I am running a JSF application on Glassfish 3.1.2.2 with JDBC Realms authentication.
I was wondering if there was anyway that I can disable the login popup that appears whenever someone tries to access a restricted page and is not logged in and instead raise an Error 401 (which automatically redirects to my page's login page) for consistency of UX.
You'll have to set your web.xml security constraints login-config auth-method to FORM login:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>You can but you are not forced to supply a realm here</realm-name>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/access-forbidden.xhtml</form-error-page>
</form-login-config>
</login-config>
Secure your pages like this:
<security-constraint>
<web-resource-collection>
<url-pattern>/index.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>Manager</role-name>
</security-role>