Win a copy of The Way of the Web Tester: A Beginner's Guide to Automating Tests this week in the Testing forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JSF, roles and security-constraint

Kev D'Arcy
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I just have a query about how to use JSF with roles and URLs restricted
by a security-constraint defined in the web.xml file. In non-JSF land this
is easy to use since the action of the form can be set to a particular URL
and the standard role based URL access will kick in to either allow or
prevent access to it depending on the role of the user.

Since JSF takes this control away from you, I'm now wondering if declarative
role based control is possible in JSF, or is it something that now has to be
done programatically in the code i.e. HttpServletRequest.isUserInRole(). My
hope was to use the declaritive method since it's easier to impliment.

Any thoughts?


  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic