• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Access rights for jsf pages.

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello.
In my jsf page i need to have several types of users accounts.
For different accounts different pages must be displayed. Is there any solution for jsf or richfaces framework?
Can variables or macros can be used in navigation rules?
 
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I think that what you are asking is how to restrict the access to data by users (authorisation)
according to who you know the user to be (authentication)?

Your question is a little too general, perhaps if you can clarify what it is that you are trying
to do then I can help a little to point you in the right direction.

Regards,
Brendan.
 
Ivan Prokopenko
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Brendan Healey wrote:
I think that what you are asking is how to restrict the access to data by users (authorisation)
according to who you know the user to be (authentication)?

Your question is a little too general, perhaps if you can clarify what it is that you are trying
to do then I can help a little to point you in the right direction.

Regards,
Brendan.


I wan`t not only to rstricts acces to data by users but also to show different pages to different types of users.
For example for user "sam" the the page must be main1.jsp and for user "alex" main2.jsp.
 
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
To actually limit access to a JSF View, you can use container-based authorization to limit access to its URL based on the security role(s) of the user. However, in JSF you also have to add a "redirect" element to the navigation rules that go to that page, since otherwise, the URL used may be the "from" page URL, and it's the URL that's used for access control, not the view name itself.

In conjunction with that, you can set up the preceding action methods to select (navigate to) whichever view that particular user should be supplied with. Just remember to include the "redirect" option so that the URL will be secured.

For a generic "bookmarkable" URL, such as "main.jsf", you can create a Servlet Filter that replaces that URL with the one for the appropriate page based on the user role.

You can also use a single page with access-controlled regions using div-like constructs (such as "h:panelGrid") and the "rendered=" attribute.
 
It's a beautiful day in this neighborhood - Fred Rogers. Tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic