Darren, Trinidad is a component set and does not have a security infrastructure. You can use the render property or the readOnly property to perform authorization, but this needs to be backed up somewhere. Usually authorization is enforced on the business service layer and surfaces in the UI. If e.g. a user has a permission, JAAS or container managed, to update an attribute then this could/should be exposed in the UI through expression language, referencing a method on the model that performs the check permission call.
Beside of this, security needs to be on page navigation, which is something you need to implement in the JSF engine (MyFaces or JSF RI). Have a look at http://www.orablogs.com/fnimphius/archives/001790.html http://www.orablogs.com/fnimphius/archives/001836.html where I created a sample for container managed and JAAS authorization. However, from this little development experience I can say that security in JSF is nothing you implement within an afternoon but requires a well thought through security framework that integrates not only with the UI but also the model fro a consistent security enforcement. The easiest way to get started with such an effort is to look at the security design patterns that exist and work your way back to JSF- Frank Hi all,
Can anyone please point me in the right direction as regards methods to execute authorisation & authentication to a Trinidad webapp. Something along the lines of Java Authentication and Authorization Service (JAAS). We want to implement an authorisation 'front door' as an underlining layer. Has Trinidad its own implementation? I can't seem to find any information in this regards. Any info' would be appreciated! Best regards, Darren. P Please consider the environment before printing this email _________________________________________________________ 1. The information contained in this E-mail, including any files transmitted with it, is confidential and may be legally privileged. This E-mail is intended only for the personal attention of the stated addressee(s). Any access to this E-mail, including any files transmitted with it, by any other person is unauthorised. If you are not an addressee, you must not disclose, copy, circulate or in any other way use or rely on the information contained in this E-mail or any files transmitted with it. Such unauthorised use may be unlawful. If you have received this E-mail in error, please inform the sender immediately and delete it and all copies from your system. You may not forward this E-mail without the permission of the sender. 2. The views expressed in this E-mail are those of the author, and do not necessarily represent the views of AMT-SYBEX. Internet communications are not secure and AMT-SYBEX cannot, therefore, accept legal responsibility for the contents of this message nor for any damage caused by viruses. AMT-SYBEX Limited is a UK company, registration number GB03036807 at address The Spirella Building, Bridge Road, Letchworth, SG6 4ET. AMT-SYBEX (NI) Limited is a UK company, registration number NI024104 at address Edgewater Office Park, Edgewater Rd, Belfast, BT3 9JQ. For more information on the AMT-SYBEX Group visit http://www.amt-sybex.com _________________________________________________________
-- Frank Nimphius
