I've switch from a login page to a filter that authenticates and sets the User database record in the session. (Actually, I fetch this record every request, and store it in the request, but that may be too excessive for your situation).
I then have additional filters that work on that data to provide coarse-grain security (ie, if you don't pass the filter, you can't access any of the application). I also have a SecurityRoleManager bean that provides fine-grain control by operating on the record stored in the session. Ie, "securityRoleManager.canEditDate()" On 10/4/05, Eurig Jones <[EMAIL PROTECTED]> wrote: > I'm trying to decide on a Login/Logout system to protect my files using > JSF.. I've played about with extending NavigationHandler, but the > problem is, it doesn't protect the files which aren't JSF, and you can > still run the JSP files if you wanted to... > > How have you people gone about a database driven login/logout system > using Faces? >
