myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam Winer" <awi...@gmail.com>
Subject Re: [Trinidad] Authorisation & Authentication? (JAAS?)
Date Tue, 10 Jul 2007 22:02:40 GMT
If you're already in the Spring game, Acegi seems a reasonable
incremental solution.

-- Adam


On 7/10/07, Shane Petroff <shane@mayet.ca> wrote:
>
>  Frank Nimphius wrote:
>
>  Usually authorization is enforced on the business service layer and
> surfaces in the UI. If e.g. a user has a permission, JAAS or container
> managed, to update an attribute then this could/should be exposed in the UI
> through expression language, referencing a method on the model that performs
> the check permission call.
>
>  What are the current best practices regarding security and JSF? Am I better
> off integrating with something like Acegi (since I already use Spring)?
> Googling the 2 suggests that Acegi integration can be painful, but now that
> was then... A JAAS based approach seems like it gives one lots of
> flexibility, but requires more work on the developers part. What are other
> people using to provide method level authorization checks?
>
>  Shane
>
>
>  Beside of this, security needs to be on page navigation, which is something
> you need to implement in the JSF engine (MyFaces or JSF RI). Have a look at
>
>  http://www.orablogs.com/fnimphius/archives/001790.html
>  http://www.orablogs.com/fnimphius/archives/001836.html
>
>  where I created a sample for container managed and JAAS authorization.
>
>  However, from this little development experience I can say that security in
> JSF is nothing you implement within an afternoon but requires a well thought
> through security framework that integrates not only with the UI but also the
> model fro a consistent security enforcement. The easiest way to get started
> with such an effort is to look at the security design patterns that exist
> and work your way back to JSF-
>
>  Frank
>
>
>
>
> > Hi all,
> >
> >
> >
> > Can anyone please point me in the right direction as regards methods
> > to execute authorisation & authentication to a Trinidad webapp.
> > Something along the lines of Java Authentication and Authorization
> > Service (JAAS).
> >
> > We want to implement an authorisation 'front door' as an underlining
> layer.
> >
> >
> >
> > Has Trinidad its own implementation? I can't seem to find any
> > information in this regards.
> >
> > Any info' would be appreciated!
> >
> >
> >
> > Best regards,
> >
> > Darren.
> >
> >
> >
> > P Please consider the environment before printing this email
> > _________________________________________________________
> >
> > 1. The information contained in this E-mail, including any files
> > transmitted with it, is confidential and may be legally privileged.
> > This E-mail is intended only for the personal attention of the stated
> > addressee(s). Any access to this E-mail, including any files
> > transmitted with it, by any other person is unauthorised. If you are
> > not an addressee, you must not disclose, copy, circulate or in any
> > other way use or rely on the information contained in this E-mail or
> > any files transmitted with it. Such unauthorised use may be unlawful.
> > If you have received this E-mail in error, please inform the sender
> > immediately and delete it and all copies from your system. You may not
> > forward this E-mail without the permission of the sender.
> >
> > 2. The views expressed in this E-mail are those of the author, and do
> > not necessarily represent the views of AMT-SYBEX. Internet
> > communications are not secure and AMT-SYBEX cannot, therefore, accept
> > legal responsibility for the contents of this message nor for any
> > damage caused by viruses.
> >
> > AMT-SYBEX Limited is a UK company, registration number GB03036807 at
> > address The Spirella Building, Bridge Road, Letchworth, SG6 4ET.
> > AMT-SYBEX (NI) Limited is a UK company, registration number NI024104
> > at address Edgewater Office Park, Edgewater Rd, Belfast, BT3 9JQ.
> > For more information on the AMT-SYBEX Group visit http://www.amt-sybex.com
> > _________________________________________________________
> >
>
>
>
>  --
>  Frank Nimphius
>
>
>
>  --
> Shane
>

Mime
View raw message