I learned building a web-app with Java and Seam (and JSF 1.2)
But now i’m working at the moment with pure Java EE 6 and JSF (Mojara 2.0.9) – without any extra Framework around.
In Seam i used for the index.xhtml the index.page.xmlfor restriction:
<restrict>#{authorizationManager.isAdmin()}</restrict>
Is there any equal function like the page.xml?
And:
I also used the index.page.xml to make some calls like:
<action execute="#{indexController.doSomething()}" on-postback="false"/>
Is it now the only chance to do it with an @PostConstruct in the Controller for the .xhtml?
Also how i’m doing something like this without the page.xml?
<navigation>
<rule if-outcome="OK">
<redirect view-id="/pages/index.xhtml" />
</rule>
</navigation>
It seems to me, the pure JavaEE works totaly different?
(you don’t have to send me full code, just give me the key words i have to google, thanks!)
Standard JSF does not offer any builtin authenticaiton/authorization facilities. All is to be used from the “raw” Servlet API or a 3rd party framework like Spring Security.
As to the “raw” Servlet API facilities, the
<security-constraint>inweb.xmlcomes close. You can only restrict on global URL patterns like/app/*, not on a per-page or maybe per-action basis.The
<f:event>in the XHTML page itself comes close:As to the
on-postbackreplacement, check Is it possible to disable f:event type="preRenderView" listener on postback?.JSF 2.0 supports implicit navigation which makes
<navigation-rule>infaces-config.xmltotally superfluous. The returned outcome will be implicitly treated as target view ID. You can perform a redirect by appending afaces-redirect=trueparameter to the outcome query string. E.g.See also: