You could always check out the source code for the OSS project http://securityfilter.sourceforge.net to get you started. You might even be able to drop it in to quickly use it. If I had thought of it before I would have mentioned it. It is around 2 years old but I believe it is still relevant. Or http://jguard.sourceforge.net which was updated just last month. I have never tried JGuard so I can't say anything about it. Whereas I have actually read the source code to securityfilter and found it very instructional.
Regards, David -----Original Message----- From: Jan Zach [mailto:[EMAIL PROTECTED] Sent: Thursday, July 20, 2006 5:47 PM To: MyFaces Discussion Cc: [EMAIL PROTECTED] Subject: RE: one step delayed url Hi David, thanks for explaining. I was writing my own security filter (I did not want to use the tomcat one because I'm unable to set up pricipal programatically and probably it would not solve the problem) and this delay complicates the thing. If I would like to handle access restriction properly I'd have to have add another check into the navigation handler computing new state from current state, action, and configuration in addition to checks in servlet filter. Or am I wrong and there is a better way? Regard jan
