myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Werner Punz <werner.p...@gmail.com>
Subject Re: [CODI add-on] Created an add-on for securing JSF components.
Date Mon, 17 Jan 2011 15:11:40 GMT
Hey ++1 this sounds awesome looks definitely one step ahead of rendered.

Werner


Am 16.01.11 21:19, schrieb Rudy De Busscher:
> @All
>
> I have created a CODI add-on that allows you to 'secure' JSF components
> by using an implementation of the CODI AbstractAccessDecisionVoter.
>
> These voters can then be used to restrict the access.  In the next
> example, the text is only visible when the voter 'loggedIn' (which is a
> named CDI bean extending AbstractAccessDecisionVoter) don't set any
> ViolationException.
>
> <h:outputFormat value="#{msg['general.label.welcome']} | ">
> <s:securedComponent voter="loggedIn"/>
> <f:param value="#{loggedInUserBean.login}"/>
> </h:outputFormat>
>
> It is also possible to supply the   method some parameter values.  You
> can supply it for example with the looping variable from a dataTable,
> and thus hiding the values in a column except when the user has access
> to it.
> <h:column>
> <f:facet name="header">Salary</f:facet>
> <h:outputText value="#{employee.salary}">
> <s:securedComponent voter="currentUser, hasAdministratorRole">
> <s:securedComponentParameter value="#{employee}"/>
> </s:securedComponent>
> </h:outputText>
> </h:column>
> In the above example, the salary value is visible only to employee
> itself or the administrator.
>
> More info can be found in the readme that comes with the add-on.
>
> You can find the initial version here (1)
>
> Since it has a very deep integration with JSF structures, I need to make
> more tests to confirm it works in more environments.  For the moment,
> the example works with Tomcat 6.0.29.
>
> When you do have questions, remarks or finds any problems, just let it
> me know.
>
> 1 = http://bitbucket.org/os890/codi-addons secureComponent directory.
>
> Regards
> rudy.



Mime
View raw message