I,
too, am using acegi security, and echo the previous poster's
opinion.
Rather
than using the phase listener approach which seems to be view-based (whether you
can see a view or not), with Acegi I can control which tags are present as part
of a page enabling components for those users who have the appropriate
roles.
-----Original Message-----I am using Spring acegi for my application and it works great!
From: Mick Knutson [mailto:[EMAIL PROTECTED]
Sent: Friday, November 03, 2006 4:03 PM
To: MyFaces Discussion
Subject: Re: [O/T] JSF Best Practices for Authentication/Authorization
On 11/3/06, Jeff Bischoff <[EMAIL PROTECTED] > wrote:Greetings Colleagues,
I have often wondered what the majority of you are using for
authentication and authorization in your non-public websites. Over the
last year on this mailing list, I have seen bits and scraps of
discussion on this topic. Most often, I hear mention of solutions like
container-managed security and phase listeners. Sometimes custom
navigation-handlers or servlet filters get mentioned too. Cant' say I've
quite seen evidence of any consensus on which of these is preferred, so
I'm interested to hear your thoughts.
I have come across this article [1] which offers an approach (and some
source code) to authorization in JSF. What are your opinions on this
approach? Would you consider this and similar approaches to be best
practice? What other alternatives can you recommend (from experience)?
I will post my specific requirements for my security search as a reply
to this post, so as not to narrow the overall discussion.
[1] http://java.sys-con.com/read/250254_1.htm
Regards,
Jeff Bischoff
Kenneth L Kurz & Associates, Inc.
--
Thanks
DJ MICK
http://www.djmick.com
http://www.myspace.com/mickknutson
