Application Login page is displayed when accessing a REST endpoint - Payara-5.2021.8

I have a web application defined/configured as follows:

<?xml version="1.0" encoding="UTF-8"?> javax.faces.PROJECT_STAGE Production javax.faces.VALIDATE_EMPTY_FIELDS false javax.faces.CLIENT_WINDOW_MODE url javax.faces.PARTIAL_STATE_SAVING false javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE true com.sun.faces.writeStateAtFormEnd false javax.faces.STATE_SAVING_METHOD server javax.faces.ENABLE_CDI_RESOLVER_CHAIN true javax.faces.CONFIG_FILES eot application/ otf font/opentype ttf application/x-font-ttf woff application/x-font-woff woff2 application/x-font-woff2 svg image/svg+xml Faces Servlet javax.faces.webapp.FacesServlet 1 Print Servlet com.sys.hrsys.servlets.PrintToPDF SessionTimeoutFilter com.sys.hrsys.cdi.SessionTimeoutFilter SessionTimeoutFilter *.xhtml com.sys.hrsys.cdi.MySessionListener Faces Servlet /faces/* Print Servlet /print/* 10 COOKIE welcome.xhtml 500 /WEB-INF/errors/generalErrors.xhtml javax.faces.application.ViewExpiredException /faces/welcome.xhtml 404 /WEB-INF/errors/404.xhtml FORM hrsysRealm /faces/login.xhtml /faces/error.xhtml SecuredRoot Secured Root Secured Root /* CONFIDENTIAL ForUsers users For Users /faces/users/* users CONFIDENTIAL Ordinary Users users

And I have a REST endpoint, within the same .war defined/configured as follows

public class RegisterServlet extends ResourceConfig {

public RegisterServlet() {
    property(ServerProperties.BV_SEND_ERROR_IN_RESPONSE, true);


public class RSSecurityQuestions {

Instance<SecurityQuestionDefService> secQuestionService;

private List<SecurityQuestion> secQuestionList;

public void getSecurityQuestions(@Suspended final AsyncResponse asyncResponse, @Context ContainerRequestContext crc) {

    List<SecurityQuestion> secQuestionList = secQuestionService.get().getSecQuestionList();
    SecurityQuestionResponseSupplier securityQuestionResponseSupplier = new SecurityQuestionResponseSupplier(secQuestionList);
    LoginExceptionResponse loginExceptionResponse = new LoginExceptionResponse();
    LoginResponseConsumer loginResponseConsumer = new LoginResponseConsumer(asyncResponse);


Currently I am using payara- I want to upgrade to payara-5.2021.8.

Accessing jsf servlet requires that one should login first.

My issue is, when I send a request to the REST endpoint, I get an html response - a login page html from the faces servlet. Thes system is prompting me to first login as if I want to access the faces servlet. This happens only when I am using payara-5.2021.8.
With payara- I am able to get a correct response from the REST endpoint.

What configurations should I make on payara-5.2021.8 so that It should not prompt/send a login page when I want to access the REST endpoint? Advise what changes have been made on latest versions of Payara
as far as deploying jsf servlets and exposing REST endpoints in the same war is concerned.

Please assist

Thank you in advance.



Could you please help to edit the topic by enclosing the web.xml with code block (```) ?

Please allow me to give a reply to my own question.

  1. List item

In my resource class, i had code as follows:

    @Produces({"application/json", "application/xml"})
    @Consumes({"application/json", "application/xml", "application/x-www-form-urlencoded"})
    public void registerUser(@Suspended final AsyncResponse asyncResponse, @Context ContainerRequestContext crc, @Valid UserRegistrationObject userRegistrationObject) {
        String defaultUserRole = "STAFF";
        System.out.println("Setting Params");
        RegisterUserResponseSupplier registerUserResponseSupplier = new RegisterUserResponseSupplier(userRegistrationObject, defaultCompany, defaultUserRole, appUserService);
        LoginExceptionResponse loginExceptionResponse = new LoginExceptionResponse();
        LoginResponseConsumer loginResponseConsumer = new LoginResponseConsumer(asyncResponse);
                .exceptionally(loginExceptionResponse) // Here you can catch e.g. {@code join}'s CompletionException
  1. The request accessing this endpoint was not authenticated. In my view I THOUGHT, (foolishly of course!) just because I had annotated with @PermitAll, then all requests will be allowed.
  2. Because the request was not authenticated, the login page was popping up.
  3. When I removed the @PermitAll annotation, I was able to access the endpoint without the login page popping up.