If you're using the Acegi component from jsf-comp, it's probably the same thing. Acegi's SecurityContextHolderAwareRequestFilter (http://tinyurl.com/2dv5ab) makes request.getRemoteUser() and request.isUserInRole() work. I suspect that enable* and visible* both use the isUserInRole call. It seems to me that adding attributes on tags makes things simpler. Then again, specifying the attribute on each tag is kind of a pain.
Here's another way to do it using AspectJ: http://appfuse.org/display/APF/Secure+JSF+components Matt On 2/21/07, tonyl <[EMAIL PROTECTED]> wrote:
I'm pretty new to JSF and Acegi, and I just learned about enableOnUserRole and visibleOnUserRole attributes for components. I tried them out yesterday and like the way they work and the fact that it cleans up the code in my opinion. What's considered the best practice? Is it better to use authorize tags or are the attributes on components doing the same kinds of checks under the covers? Thanks, Tony -- View this message in context: http://www.nabble.com/authorize-tag-vs.-enableOnUserRole-attribute-tf3268237s2369.html#a9085607 Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- http://raibledesigns.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
