This week's book giveaway is in the Jython/Python forum.
We're giving away four copies of Murach's Python Programming and have Michael Urban and Joel Murach on-line!
See this thread for details.
Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Access rights for jsf pages.  RSS feed

 
Ivan Prokopenko
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello.
In my jsf page i need to have several types of users accounts.
For different accounts different pages must be displayed. Is there any solution for jsf or richfaces framework?
Can variables or macros can be used in navigation rules?
 
Brendan Healey
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I think that what you are asking is how to restrict the access to data by users (authorisation)
according to who you know the user to be (authentication)?

Your question is a little too general, perhaps if you can clarify what it is that you are trying
to do then I can help a little to point you in the right direction.

Regards,
Brendan.
 
Ivan Prokopenko
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Brendan Healey wrote:
I think that what you are asking is how to restrict the access to data by users (authorisation)
according to who you know the user to be (authentication)?

Your question is a little too general, perhaps if you can clarify what it is that you are trying
to do then I can help a little to point you in the right direction.

Regards,
Brendan.

I wan`t not only to rstricts acces to data by users but also to show different pages to different types of users.
For example for user "sam" the the page must be main1.jsp and for user "alex" main2.jsp.
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
To actually limit access to a JSF View, you can use container-based authorization to limit access to its URL based on the security role(s) of the user. However, in JSF you also have to add a "redirect" element to the navigation rules that go to that page, since otherwise, the URL used may be the "from" page URL, and it's the URL that's used for access control, not the view name itself.

In conjunction with that, you can set up the preceding action methods to select (navigate to) whichever view that particular user should be supplied with. Just remember to include the "redirect" option so that the URL will be secured.

For a generic "bookmarkable" URL, such as "main.jsf", you can create a Servlet Filter that replaces that URL with the one for the appropriate page based on the user role.

You can also use a single page with access-controlled regions using div-like constructs (such as "h:panelGrid") and the "rendered=" attribute.
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!