Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Roles and available actions on page

 
Dario Sarcevic
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all!

My truly apologies if topic somewhere exists -I couldn't find topic with "problem" like mine. I developed J2EE application and now I am trying to implement security measures. In my project I am using JSF 2.0 , EJB 3.0 and JPA. After Login page (JAAS used) next page is Index.xhtml and index has menu- links to other pages (Emloyees,Vehicles,Payment, etc) . Now, I wanna implement Roles (Admin and User). AdMIN see (has access) to all menu items and can use it and USER see only some specific commandLink (Vehicles eg). How to do that? Is it possible to configure with some filter or can be done on glassfish?

Thanks in advance, any information is welcome!
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18152
52
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The J2EE standard specification comes with a built-in role-based access control system (RBAC). You define the roles in web.xml and map them to URL patterns. The J2EE and EJB APIs also include methods that tap into this security system.

The actual security database is a plug-in component called a Realm. Realms come in a variety of flavors - for example, using databases, LDAP, JAAS. XML files, Single-Signon servers and even custom implementations. The Realm is part of the server, so the exact set of available Realms varies with the server being used.

All this is already pre-written and pre-debugged and requires little or no application coding to use.

 
Dario Sarcevic
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you very much Tim, not only on reply on my post but also for sharing your knowledge. I solved my problem with adding roles on glassfish realm and mapped in web.xml.

Components are using rendered="#{facesContext.externalContext.isUserInRole('ROLE_NAME')}" and its working like a charm, thank you very much!
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18152
52
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Personally, I like to keep the EL simple (it can be brutal to debug EL), so I create a security manager utility class to hide all the JSF-specific details and to simplify the coding and debugging.

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic