what is the best way to implement authorization in JSF2?
through, servlet filter, phase listener or ther is something new that I am not aware of?
what is the best way to implement authorization in JSF2? through, servlet filter, phase
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
what is the best way to implement authorization in JSF2?
through, servlet filter, phase listener or ther is something new that I am not aware of?
There are two pieces to this: Authentication, and Authorisation.
First Authentication: You can configure your web.xml to perform JAAS-based authentication according to a url pattern. Alternatively, if url-based authentication is too coarse-grained for you, you could do this manually with a PhaseListener or page actions using the HttpServletRequest login() method (new in Servlet 3.0). You can access this method through the
FacesContext.getCurrentInstance().getExternalContext().Once you are authenticated to a JASS realm, you can consider role based authorisation. Again there are a number of options:
FacesContext.getCurrentInstance().getExternalContext().isUserInRole("role")to programmatically access the current role in your backing beans.