my dog learned polymorphism*
The moose likes JSF and the fly likes JSF page restriction on user roles. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "JSF page restriction on user roles." Watch "JSF page restriction on user roles." New topic
Author

JSF page restriction on user roles.

ellie spring
Greenhorn

Joined: Jun 15, 2011
Posts: 24


Hi everyone,

I wanted to know the right approach for restricting a certain user that will access a page in which he/she is not permitted.
I don't know if using filter is a good way just like in servlet. I am new to jsf so i don't know.
Your help will be greatly appreciated.

Thanks in advanced.


"Nothing is impossible, impossible takes a little longer".
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16022
    
  20

The J2Ee standard container-managed security system is very good for this purpose. For one thing, it puts the responsibility for controlling access on the webapp server and not on the webapp, so an ill-intentioned user cannot even ram a bad URL request into the webapp, since the appserver will reject it before it can be passed to application code.

I commonly have an administrative aspect to my major webapps. So I set up my admin View definitions under the resource directory name "admin", which is mapped from the add-relative URL "/admin". Then I setup access controls in web.xml so that only users with an admin role can access these URLS. For example:


That's all that standard J2EE webapps need. However, JSF has one further requirement. You may have noticed that the URL in the browser navigation bar often lags the name of the resource to which it refers. Since the J2EE container security system secures URLs, not resources, you have to prevent that behavior. You can do this easily by including the "redirect" option on the navigation rules (or code) that direct users to the restricted URL.


Customer surveys are for companies who didn't pay proper attention to begin with.
ellie spring
Greenhorn

Joined: Jun 15, 2011
Posts: 24


Thank you sir Tim,

I will research on this one and try yo implement this on my web app.
This is really helpful.

Thanks,
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JSF page restriction on user roles.