myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bieringer, Dominik" <>
Subject RE: AW: AW: [O/T] JSF Best Practices for Authentication/Authorization
Date Tue, 07 Nov 2006 15:35:44 GMT
Hi Jeff,

Yes I've seen... I had to stop writing my reply because my train arrived
and I had to go to the bus station ;)

I will read and answer all your mails when I am on the way home today...


-----Original Message-----
From: Jeff Bischoff [] 
Sent: Tuesday, November 07, 2006 15:52
To: MyFaces Discussion
Subject: Re: AW: AW: [O/T] JSF Best Practices for
Authentication/Authorization wrote:
> Yes, that's correct. I am using http basic authentication, which means
> when a page get's rendered, the user is already authenticated and
there is
> no possiblity to re-show the login screen again, because the browser
> the username and password.
> I am not able to use form based login, because there are many
> accessing my page, not only browsers, and it's a lot easier for
> if there is http basic authentication instead of form based
> authentication... (Just think about download managers)...

Oh yes, that makes perfect sense for you. I just wanted to make sure I 
understood what you are doing. Of course as I read everyone's 
descriptions, I am thinking about my own plans and I definately want to 
use form-based authentication.

 > @SecurityGuard(TypRoles.ADMIN)
 > public AdminBean getAdminBean()
 > {
 > 	JsfSecurityManager.getCurrentInstance().check();
 > }

Like I said, we haven't moved to the new Java yet. But okay, so the 
annotation is labeling that this method should only be run by admins, 
and it's the SecurityManager that is responsible for looking at the 
annotation and deciding whether to continue?

Thanks for explaining!

(by the way, did you see my other reply to you yesterday?)


Jeff Bischoff
Kenneth L Kurz & Associates, Inc.

View raw message