Home/ Questions/Q 7247829
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T22:03:30+00:00

I wrote a custom JSR-196 module, which combines multiple mechanisms to protect resources. It

  • 0

I wrote a custom JSR-196 module, which combines multiple mechanisms to protect resources.

It works quite well if authentication is provided.

Now, if a protected resource is accessed and authentication isn’t provided, I’d like to redirect my user to some login page.

How can I know that a resource is protected? I don’t want to redirect for unprotected images or for the login page itself. I used web.xml to allow unrestricted access to that. For those pages, sending AuthStatus.SUCCESS seems to be the only way to display them. I’d rather think I need to send AuthStatus.SEND_CONTINUE. And I’d need a way to tell if I need to restrict access on those.

I’m using Glassfish 3.1.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Seems that I somehow removed the requestPolicy.isMandatory() check…

    That’s where the magic happens, it tells you if a resource is protected.

    I thought requestPolicy was tied to the ServerAuthModule. Now, this is true, but a different ServerAuthModule is created for protected and unprotected resource.

    • 0