This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
I wanted to know the right approach for restricting a certain user that will access a page in which he/she is not permitted.
I don't know if using filter is a good way just like in servlet. I am new to jsf so i don't know.
Your help will be greatly appreciated.
Thanks in advanced.
"Nothing is impossible, impossible takes a little longer".
The J2Ee standard container-managed security system is very good for this purpose. For one thing, it puts the responsibility for controlling access on the webapp server and not on the webapp, so an ill-intentioned user cannot even ram a bad URL request into the webapp, since the appserver will reject it before it can be passed to application code.
I commonly have an administrative aspect to my major webapps. So I set up my admin View definitions under the resource directory name "admin", which is mapped from the add-relative URL "/admin". Then I setup access controls in web.xml so that only users with an admin role can access these URLS. For example:
That's all that standard J2EE webapps need. However, JSF has one further requirement. You may have noticed that the URL in the browser navigation bar often lags the name of the resource to which it refers. Since the J2EE container security system secures URLs, not resources, you have to prevent that behavior. You can do this easily by including the "redirect" option on the navigation rules (or code) that direct users to the restricted URL.
An IDE is no substitute for an Intelligent Developer.
Joined: Jun 15, 2011
Thank you sir Tim,
I will research on this one and try yo implement this on my web app.
This is really helpful.