Hi Cristi, You put
<redirect/> elements in your <navigation-rule> cases in the faces-config.xml file, and with these redirect-elements, the server-side only forward is replaced by a client-side redirect (don't do it on every navigation - only when you cross security boundaries). You loose all request-scoped information, though, if you use a redirect - that means managed-beans, component-state, messages, etc, if you don't use the RedirectTracker (Mario's cool extension, find more information for using it on the Wiki, or by asking on this list again). regards, Martin On 11/14/06, Cristi Toth <[EMAIL PROTECTED]> wrote:
Hi Martin, Well the view-handler solution sound a bit complicated. With Acegi I secure pages depending on the User Role and in the acegi config I map a group of pages to one ore more User Roles So by decoratng the view-handler I practically do Acegi's work. what does <redirect/> and how is it used? it sounds a lot more usable regards, Cristi Toth On 11/14/06, Martin Marinschek <[EMAIL PROTECTED]> wrote: > Hi Cristi, > > that's a problem with all server-side technologies which use a > "forward" to go to the next page (a forward is not reflected in the > URL, only a redirect is). So it is not a specific facelets problem, > not even a JSF problem... > > This evaluation already points to the solution: you can either use > "<redirect/>" elements in your faces-config.xml file whenever you > cross the boundary between secured and not secured pages, or, second > solution, you decorate the JSF view-handler. The view-handler is where > the view to be rendered is determined, and in the view-handler you can > make sure that the final page will not be rendered if it is secured > (you can also forward to the login-page there). > > regards, > > Martin > > On 11/14/06, Cristi Toth < [EMAIL PROTECTED]> wrote: > > Hi, > > > > I'm trying to secure a Facelets application with Acegi Security > > The problem is that with facelets the URL rendered is that of the previous > > page, not the current one > > so Acegi checks for authorization rights for the previous page > > > > this way I can see a "secured" page and Acegi will give a "access denied" > > only when I leave the page > > > > please help! > > > > Cristi Toth > > > > > > > -- > > http://www.irian.at > > Your JSF powerhouse - > JSF Consulting, Development and > Courses in English and German > > Professional Support for Apache MyFaces >
-- http://www.irian.at Your JSF powerhouse - JSF Consulting, Development and Courses in English and German Professional Support for Apache MyFaces
