This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Java Interview Guide and have Anthony DePalma on-line!
See this thread for details.
The moose likes JSF and the fly likes JSF page restriction on user roles. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "JSF page restriction on user roles." Watch "JSF page restriction on user roles." New topic

JSF page restriction on user roles.

ellie spring

Joined: Jun 15, 2011
Posts: 24

Hi everyone,

I wanted to know the right approach for restricting a certain user that will access a page in which he/she is not permitted.
I don't know if using filter is a good way just like in servlet. I am new to jsf so i don't know.
Your help will be greatly appreciated.

Thanks in advanced.

"Nothing is impossible, impossible takes a little longer".
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17421

The J2Ee standard container-managed security system is very good for this purpose. For one thing, it puts the responsibility for controlling access on the webapp server and not on the webapp, so an ill-intentioned user cannot even ram a bad URL request into the webapp, since the appserver will reject it before it can be passed to application code.

I commonly have an administrative aspect to my major webapps. So I set up my admin View definitions under the resource directory name "admin", which is mapped from the add-relative URL "/admin". Then I setup access controls in web.xml so that only users with an admin role can access these URLS. For example:

That's all that standard J2EE webapps need. However, JSF has one further requirement. You may have noticed that the URL in the browser navigation bar often lags the name of the resource to which it refers. Since the J2EE container security system secures URLs, not resources, you have to prevent that behavior. You can do this easily by including the "redirect" option on the navigation rules (or code) that direct users to the restricted URL.

An IDE is no substitute for an Intelligent Developer.
ellie spring

Joined: Jun 15, 2011
Posts: 24

Thank you sir Tim,

I will research on this one and try yo implement this on my web app.
This is really helpful.

I agree. Here's the link:
subject: JSF page restriction on user roles.
It's not a secret anymore!