServiceConfiguration"/>
<bean class="org.apache.cxf.service.factory.DefaultServiceConfiguration"/>
</list>
</property>
</bean>
<!-- JAX-RS -->
<jaxrs:server id="businessServiceabilityServiceJaxRsServer" address="/bs/rest">
<jaxrs:serviceBeans>
<ref bean="businessServiceabilityService"/>
</jaxrs:serviceBeans>
</jaxrs:server>
<!-- JAX-WS -->
<jaxws:endpoint implementor="#businessServiceabilityService" address="/bs/soap">
<jaxws:serviceFactory>
<ref bean="jaxws-and-aegis-service-factory"/>
</jaxws:serviceFactory>
</jaxws:endpoint>
How could I register the SOAP service? I couldn't find any possibility to do that in the web.xml.
The web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<display-name></display-name>
<servlet>
<servlet-name>CXFNonSpringJaxrsServlet</servlet-name>
<servlet-class>org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet</servlet-class>
<init-param>
<param-name>jaxrs.providers</param-name>
<param-value>XXXXXXXXXXXXXXXXXXXServiceImpl</param-value>
</init-param>
<init-param>
<param-name>jaxrs.serviceClasses</param-name>
<param-value>XXXXXXXXXXXXXXXXXXXServiceImpl</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>CXFNonSpringJaxrsServlet</servlet-name>
<url-pattern>/cxf/rest/*</url-pattern>
</servlet-mapping>
Thank you in advance!
V.

Spring framework is optional for creating webservice using CXF, It will dramatically reduce the pacakge size because you only need following jars [As of using CXF 2.7.3]
commons-logging-1.1.1.jar
cxf-2.7.3.jar
httpasyncclient-4.0-beta3.jar
httpclient-4.2.1.jar
httpcore-4.2.2.jar
httpcore-nio-4.2.2.jar
neethi-3.0.2.jar
wsdl4j-1.6.2.jar
xmlschema-core-2.0.3.jar
Following is an example for JAX-WS service
http://www.javatips.net/blog/2012/10/cxf-soap-without-spring
Following is an example for JAX-RS service
http://www.javatips.net/blog/2012/10/cxf-rest-without-spring

I found a solution.
public class MyServiceServlet extends CXFNonSpringServlet {
private static final long serialVersionUID = 1L;
#Override
// Called at startup time to register this web service.
public void loadBus(ServletConfig servletConfig) throws ServletException {
super.loadBus(servletConfig);
Bus bus = getBus();
BusFactory.setDefaultBus(bus);
createFactoryBean(servletConfig);
}
private void createFactoryBean(ServletConfig servletConfig) {
String address = servletConfig.getInitParameter("jaxws.address");
String provider = servletConfig.getInitParameter("jaxws.provider");
String serviceClass = servletConfig.getInitParameter("jaxws.serviceClass");
JaxWsServerFactoryBean fb = new JaxWsServerFactoryBean();
fb.setAddress(address);
try {
fb.setServiceBean(Class.forName(provider).newInstance());
} catch (Exception e) {
throw new RuntimeException("The class '"+provider+"' cannot be instantiated!", e);
}
try {
fb.setServiceClass(Class.forName(serviceClass).getClass());
} catch (ClassNotFoundException e) {
throw new RuntimeException("The class '"+serviceClass+"' cannot be found!", e);
}
fb.create();
}
}
And the web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<display-name></display-name>
<!-- CXF config -->
<servlet>
<servlet-name>CXFNonSpringJaxrsServlet</servlet-name>
<servlet-class>org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet</servlet-class>
<init-param>
<param-name>jaxrs.providers</param-name>
<param-value>xxx.BusinessServiceabilityServiceImpl</param-value>
</init-param>
<init-param>
<param-name>jaxrs.serviceClasses</param-name>
<param-value>xxx.BusinessServiceabilityServiceImpl</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>MyServiceServlet</servlet-name>
<servlet-class>xxx.MyServiceServlet</servlet-class>
<init-param>
<param-name>jaxws.address</param-name>
<param-value>/almafa</param-value>
</init-param>
<init-param>
<param-name>jaxws.serviceClass</param-name>
<param-value>com.infoaxon.bpt.services.OACCostingServiceSoap</param-value>
</init-param>
<init-param>
<param-name>jaxws.provider</param-name>
<param-value>xxx.BusinessServiceabilityServiceImpl</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>CXFNonSpringJaxrsServlet</servlet-name>
<url-pattern>/cxf/rest/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MyServiceServlet</servlet-name>
<url-pattern>/cxf/soap/*</url-pattern>
</servlet-mapping>
</web-app>

