You can secure directories / single views with DeltaSpike TypeSafe ViewConfig + Security:
http://deltaspike.apache.org/documentation/jsf.html#Type-safeView-Configs Am Mi., 21. Aug. 2019 um 20:13 Uhr schrieb Stephen More < [email protected]>: > IMO this is not a deltaspike issue. > > For security take a look at https://www.pac4j.org/ > > Usually you have 1 page that logs in all users - Authentication > Then you assign roles to that user - Authorization > > To secure your page utilize isUserInRole(*"ADMIN");* > > https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String) > > > On Wed, Aug 21, 2019 at 11:21 AM Tappe, Heiko <[email protected]> wrote: > > > > > I am in the process of migrating some seam 3 based app to deltaspike. > > Right now my problem is how to secure my pages. The examples I've seen so > > far work with a simple and single login. > > But my app uses different logins for different parts of the app. For > > example > > - Standard login for /pages/* > > - Admin login for /adminpages/* > > What I would like to achieve is that when requesting a page without being > > logged in to be redirected to the appropriate login page and after > > successful login the original page (with all its request params) is to be > > shown. > > Though sometimes right after a successful login one or two more info > pages > > are to be shown before the original page comes back into play. > > If the user tries to access for instance an admin page though logged in > as > > a standard user (or the other way round) an error page should be > displayed. > > > > > > Any idea how to achieve this? > > > > > > --Heiko > > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virenfrei. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
