-
Type:
Improvement
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: liferay-faces-2.1.0-ga1, liferay-faces-2.1.1-ga2, liferay-faces-2.1.2-ga3, liferay-faces-2.1.3-ga4, liferay-faces-2.1.4-ga5, liferay-faces-2.2.4-ga5, liferay-faces-3.0.0-legacy-ga1, liferay-faces-3.0.1-legacy-ga2, liferay-faces-3.0.2-legacy-ga3, liferay-faces-3.0.3-legacy-ga4, liferay-faces-3.0.4-legacy-ga5, liferay-faces-3.0.0-ga1, liferay-faces-3.0.1-ga2, liferay-faces-3.0.2-ga3, liferay-faces-3.0.3-ga4, liferay-faces-3.0.4-ga5, liferay-faces-3.1.0-ga1, liferay-faces-3.1.1-ga2, liferay-faces-3.1.2-ga3, liferay-faces-3.1.3-ga4, liferay-faces-3.1.4-ga5, liferay-faces-3.2.4-ga5
-
Labels:None
Currently the security-constraint configuration in the WEB-INF/web.xml descriptors of the Liferay Faces demos have the following syntax:
<!-- Prevent direct access to Facelet view XHTML by the userAgent (browser). --> <security-constraint> <web-resource-collection> <web-resource-name>Facelet View XHTML</web-resource-name> <url-pattern>*.xhtml</url-pattern> </web-resource-collection> <auth-constraint> <role-name>nobody</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>nobody</role-name> </security-role>
This task involves simplifying the syntax to the following:
<security-constraint> <display-name>Prevent direct access to Facelet XHTML</display-name> <web-resource-collection> <web-resource-name>Facelet XHTML</web-resource-name> <url-pattern>*.xhtml</url-pattern> </web-resource-collection> <auth-constraint /> </security-constraint>