Several Points here 1) Using Security Attributes within your pages. I'm about to release 1.0 of the jsf-security project on SourceForge (www.sourceforge.net/projects/jsf-security) this provides extensions to EL which will give you a new scope #{securityScope} and a bunch of attributes and pseudo functions such as #{securityScope.isUserInRole['manager,admin']} which allow you to use expressions to control rendering and read-only states of components - even if they are not "role" enabled in the way that the myfaces components are. jsf-security is fully pluggable and so if you use Acegi or a home grown Authorization / Authentication mechanism you can plug it in underneath the same consistent EL. The current version hooks into Container Security, and we've just started a JAAS adapter as well. If anyone wants to get involved - particularly of you use Acegi today get in touch. For more info on this see this blog entry: and the project on SF. You can pull the source from CVS today and build - it all works I just need to write the doc and the localize the message strings... 2) Using the database to Authenticate / Authorize Your mileage will vary from container to container, but with OC4J (& Oracle App server) you can plus in your own custom login modules that can do just this - Frank and I who work on the jsf-security project just posted a paper on that process a few weeks back: Declarative J2EE authentication and authorization with JAAS Duncan Dave wrote:
-- Regards Duncan Mills Senior Principal Product Manager Oracle Application Development Tools [EMAIL PROTECTED] |
- Re: Login system security Duncan Mills
- Re: Login system security Dave
- Re: Login system security Duncan Mills
- Re: Login system security Martin Marinschek
- Re: Login system security Duncan Mills
- Re: Login system security Martin Marinschek
- Re: Login system security Sean Schofield
- Re: Login system security hicham abassi