myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rogerio Pereira" <rogerio.ara...@gmail.com>
Subject Re: Authorization via view-handler
Date Fri, 22 Sep 2006 13:10:28 GMT
I created a PhaseListener for this purpose.

2006/9/22, Patrick Dreyer <patrick.dreyer@gmx.net>:
>
> Sorry, forgot about the MyFaces wiki...
> Just found the page about "Access FacesContext from Servlet"
> http://wiki.apache.org/myfaces/AccessFacesContextFromServlet
>
> Patrick Dreyer schrieb:
> > Hi Jan
> >
> > Don't do authentication/authorization through a ViewHandler, use a
> servlet filter instead.
> > Citation from JavaWorld (
> http://www.javaworld.com/javaworld/jw-07-2004/jw-0719-jsf.html):
> >
> >> * Use a base backing bean: This solution is simple. However, it ties
> the backing beans to a specific inheritance hierarchy.
> >> * Use a JSF ViewHandler decorator: This way, the security logic is
> tightly coupled with a specific Web tier technology.
> >> * Use a servlet filter: A JSF application is no different from other
> Java-based Web applications. It makes a filter the best place >   to handle
> authentication checking. This way, the authentication logic is decoupled
> from the Web application.
> >
> > Additionally, by using a ServletFilter the configuration keeps in
> web.xml and it's a snap to force SSL for example.
> >
> > There is an interesting article about page authorization in JSF on
> http://jdj.sys-con.com/read/250254.htm
> >
> > We generally put secured page in different directories (user role
> dependent) and close the whole directory with a security constraint.
> >
> > I'm pretty sure, you'd like to store authentication/authorization
> information in a JSF backing bean, thus you'll ask yourself: "How to access
> backing beans in a servlet filter?" A quick google search ("access jsf
> backing bean from servlet filter") showed up a very good hit at the first
> place (http://www.thoughtsabout.net/blog/archives/000033.html).
> >
> > Patrick
> >
> > janw schrieb:
> >> Hello,
> >>
> >> I'd like to use a ViewHandler for authorization.
> >> I use tiles, so I have already a Viewhandler defined in my application
> >> (JspTilesViewHandlerImpl).
> >> How can I integrate these two view-handlers? I think I cannot define a
> >> second view-handler.
> >>
> >> I know there are frameworks like SecurityFilter, Acegi, but I need only
> a
> >> very simple auth mechanism.
> >>
> >> Regards,
> >> Jan
> >
> >
>
>


-- 
Yours truly (Atenciosamente),

Rogério (_rogerio_)
http://faces.eti.br

Mime
View raw message