The way I do it is usually via a property in my User class.
Which would map to user.getRole().isManager();
or something like that.
posted 13 years ago
Thanks for the response Gregg. We have to use XML policy files for the mapping of roles to permissions. So, If I were to map the roles and their permissions in an xml policy file, what kind of permission string/elements should I construct for each role to show/hide the component?
We don't have many rules here at the JavaRanch, but we do insist that you use your Real Name and not some sort of "handle" or obvious alias. If you're not sure about this, see
A lot of people won't bother to answer if you're using an obviously improper display name.
I think we have a bit of confusion here. Some people seem to be talking about "Do It Yourself" security systems, and others are talking about J2EE standard container-managed security. I've already gone on record about why DIY security is in invitation to disaster - if anyone really cares, I have a nice long list of reasons I can point them to.
JSF, unlike Struts and JSTL doesn't (presently) have built-in support for role-based access control via the container security system. However, as Christopher implied, container-base security support is available from the Tomahawk tagset.
I have no idea why you expected JSF or any other framework to provide you with any sort of security support if you're managing your own security. There are too many different ways that people can cobble together DIY systems, and the J2EE standard way is supposed to be complete enough that that no general API beyond itself was considered necessary.
An IDE is no substitute for an Intelligent Developer.