-
1. Re: Setting Authorization Roles
You can place a element within a element inside pages.xml, like this:
<page view-id="/orderDetail.xhtml"> <restrict>#{s:hasRole('admin')}</restrict> </page> -
-
3. Re: Setting Authorization Roles
"shane.bryzak@jboss.com" wrote:
You can place a <restrict> element within a <page> element inside pages.xml, like this:<page view-id="/orderDetail.xhtml"> <restrict>#{s:hasRole('admin')}</restrict> </page>
What is the recommended alternative implementation strategy to hard-coding the role(s) like above in pages.xml? for example, storing the role information in a RDBMS table so that we can update role data real-time and users are granted roles when they begin a new session.
Is it even necessary to do this? the argument bein that roles for page level access do not change frequently enough to need real-time updates?
Also, is it sufficient in most cases to use s:hasRole for component level restriction on JSF's instead of using s:hasPermission? -
4. Re: Setting Authorization Roles
"asookazian" wrote:
What is the recommended alternative implementation strategy to hard-coding the role(s) like above in pages.xml? for example, storing the role information in a RDBMS table so that we can update role data real-time and users are granted roles when they begin a new session.
Is it even necessary to do this? the argument bein that roles for page level access do not change frequently enough to need real-time updates?
I don't quite understand what you're asking here. Storing the user's roles in a database table is a recommended strategy."asookazian" wrote:
Also, is it sufficient in most cases to use s:hasRole for component level restriction on JSF's instead of using s:hasPermission?
That totally depends on your own requirements. You can use either, or mix and match as you wish. It all depends on what kind of security model you want and how fine-grained it should be.