Home/ Questions/Q 8075713
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T15:04:57+00:00

We have a JSF 1.2 application with RichFaces 3.3.3 on JBoss 5.1. When we

  • 0

We have a JSF 1.2 application with RichFaces 3.3.3 on JBoss 5.1. When we restart the server and make the very first login in the app, then we are redirected to a blank page on the following URL

https://our.domain.com/a4j/s/3_3_3.Finalorg/richfaces/renderkit/html/css/extended_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__

It happens only on the very first login after the redeploy and restart of the server. The second login and from then on it works fine.

How is this caused and how can I solve it?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The container managed authentication will automatically redirect to the very first HTTP request which triggered the authentication check.

    That it redirected to a CSS file can only mean that the actual page has been requested from the browser cache instead of directly from the server, while the CSS file has been requested directly from the server, either fully or by a conditional GET.

    You need to fix 2 problems:

    1. Create a filter which tells the browser to not cache the restricted pages. Map this filter on the same URL pattern as the security constraint. This way the browser will never request them from the cache. This is to be done by setting the following headers on the response

      response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.

    2. Exclude the static resources like CSS/JS/images from the authentication check. Add another allow-all security constraint on the URL pattern of those resources, e.g. /a4j/*, /resource/*, /static/*, etc or whatever you have. This way the server will never authenticate those requests.

    • 0