I want to know the key points, which one should keep in mind while designing the secured administrator section of an website in JSF2.0. This question is also about security measures. I have two doubt also.
-
If the same css file is used by both public section and secured admin section, should
we separate it by keeping same css in two places, one for public section
another one for secured admin section? -
<h:outputStylesheet>,<h:graphicImage>, etc always consider the
path relative to/resourcesroot folder. So how to assignin path to
all those css, images, etc files, which are used by secured admin section? Because
using<h:outputStylesheet>,<h:graphicImage>, etc might reveal the
path for secured admin section.
I don’t see why that’s necessary. If the admin section requires additional style classes then it would make sense to create an additional stylesheet file next to the existing stylesheet file for the public section. It does not improve security, but it does improve performance as the public section visitor won’t get unnecessary CSS declarations.
I don’t see how that would be a problem. You have of course secured the admin section with a solid login check. The resources which are going to be used by the admin section would not contain sensitive information like names/passwords at all. You can however always put those resources in a common subfolder of
/resourcesfolder and put the very same login check on it.