JSF - Spring Security Integration issue

Question

The Servlet 2.4+ API allows us to use the tag within the tag with values like FORWARD to interce

Answer 1

By default the FilterSecurityInterceptor will only execute once-per-request and doesn't do security re-checking unless there is change in the url but with JSP/JSF forwards the page is rendered as a response to the current request and the url in the browser contains the address of the previous page. So for this just set once-per-request attribute to false in your http element in applicationContext thus forcing security rechecking.

and add a dispatcher for forwards in springSecurityFilterChain filter-mapping in your web.xml

    springSecurityFilterChain
    org.springframework.web.filter.DelegatingFilterProxy


    springSecurityFilterChain
    /*
    FORWARD
    REQUEST

More info

Alternatively, you can also enable page redirection by appending the parameter faces-redirect=true to the outcome like this:

But as BalusC says its not good practice to use POST for page to page navigation. Always do GET using

 or 

Also see:

• when-should-i-use-houtputlink-instead-of-hcommandlink

• Post-Redirect-Get pattern