myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rudi Steiner" <rudi.stei...@googlemail.com>
Subject MyFaces and Security
Date Mon, 14 May 2007 14:04:57 GMT
Hello,

I'm in the final state of a project and thinking about, which is the
best way to make a myFaces-App secure (authentication, authorization,
...)

I'm thinking about the Tomcat build in mechanism or an alternative
like securityFilter. But thinking about it, I got some questions like,
how about to fake the view state on the client side.

Could It be, that for example a normal user who knows the
applicationcode, fakes the viewstate on the client for a page which
has for example some commandbuttons which are rendered for an admin
but are not rendered for a normal user? Has anyone made experiences in
this area?

thanks a lot,
Rudi

Mime
View raw message