How to implement redirect to login-page with Java EE 6/Glassfish

I'm trying to implement a redirect after login, which means I can't use glassfish built-in form authentication settings anymore that handles such things automatically. So first thing's first, I need to take control over redirecting to a login page when requesting a protected page. As I understand, this is done with a filter. Can this method be combined with security-constraints in web-xml? As it is, my filter is not called at all since glassfish just takes over and throws a basic loginbox at the user and ignores all filters even when no login configuration is set. Basicly, I have not managed to get a filter called before a user has logged in when security constraints are configured in glassfish.
Do I really need to take over security completly manually in a filter for this to work? If that's the case, the implementation seems horrible.
Using glassfish 3.1 with JSF 2 and a custom loginpage logging in manually with request.login.
web.xml.
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value><!--Production-->Development</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.expressionFactory</param-name>
<param-value>de.odysseus.el.ExpressionFactoryImpl</param-value>
</context-param>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.xdin.competence.jsf.util.LoginFilter</filter-class>
</filter>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsf</welcome-file>
</welcome-file-list>
<!--<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/viewExpired.jsf</location>
</error-page>-->
<security-constraint>
<display-name>ManagerArea</display-name>
<web-resource-collection>
<web-resource-name>ManagerArea</web-resource-name>
<description/>
<url-pattern>/manager/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>Manager-role</role-name>
<role-name>Admin-role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>EmployeeArea</display-name>
<web-resource-collection>
<web-resource-name>EmployeeConstraint</web-resource-name>
<description/>
<url-pattern>/user/Overview.jsf</url-pattern>
<url-pattern>/user/PrepareReport.jsf</url-pattern>
<url-pattern>/user/Search.jsf</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>Employee-role</role-name>
<role-name>Admin-role</role-name>
<role-name>Manager-role</role-name>
<role-name>OKIF-role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>AdminArea</display-name>
<web-resource-collection>
<web-resource-name>AdminCompetence</web-resource-name>
<description/>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>Admin-role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>UserArea</display-name>
<web-resource-collection>
<web-resource-name>UserConstraint</web-resource-name>
<description/>
<url-pattern>/index.jsf</url-pattern>
<url-pattern>/template.jsf</url-pattern>
<url-pattern>/user/UserDetail.jsf</url-pattern>
<url-pattern>/user/UserInformation.jsf</url-pattern>
<url-pattern>/print/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>Employee-role</role-name>
<role-name>Admin-role</role-name>
<role-name>Manager-role</role-name>
<role-name>OKIF-role</role-name>
</auth-constraint>
</security-constraint>
<!--<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsf</form-login-page>
<form-error-page>/login.jsf</form-error-page>
</form-login-config>
</login-config>-->
<security-role>
<description/>
<role-name>Employee-role</role-name>
</security-role>
<security-role>
<description/>
<role-name>Admin-role</role-name>
</security-role>
<security-role>
<description/>
<role-name>Manager-role</role-name>
</security-role>
<security-role>
<description/>
<role-name>OKIF-role</role-name>
</security-role>
</web-app>
And my filter:
public class LoginFilter implements Filter {
private FilterConfig filterConfig = null;
public LoginFilter() {
}
#Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
if (req.getUserPrincipal() == null) {
req.getSession().setAttribute("from", req.getRequestURI());
res.sendRedirect("/login.jsf");
} else {
chain.doFilter(request, response);
}
}
#Override
public void destroy() {
}
#Override
public void init(FilterConfig filterConfig) {
this.filterConfig = filterConfig;
}
}

In your customized login form, add the following hidden field:
<input type="hidden" name="from" value="#{requestScope['javax.servlet.forward.request_uri']}" />
which you set in JSF as follows
#ManagedProperty(value="#{param.from}")
private String from;
and redirect as follows in login action method
if (from != null) {
externalContext.redirect(from);
}
No need for a Filter.