2006/9/22, Patrick Dreyer <[EMAIL PROTECTED]>:
Sorry, forgot about the MyFaces wiki...
Just found the page about "Access FacesContext from Servlet" http://wiki.apache.org/myfaces/AccessFacesContextFromServlet
Patrick Dreyer schrieb:
> Hi Jan
>
> Don't do authentication/authorization through a ViewHandler, use a servlet filter instead.
> Citation from JavaWorld ( http://www.javaworld.com/javaworld/jw-07-2004/jw-0719-jsf.html):
>
>> * Use a base backing bean: This solution is simple. However, it ties the backing beans to a specific inheritance hierarchy.
>> * Use a JSF ViewHandler decorator: This way, the security logic is tightly coupled with a specific Web tier technology.
>> * Use a servlet filter: A JSF application is no different from other Java-based Web applications. It makes a filter the best place > to handle authentication checking. This way, the authentication logic is decoupled from the Web application.
>
> Additionally, by using a ServletFilter the configuration keeps in web.xml and it's a snap to force SSL for example.
>
> There is an interesting article about page authorization in JSF on http://jdj.sys-con.com/read/250254.htm
>
> We generally put secured page in different directories (user role dependent) and close the whole directory with a security constraint.
>
> I'm pretty sure, you'd like to store authentication/authorization information in a JSF backing bean, thus you'll ask yourself: "How to access backing beans in a servlet filter?" A quick google search ("access jsf backing bean from servlet filter") showed up a very good hit at the first place ( http://www.thoughtsabout.net/blog/archives/000033.html).
>
> Patrick
>
> janw schrieb:
>> Hello,
>>
>> I'd like to use a ViewHandler for authorization.
>> I use tiles, so I have already a Viewhandler defined in my application
>> (JspTilesViewHandlerImpl).
>> How can I integrate these two view-handlers? I think I cannot define a
>> second view-handler.
>>
>> I know there are frameworks like SecurityFilter, Acegi, but I need only a
>> very simple auth mechanism.
>>
>> Regards,
>> Jan
>
>
--
Yours truly (Atenciosamente),
Rogério (_rogerio_)
http://faces.eti.br
