Hi Jeff, Yes I've seen... I had to stop writing my reply because my train arrived and I had to go to the bus station ;)
I will read and answer all your mails when I am on the way home today... Dominik -----Original Message----- From: Jeff Bischoff [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 15:52 To: MyFaces Discussion Subject: Re: AW: AW: [O/T] JSF Best Practices for Authentication/Authorization [EMAIL PROTECTED] wrote: > Yes, that's correct. I am using http basic authentication, which means that > when a page get's rendered, the user is already authenticated and there is > no possiblity to re-show the login screen again, because the browser caches > the username and password. > > I am not able to use form based login, because there are many applications > accessing my page, not only browsers, and it's a lot easier for applications > if there is http basic authentication instead of form based > authentication... (Just think about download managers)... > Oh yes, that makes perfect sense for you. I just wanted to make sure I understood what you are doing. Of course as I read everyone's descriptions, I am thinking about my own plans and I definately want to use form-based authentication. > @SecurityGuard(TypRoles.ADMIN) > public AdminBean getAdminBean() > { > JsfSecurityManager.getCurrentInstance().check(); > } > Like I said, we haven't moved to the new Java yet. But okay, so the annotation is labeling that this method should only be run by admins, and it's the SecurityManager that is responsible for looking at the annotation and deciding whether to continue? Thanks for explaining! (by the way, did you see my other reply to you yesterday?) Regards, Jeff Bischoff Kenneth L Kurz & Associates, Inc.
