Okay we have a single - sign - on and the user will likely enter www.blabla.com/AppName/ to reach our site. We then define a welcome site, use a phaselistener to check:
is user trying to access the welcome site? yes -> try to login - works? yes -> get user roles -> forward to the appropriate site for this specific user.
E.g. user niceBelly goes to page /somewhere/in/many/folders/beer.jsf and user barbie goes to /breasts/pink.jsf a redirect is in this application not possible for some reasons.
the result is that when reaching e.g. page pink.jsf the address bar still shows blablaba.com/AppName/ clicking the first link will result in the browser using the form address as new URL e.g. on welcome.jsf i navigate to coolstuff.jsf. On the page coolstuff i now have the url of the last form, e.g. welcome.jsf. Then on cool stuff i click a link, and get coolstuff on the next page as url, and so on.
Is there a way to solve this / work around it?
Given the symptoms, you are actually not redirecting the requests, but you are actually forwarding the requests. A real redirect will take place when you call
externalContext.redirect(url);
in JSF context, or when you add
<redirect />
to the navigation case. All other ways are effectively forwards. As per the symptoms, you're using commandlinks instead of outputlinks to navigate to other page. Commandlinks will submit a POST request to current URL and JSF will under the covers use RequestDispatcher to set the destination of the request/response when the navigation case doesn't contain <redirect />. A forward does not instruct the browser to fire a new GET request on the destination URL and hence the URL in browser address bar does not change. A real redirect will do exactly that.