aspose file tools*
The moose likes JSF and the fly likes Roles and available actions on page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "Roles and available actions on page" Watch "Roles and available actions on page" New topic
Author

Roles and available actions on page

Dario Sarcevic
Greenhorn

Joined: Mar 10, 2012
Posts: 5
Hello all!

My truly apologies if topic somewhere exists -I couldn't find topic with "problem" like mine. I developed J2EE application and now I am trying to implement security measures. In my project I am using JSF 2.0 , EJB 3.0 and JPA. After Login page (JAAS used) next page is Index.xhtml and index has menu- links to other pages (Emloyees,Vehicles,Payment, etc) . Now, I wanna implement Roles (Admin and User). AdMIN see (has access) to all menu items and can use it and USER see only some specific commandLink (Vehicles eg). How to do that? Is it possible to configure with some filter or can be done on glassfish?

Thanks in advance, any information is welcome!
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16012
    
  19

The J2EE standard specification comes with a built-in role-based access control system (RBAC). You define the roles in web.xml and map them to URL patterns. The J2EE and EJB APIs also include methods that tap into this security system.

The actual security database is a plug-in component called a Realm. Realms come in a variety of flavors - for example, using databases, LDAP, JAAS. XML files, Single-Signon servers and even custom implementations. The Realm is part of the server, so the exact set of available Realms varies with the server being used.

All this is already pre-written and pre-debugged and requires little or no application coding to use.


Customer surveys are for companies who didn't pay proper attention to begin with.
Dario Sarcevic
Greenhorn

Joined: Mar 10, 2012
Posts: 5
Thank you very much Tim, not only on reply on my post but also for sharing your knowledge. I solved my problem with adding roles on glassfish realm and mapped in web.xml.

Components are using rendered="#{facesContext.externalContext.isUserInRole('ROLE_NAME')}" and its working like a charm, thank you very much!
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16012
    
  19

Personally, I like to keep the EL simple (it can be brutal to debug EL), so I create a security manager utility class to hide all the JSF-specific details and to simplify the coding and debugging.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Roles and available actions on page