You can also check out the acegi-jsf components in jsf-comp. They can also work now even you do not use acegi and depend on container security.
<acegijsf:authorize ifAllGranted="role1,role2">
//secured components here
</acegijsf>
Regards,
Cagatay
On 6/28/06, Martin Grotzke <
[EMAIL PROTECTED]> wrote:
Hello,
On Wed, 2006-06-28 at 18:06 +0200, Gilles DEMARTY wrote:
> Hi martin,
>
> > i want to have/create an authorization aware (menu/button) component.
> Every Tomahawk components are user-role aware
> http://wiki.apache.org/myfaces/User-role_Awareness
Thanx for this hint!
Until now i thought we could not use the principal/role concept because
we have a more fine grained security concept based on roles that have
a specific "userType" and associate several permissions (roleA ->
userTypeFoo, [permission1, permission2]; roleB -> ...).
But if i we tie our permissions to the principal's roles, this should
do the trick, so it simply depends on the point of view.
Otherwise, if we would like to enable anything dependent on the user's
role (in our terms of role, e.g. roleA) or userType, this would not be
possible, or we would have to create pseudo permissions for the role and
the userType. I'll think about it some minutes :)
Thanx for pushing my mind,
cheers,
Martin
>
> hope this answers your request
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQBEoq7F7FvOl7Te+pYRAqyNAJ0SY8pMGHXfcOtlmzgZ0ySoMmOi4QCghACn
5eyDiUFdfjBD9nxdLyfuC1A=
=ZNzw
-----END PGP SIGNATURE-----
