• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

JSF page restriction on user roles.

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


Hi everyone,

I wanted to know the right approach for restricting a certain user that will access a page in which he/she is not permitted.
I don't know if using filter is a good way just like in servlet. I am new to jsf so i don't know.
Your help will be greatly appreciated.

Thanks in advanced.
 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The J2Ee standard container-managed security system is very good for this purpose. For one thing, it puts the responsibility for controlling access on the webapp server and not on the webapp, so an ill-intentioned user cannot even ram a bad URL request into the webapp, since the appserver will reject it before it can be passed to application code.

I commonly have an administrative aspect to my major webapps. So I set up my admin View definitions under the resource directory name "admin", which is mapped from the add-relative URL "/admin". Then I setup access controls in web.xml so that only users with an admin role can access these URLS. For example:


That's all that standard J2EE webapps need. However, JSF has one further requirement. You may have noticed that the URL in the browser navigation bar often lags the name of the resource to which it refers. Since the J2EE container security system secures URLs, not resources, you have to prevent that behavior. You can do this easily by including the "redirect" option on the navigation rules (or code) that direct users to the restricted URL.
 
ellie spring
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


Thank you sir Tim,

I will research on this one and try yo implement this on my web app.
This is really helpful.

Thanks,
 
reply
    Bookmark Topic Watch Topic
  • New Topic