-
1. Re: Security & Authentificaiton of a Seam Application
norman.richards Jan 25, 2007 5:10 PM (in response to toni)Does web.xml security give you the functionality you want? If so, then go ahead and use it. JBoss makes it really easy to work with. The problem is that the functionality just isn't very advanced.
If you can wait a bit longer for the Seam security features to be completed, I think you'll find you'll be able to apply much more interesting security policies to your application. -
2. Re: Security & Authentificaiton of a Seam Application
toni Jan 26, 2007 4:11 AM (in response to toni)I have now used the web.xml and it works fine for me. There is a good JAASExample in the wiki. I can recommend it.
Just one last question. I noticed that the j_security_check is the URL to which the request for a FORM login gets posted to.
Is that a constant or can we change it? And how could I provide it to a <h:form> tag in JSF? -
3. Re: Security & Authentificaiton of a Seam Application
gavin.king Jan 26, 2007 9:24 AM (in response to toni)That is a magic value defined by the servlet spec (which is totally atrociously bad on authentication).
-
4. Re: Security & Authentificaiton of a Seam Application
toni Jan 29, 2007 7:16 AM (in response to toni)One final question:
How can I render parts of the page depending on the user role with this kind of security setup?
I would like to hide or show menu items depending on whether or not the user belongs to a certain rule. -
5. Re: Security & Authentificaiton of a Seam Application
toni Jan 30, 2007 3:20 AM (in response to toni)Does JSF provide any means of checking for the role the user is in?
-
6. Re: Security & Authentificaiton of a Seam Application
markfoerstein Jan 31, 2007 9:23 PM (in response to toni)"norman.richards@jboss.com" wrote:
If you can wait a bit longer for the Seam security features to be completed, I think you'll find you'll be able to apply much more interesting security policies to your application.
Just saw that 1.1.5 is out... I can't wait to see some examples on this... Please Norman point us to some examples as soon as they are available. ;-)
Thanks -
7. Re: Security & Authentificaiton of a Seam Application
markfoerstein Jan 31, 2007 9:25 PM (in response to toni)"toni" wrote:
How can I render parts of the page depending on the user role with this kind of security setup?
I would like to hide or show menu items depending on whether or not the user belongs to a certain rule.
Same here toni ;-) -
8. Re: Security & Authentificaiton of a Seam Application
gavin.king Jan 31, 2007 9:31 PM (in response to toni)"markfoerstein" wrote:
"toni" wrote:
How can I render parts of the page depending on the user role with this kind of security setup?
I would like to hide or show menu items depending on whether or not the user belongs to a certain rule.
Same here toni ;-)
Easy:<h:commandButton value="Self Destruct" action="#{machine.selfDestruct}" rendered="#{s:hasPermission('machine','selfDestruct',machine)}"/>
(Using 1.1.5, of course.)
If you don't have instance-level security, the following simpler form will suffice:<h:commandButton value="Self Destruct" action="#{machine.selfDestruct}" rendered="#{s:hasPermission('machine','selfDestruct')}"/>
And if all you have is role-based security, the following is even simpler:<h:commandButton value="Self Destruct" action="#{machine.selfDestruct}" rendered="#{s:hasRole('hero')}"/>
-
9. Re: Security & Authentificaiton of a Seam Application
markfoerstein Jan 31, 2007 9:37 PM (in response to toni)Wow, instant answer. Are you a human or a forum bot or something...;-)
PS: I liked the "self destruct" thing ;-)
Will check it out...
Thanks Gavin.