Re: PrettyFilter + Websphere Security

Splash Forums PrettyFaces Users PrettyFilter + Websphere Security Re: PrettyFilter + Websphere Security



I think I found my answer – there is another WebSphere parameter that also must be set to true. This may come in handy for some other unfortunate WebSphere user out there trying to use PrettyFaces with app security enabled. ;-)

From IBM:

When a request is received for a static file which does not exist, the web container calls defined servlet filters. If the filters do no successfully complete, a 404 error code is set. In a situation where application security is enabled, a security check is performed as part of filter invocation. Typically if the security check fails the web container considers the filters to have failed and still sets a 404 error code instead of the 401 error code that indicates the failure of a security check. The 404 error code enables the requester to access the static file without logging on.

You can set the custom property to true, to prevent the 401 error code from being replaced with a 404 error code, and ensure that a user must enter a valid user ID and password before they can access a static file.