Hi,
The standard approach is the best.
Is most easy to set and, is working always, and will not need other library.
Cristi.
Darren Hartford wrote:
>The approached I've been using is the normal webapp
>JAAS/<security-constraint> approach.
>
>As far as integrating this within the JSF framework, I use the following
>snippets in my sessionbean:
>
>========================
> /**
> * Getter for property username.
> * @return Value of property username. A null is no user
>authenticated.
> */
> public String getUsername() {
> return getExternalContext().getUserPrincipal().getName();
> }
>
>======================
> public boolean verifyRole(String role){
> return getExternalContext().isUserInRole(role);
> }
>======================
>
>Although I'm sure there are more elegant approaches, this has worked for
>me and keeps it relatively simple and as-close to 'standard
>expectations' for most J2EE-style webapps.
>
>I did try the filter approach, unfortunately I've had issues with that
>approach with JSF, some of which were rather obscure so I went with the
>above approach to try to keep it simple and allow for per-page
>authorization control (and per-object authorization control, such as
>buttons enable/disable by role).
>
>Hope that helps, would be nice to have a wiki/howto on some of these
>security integrations with JSF/myfaces (including Acegi, yes, but also
>others like with Tomcat/Jboss security realms and how to handle
>authorization seperately from authentication, etc.).
>
>
>-D
>
>
>
