0

I have a jsf/primefaces app. It has both internal and external facing side grouped into two different directories such as xhtml/internal and xhtml/external. Access to the internal site is controlled by a filter based on your IP. If your IP is on the internal range, you can get access to xhtml/internal but you still have to login.

The access to the application is controlled by IS through the ajp protocol so I have to map either the top level url such as mysite or mysite/xhtml/external. I have gone with mapping mysite since the IP range check was enough for my security needs. At the last moment, my supervisor decided that IP security is not good enough.

I would like to map the site as mysite/xhtml/external using AJP but jsf has his own resource handling. So even if I somehow create a clone of the javascript/css files, I cannot serve them from xhtml/external url. Here's what the jsf/primefaces does to a resource request

mysite/javax.faces.resource/theme.css.xhtml?ln=primefaces-bootstrap

Is it possible to map that so instead of javax.faces.resource, it should be xhtml/external/javax.faces.resource ? Thanks

user3586195
  • 498
  • 4
  • 15
  • Not that I'm aware of. The typical way to handle jsf resources is to add a custom rule to your filter so that it is exempt from requiring a login. – codeturner Jan 07 '15 at 19:25

1 Answers1

0

This looks to be impossible. This is due to the fact javax.faces.resources is a static final string ResourceHandler#RESOURCE_IDENTIFIER.

Unfortunately this cannot be overridden even with reflection. Read more about it in this post

Community
  • 1
  • 1
user3586195
  • 498
  • 4
  • 15