Problem

Render controls depending on the user role.

Solution

Use #{rich:isUserInRole(object) to identify the user role and rendered attribute to manage  controls rendering.

Details

The #{rich:isUserInRole(object) function lets you identify the whether the logged in user belongs to a certain user role. The function returns “true” if the logged in user has the role passed to the function.  This can be useful when you work with user-role dependent layout.  By setting the rendered attribute of any JSF/RichFaces component to true/false you can include/omit the controls from the layout.

Example

Let’s create a protected area (let it be admin folder) in an application and place a file that will have user-role dependent layout:  a text area will be displayed only to the users with   “amin” role and a plain text with no editing option will be shown to the users that belongs to the “user” user role.
First we need to create basic authentification.
Add this code to your web.xml:

<security-constraint>
          <web-resource-collection>
               <web-resource-name>Protected Site</web-resource-name>
               <url-pattern>/admin/*</url-pattern>
               <http-method>DELETE</http-method>
               <http-method>GET</http-method>
               <http-method>POST</http-method>
               <http-method>PUT</http-method>
          </web-resource-collection>
          <auth-constraint>
               <!-- Roles that have access -->
               <role-name>admin</role-name>
               <role-name>user</role-name>
          </auth-constraint>
     </security-constraint>
     <!-- BASIC authentication -->
     <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>Basic Authentication</realm-name>
     </login-config>
     <!-- Define security roles -->
     <security-role>
          <description>admin</description>
          <role-name>admin</role-name>
     </security-role>
     <security-role>
          <description>user</description>
          <role-name>user</role-name>
     </security-role>

Then you need to set up your server. In this example we will show how to configure Tomcat server.
Define user roles, logings and passwords in Tomcat_Installation_folder\conf\tomcat-users.xml:

<tomcat-users>
<role rolename="user"/>
<role rolename="admin"/>
<user name="user" password="123" roles="user" />
<user name="admin" password="456" roles="admin" />
</tomcat-users>

And add this line of code to the Tomcat_Installation_folder\conf\ server.xml in the <Engine> element:

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase"/>

As you could see the admin folder is restricted in the project.
Create a view page in the amin folder and add this code to the page:

<h:form rendered="#{rich:isUserInRole('admin')}" >
<rich:editor value="#{editor.pageText}" rendered="#{rich:isUserInRole('admin')}"/>
<h:commandButton value="Save" />
</h:form>

<h:outputText value="#{editor.pageText}" rendered="#{rich:isUserInRole('user')}" />

Now you can login with as amin to see the editor, while if you login as a user you will see just a text without editing option.