Hi,
When you ask facescontext for a role, it actually delegates the call to
either a servlet or a portlet context.
So for an example
FacesContext.getCurrentInstance().getExternalContext().isUserInRole()
will lead to httpservletrequest's isUserInRole in a servlet environment.
Changing this is easy, as stated in the wiki plugin your own security stuff
you use in the app, this maybe acegi, jaas and etc. After doing it just
implement the ifGranted method.
Regards,
Cagatay
On 8/6/07, Angel Miralles Arevalo <[EMAIL PROTECTED]> wrote:
>
> Hi everybody, I'm trying to implement security in my application. I've
> been reading myfaces wiki documentation (SecurityContext) about this theme
> but I have some doubts.
>
> I'm interested in using the feature:
>
> *#{securityContext.ifAnyGranted
> ['rolename1,rolename2']}*
> **
> By the way you are always using the follwong method: ifGranted(role)
>
> b*oolean* ifAnyGranted() {
> *boolean* isAuthorized = *false*;
> *for* (*int* i = 0; i < roles.length; i++) {
> String role = roles[i];
> *if*(ifGranted(role)) {
> isAuthorized = *true*;
> *break*;
> }
> }
> *return* isAuthorized;
> }
>
>
> And its implementation is:
>
> *public* *boolean* ifGranted(String role) {
> * return* FacesContext.getCurrentInstance().getExternalContext().
>
> isUserInRole(role);
>
> }
>
> My question is, how FacesContext has knowlegde of the role's list, how can
> I charge my application's roles?
>
> Thanks in advanced...
>
>
>
>
> ------------------------------
>
> Sé un Mejor Amante del Cine
> ¿Quieres saber cómo? ¡Deja que otras personas te ayuden!
> <http://us.rd.yahoo.com/mail/es/tagline/beabetter/*http://advision.webevents.yahoo.com/reto/entretenimiento.html>
> .
>
