• Post Reply Bookmark Topic Watch Topic
  • New Topic

Change Componet's attribute dynamically  RSS feed

 
Mehran Falak
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
i have a problem by JSF 1.2 , i need to change some component's attribute of my pages (disable and rendered) to implement authorization.
i try to use jsf phase listener registered for after Restore_View and also before Render_Response but for first user request FacesContext.getViewRoot() return an empty object and it populated after Render _Response so i cant access to my page component to manipulate them! i also try ViewHandeler but it's not work too
how can i access to the page components on run time and dynamically change the view state!?
thanks
 
E Armitage
Rancher
Posts: 989
9
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why not have disabled="#{secHandler.check}" or similar? Intercepting web pages to decorate them with blanket functionality will cause more problems than the benefits you get out of this (especially for JSF 1.2).
If you design your pages correctly using includes and not repeating/copy-pasting fragments then it shouldn't be too much work to add the constraints on the pages 'manually'.
 
Mehran Falak
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
E Armitage wrote:Why not have disabled="#{secHandler.check}" or similar?


thank for your suggestion,
but i need change them because we try to produce a pluggable security for some of our project and it is sort of impossible for me to change pages and add EL to them
so we looking for a way help us to manipulate page in a central place like component tree
i hope find simple an efficient solution

 
E Armitage
Rancher
Posts: 989
9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why is it impossible to add EL to the pages? You are still going to need to manually check that each page is behaving correctly after the changes. Also, components are sometimes disabled for other reasons, so even if your security says it should be rendered (or enabled) you still need to check if the page logic should make it rendered or not. Just put the action buttons in a fragment, put the security constraints in there manually and reuse that fragment in all your pages.
 
Mehran Falak
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
E Armitage wrote:Why is it impossible to add EL to the pages?

thanks again but it is impossible because of our project specifications, and also our pages developed before it by other company and we dose not allowed to change *.JSPX files but we must provide a facility that allow admin of system to intercept pages and define witch component disable/render for witch user groups this info saved in DB and then we fetch data and decide how component must rendered
for this reason we need intercept requested page rather than add EL to them

thanks again

 
E Armitage
Rancher
Posts: 989
9
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It seems I can never say this enough:


The more JSF-specific code you have in a JSF project, the more likely you are doing it WRONG!


I think you're in a hole - constrained by "clever" superiors (who apparently aren't) - and can only end up deeper.

Even without artificial constraints, adding complexity to a JSF 1.2 project is a bad business move. JSF 1.2 is obsolete. JSF2 has some major internal differences. Meaning that JSF-specific code that mucks around with JSF's internals is likely to break seriously - quite possibly irreparably - when it's time to upgrade to a more modern, supported version of JSF.

From the sound of it, this is a project that needs a serious top-to-bottom overhaul and modernization by someone who understands that JSF is a "KISS" technology, not an excuse to wallow in technological esoterica. This isn't an "if it ain't broke, don't fix it" just-git-r-dun problem. This system was already broken and the passage of time only makes it more and more expensive to keep it going. In short, I'd make sure the CV is up to date.

Beyond that, the best way to hide sensitive controls and data displays in JSF remains to use the "rendered" attribute. And you should NEVER assume that just because you didn't render a sensitive control that someone cannot manually jam its value in on a page request and thereby bypass security.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!