myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Fischer <>
Subject RE: Security role question
Date Mon, 03 Sep 2007 13:29:14 GMT
I had the same problem, and my solution was to use plain jsp means for
this. I wrote a custom pagePermission Tag, which is included in every
protected page. The necessary data (which permission should be checked) is
given to the tag via EL expressions. The Tag then checks the permission,
and throws an exception if the user has no permission. The exception is
handled by a custom error handling mechanism (although one could also use
then ew error handling from myfaces 1.2.1 snapshots)

Note, however, that this solution has a philosophy problem: Permissions are
treated like visual components. For my use case, however, the simplicity of
the solution outweighs this.

If there are better solutions around, I'd also be interested in


Angel Miralles Arevalo <> schrieb am 03.09.2007


> Hi everyone, I'm trying to implement passive security on my application.
> me explain, although a user has logged in the application there are many
> where he couldn't enter (url navigation).
> I have worked with Struts and the way to manage the problem is setting a
> "role" in action definition. Then when you invoke this action,
> "ControllerManager" (method call previous to every action) checks if
> user can access to this specific page (DB relations user/role/page).
> What I want is to prevent logged user to url navigation. Is there any way
> implements this behaviour with JSF tech?
> I think it is a basic functionality. Thanks so much!!!
> Sé un Mejor Amante del Cine
> ¿Quieres saber cómo? ¡Deja que otras personas te ayuden! .
> Sé un Mejor Amante del Cine
> ¿Quieres saber cómo? ¡Deja que otras personas te ayuden! .

View raw message