This content has been marked as final.
Show 4 replies
-
1. Re: Setting Authorization Roles
shane.bryzak May 16, 2007 10:45 PM (in response to neilac333)You can place a element within a element inside pages.xml, like this:
<page view-id="/orderDetail.xhtml"> <restrict>#{s:hasRole('admin')}</restrict> </page>
-
2. Re: Setting Authorization Roles
neilac333 May 16, 2007 11:41 PM (in response to neilac333)Thanks so much for the prompt response.
-
3. Re: Setting Authorization Roles
asookazian Jan 24, 2008 1:35 PM (in response to neilac333)"shane.bryzak@jboss.com" wrote:
You can place a <restrict> element within a <page> element inside pages.xml, like this:<page view-id="/orderDetail.xhtml"> <restrict>#{s:hasRole('admin')}</restrict> </page>
What is the recommended alternative implementation strategy to hard-coding the role(s) like above in pages.xml? for example, storing the role information in a RDBMS table so that we can update role data real-time and users are granted roles when they begin a new session.
Is it even necessary to do this? the argument bein that roles for page level access do not change frequently enough to need real-time updates?
Also, is it sufficient in most cases to use s:hasRole for component level restriction on JSF's instead of using s:hasPermission? -
4. Re: Setting Authorization Roles
shane.bryzak Jan 24, 2008 8:02 PM (in response to neilac333)"asookazian" wrote:
What is the recommended alternative implementation strategy to hard-coding the role(s) like above in pages.xml? for example, storing the role information in a RDBMS table so that we can update role data real-time and users are granted roles when they begin a new session.
Is it even necessary to do this? the argument bein that roles for page level access do not change frequently enough to need real-time updates?
I don't quite understand what you're asking here. Storing the user's roles in a database table is a recommended strategy."asookazian" wrote:
Also, is it sufficient in most cases to use s:hasRole for component level restriction on JSF's instead of using s:hasPermission?
That totally depends on your own requirements. You can use either, or mix and match as you wish. It all depends on what kind of security model you want and how fine-grained it should be.