Andrew Robinson wrote:
You do not need container managed security if you are not interested in URL based security. So for view only security, go ahead and use a phase listener approach. FYI, you will have to implement your own method of authentication (403 or form based).
Well I've already got a form for login, so I'll simply have to redirect them to that view in the phase listener. Sounds like the perfect fit for me.
I can see now why this is not a magic bullet, and why so many different approaches are in use. I think perhaps the major java security specs could use some realignment with JSF, a la JSP 2.1/JSF 1.2
Thank you and the rest, seeing these various approaches and pointers has really helped a lot in assessing my choices. :)
Regards, Jeff Bischoff Kenneth L Kurz & Associates, Inc.
