This week's book giveaway is in the General Computing forum.
We're giving away four copies of Arduino in Action and have Martin Evans, Joshua Noble, and Jordan Hochenbaum on-line!
See this thread for details.
The moose likes JSF and the fly likes manage users for programmatic security Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Arduino in Action this week in the General Computing forum!

A special promo: Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch » Java Forums » Java » JSF
Reply Bookmark "manage users for programmatic security" Watch "manage users for programmatic security" New topic
Author

manage users for programmatic security

D. Formenton
Ranch Hand

Joined: Mar 20, 2008
Posts: 46
posted private message
0
Quote
Hi all,

I would like to add to my JSF application the programmatic security concept, but I wold like to know if it is possible to manage the realm /users of grassfish v. 3 server with a jsf page, to avoid to configure the server for any new user.

Thank you.

D. Formenton
Kamal Wickramanayake
Greenhorn

Joined: Jul 10, 2010
Posts: 27
posted private message
0
Quote
My advice is to look at Spring Security. You don't have to care about what your application server is. You can go about fine grain access controlling. It's not difficult to add Spring Security to an already available application. Have a look at the following:

Using Spring Security in your Java web application

[ UD: removed off-topic links ]
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 14571
    
    7

I like...
Android Eclipse IDE Linux
posted private message
0
Quote
Programmatic security is not considered the optimal way to secure applications. Programs can have bugs and the last place you want bugs is in security. Plus changing the security architecture requires rewriting the security code, and that often means modify the application logic.

Declarative security is preferable, where possible. Because, unlike program code, declarations have a fairly small number of possibilities, it's much easier to secure an application and it's often possible to design, build, and test the app without including security code within the application itself.

The J2EE standard provides role-based declarative security as a built-in feature, controlled by definitions in the web.xml file. This is quite adequate for many web applications. For more extensive/finer-grained control, you can pair it with a third-party framework such as Spring Security.

Most application developers - and architects - have no business designing their own custom security systems. They invariably do it very badly. It takes both an especially evil mindset and a pretty extensive amount of education to know how to design and implement a security system. And even the pro jobs get exploited on occasion. Far better to let someone else be responsible for that part of the system. Use a rtrusted security framework.

Customer surveys are for companies who didn't pay proper attention to begin with.
leo donahue
Ranch Hand

Joined: Apr 17, 2003
Posts: 327
posted private message
0
Quote
D. Formenton wrote:Hi all,
... to avoid to configure the server for any new user.


I really don't understand your question. You do not want to manage users/roles in glassfish? If not you, who is going to be adding users/roles then? The users?

I agree with Tim that declarative security is the way to go.

Did you read any of this?: Realms
Are you saying you don't want to use a file Realm?

Thanks, leo
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: manage users for programmatic security
 
Similar Threads
J2EE Security Concerns and Confusions
j2me authenication on j2ee server
Using badges to authorize web app access
mock question on security
returning to original page after login