implement Role based security in JSF

hi,

Can anyone give me any example or idea how to implement role based user security in a web application using JSF. Any desgin pattern or articles will be highly appreciated.

Most of my security is handled in a servlet filter. That basically controls who can visit what page. Now what you probably want to know more about is how to display or not display certain components on a form depending on the role of the user viewing the page. So the security filter has already been hit and now it's up to the components to decide if they will be visible or not.

Well, I don't use container managed roles and security. So the part of JSF that deals with that I cannot tell you about. What I do is I have a getRole() method or something similar in my User object or whatever you want to call it and I use an expression in my rendered attribute that determines the components rendered value of True or False. You can do this as fancy or as simple as you want to.

Is this in line with what you are wanting? Or am I totally off base?

Hi,
You have got my point. But one question i have is the getRole() function that u call for each component(i.e. which have to be displayed or not), u call it everytime while the component is rendered , is it that way or some way else. Don't u think for calling getRole() simultaneous times will be slow if it databse is remote etc. Or is there any other method.

Can u shed light on the container managed security ?

Originally posted by felix thomas:
Don't u think for calling getRole() simultaneous times will be slow if it databse is remote etc.

Create a User object with an attribute "role" and getRole will return you the value from this attribute. You can create user object after successful user login/ authentication.
Don't make a database call in getRole().