Authorization in JSF based on permission of a component
posted 10 years ago
I am trying to render components based on a permission.
so let say that there are following permissions
Admin Application-Read Application-Write Development
I need to set a permission for each component on a page. Some user can only see the components that are ready only, others can see components that are for read/write users, and Admin person can see all the components that are on the page.
How would i do that in JSF. I have couple ideas that i am doing now, but i know that there are experts that have done this, and there must be an easy way of doing it.
I was thinking of extending my jsf components and add a attribute permission where i would be able to specify one ore more permission for each component(permissionAtt ("Admin,Application-Read")) based on that i would then render the component by calling something like isAuthorized, which would check the permission of the user and the permission of the component. and then render it if it's true.
but this would mean that i have to modify a lot of components.