File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSF and the fly likes JSF page sequrity Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "JSF page sequrity" Watch "JSF page sequrity" New topic
Author

JSF page sequrity

Gregory Androsov
Greenhorn

Joined: Apr 24, 2013
Posts: 5
Hello!
I want create web-application with privilegies. Depending on user roles application must give privilegies for user (on view, adding, editing and deleting). I know how to realize last three, but the first seem me unresolvable.
General problem is that if user know url of page (e.g. "localhost:8080/prime-test/pages/test.jsf") he would get it.

System of privilegies is unstatic and is got from DB. So I think I need store them in ManagedBean. Also I want give error-page to user if he hasn't enough right (when he push url).

How can I get it?
Gregory Androsov
Greenhorn

Joined: Apr 24, 2013
Posts: 5
Of couse I can don't render all on page if user haven't rights. But I think this is bad way
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15629
    
  15

There is a security manager built into the J2EE standard. If you use it, it will automatically handle the process of logging users in when needed and will guard selected URLs by wrapping a fortress around your webapp. Unlike user-designed "security systems" - which are usually not very secure at all - this system was designed by professional security experts and comes pre-debugged with every J2EE webapp server.

The Container-Managed J2EE security system doesn't actually guard "pages", it controls access to URLs, based on URL patterns that you supply in the WEB-INF/web.xml file. Each URL pattern is associated with one or more security roles and only people who possess one or more of those roles will be granted access to that URL. Unauthorized accessors will be diverted to a "Not Authorized" page automatically by the server without any user-written application code being used.

The storage mechanism for this system is configured into the webapp server using plug-replaceable components that implement what are known as security Realms. Most webapp servers come with multiple Realm modules to allow the userid/password and userid/role information to be stored in different mechanisms, such as databases, LDAP, and so forth.


Customer surveys are for companies who didn't pay proper attention to begin with.
Murad Imanbayli
Greenhorn

Joined: Jan 24, 2013
Posts: 5

Hi Gregory ,you using PhaseListener for this problem .if you want Phaselistener example then see this link http://www.devmanuals.com/tutorials/java/jsf/jsf2TagLibrary/core/phaseListener.html


Murad Imanbayli - SCJP

Leader of Baku JUG http://bakujug.com/
My Java and Oracle blog http://muradimanbayli.com/

I am from Azerbaijan
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JSF page sequrity
 
Similar Threads
Hi friends..about making exe's
user authentication in every page using struts2
Private forums and/or categories
how to invoke my servlet from a third party web client
how to handle browser back button in jsf application