Is this really the area which MyFaces has to cover?but as to the orginal question: no there is nothing like that implemented right into MyFaces
This is a controller, model problem not a view problem, and JSF basically covers mostly the view level with basic infrastructure for the controllers but nothing more.
This stuff has covered by the real data access code, thus it is better to keep that stuff in db access classes, or aspects which are wired into the controller code, if you want to have it the non interfering way.
I think something like the spring framework would be the best place to have such security handling implemented not in the JSF stuff directly.
