my setup JAAS Authentication doesn’t work anymore once I configured PrettyFaces. I know that there is a workaround to add a “dispatcher” to filter definitions. But how can I do this in a <security-constraint>?
I’m just guessing here but I think security constraints are applied before a request enters the filter chain. So JAAS will see the pretty URL instead of the one PrettyFaces forwards to. I think you will have to adjust the rules to match the pretty URLS instead of the viewIds.