The queued events in JSF are hold in a private list per phase and as far I know there is no way to access these list public.
Since security is a crosscutting concern more than a layer, using aspects might work for you. All the events in JSF extends from FacesEvent which has a method called processListener. Looks like a good point to cut. The problem might to determine which roles can execute which events.
Cagatay
On 5/11/06, vace117 <[EMAIL PROTECTED]> wrote:
I haven't done anything like that myself, but you could try the following.
Let me know if it works for you.
1) Register your own ActionListener with <action-listener> in your
jsf-config.
2) In the listener you will have access to the ActionEvent, which will give
you access to the event source UICommand component
3) UICommand implements ActionSource, so you can find out what method will
be called by calling getAction() on it to get your MethodBinding.
4) Check if the user is allowed to run this method. If not, throw an
AbortProcessingException
The 1st step is the part I never tried. If it doesn't work, you can always
provide your own default ActionListener by setting it with
application.setActionListener(). If you have to do that, either subclass
ActionListenerImpl or copy most of the code from it and add your security
code.
I am curious whether this works or not, so please post the results if you
try it.
--
View this message in context: http://www.nabble.com/Re%3A-which-method-will-be-invoked-in-the-invoke-application-phase.-t1599198.html#a4342736
Sent from the MyFaces - Users forum at Nabble.com.
