Usign JSF+Spring Security. Solution 1 – UI oriented: JSF page displays panel with users

Question

0

Asked: May 31, 20262026-05-31T20:50:06+00:00 2026-05-31T20:50:06+00:00

Usign JSF+Spring Security. Solution 1 – UI oriented: JSF page displays panel with users

0

Usign JSF+Spring Security.

Solution 1 – UI oriented:
JSF page displays panel with users if authenticated person has ROLE_ADMIN authority only.

<p:panel rendered="#{facesContext.externalContext.isUserInRole('ROLE_ADMIN')}">
...

Solution 2 – backend oriented (annotate appropriate DAO method):

@Transactional
@PreAuthorize("hasRole('ROLE_ADMIN')")
public List<User> getUsers() {
    return sessionFactory.getCurrentSession().createCriteria(User.class)
            .list();
}

Resume:
Looks like JSF rendered attribute is not flexible solution and DAO annotated methods are not user-friendly,because of redirecting to 403.

What is the gracefull solution,that allows me NOT to display panel or link,that are not corresponded to specific authorities?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-31T20:50:07+00:00

You don’t want to show the enduser panels or any kind of functionality which the enduser isn’t allowed to see/use anyway. That would only result in general confusion and frustration. So role checking in the rendered attribute is the way to go.

The expression can only be more simplified in this form:

<p:panel rendered="#{request.isUserInRole('ROLE_ADMIN')}">

The ExternalContext#isUserInRole() delegates to HttpServletRequest#isUserInRole(), but the HttpServletRequest is by itself also present in EL scope as #{request}.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Usign JSF+Spring Security. Solution 1 – UI oriented: JSF page displays panel with users

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply