PrimeFaces based application with PicketLink does not show style in login page

Question

I developed a PrimeFaces based application that I now want to protect with PicketLink in a CDI way. I followed this example and created a login page with several PrimeFaces

Answer 1

The reason the css and js files are not loaded is because the security 'profile' in the original example has all resources protected besides a login.xhtml file. JSF by default loads resources from the 'virtual' javax.faces.resource folder. This needs to be excluded from authentication to. The HttpSecurityConfiguration in the original example should be adapted to exlude this virtual folder in the config.

public class HttpSecurityConfiguration {

    public void onInit(@Observes SecurityConfigurationEvent event) {
        SecurityConfigurationBuilder builder = event.getBuilder();

        builder
            .http()
                .forPath("/javax.faces.resource/*")
                    .unprotected()
                .forPath("/index.jsf")
                    .unprotected()
                .allPaths()
                    .authenticateWith()
                    .form()
                        .authenticationUri("/login.jsf")
                        .loginPage("/login.jsf")
                        .errorPage("/error.jsf")
                        .restoreOriginalRequest()
                .forPath("/logout")
                    .logout()
                    .redirectTo("/index.jsf");
    }
}