1 Reply Latest reply on Sep 16, 2013 10:01 AM by lincolnthree

    Best way to secure access to create.xhtml

    gerry.matte
    gerry.matte Sep 13, 2013 7:37 PM

      Each time I generate a new web application using forge, I spend considerable time configuring security within a web.xml file.

      Very often, I wish to allow authenticated users access to some of the view pages created by forge (search.xhtml,view.xhtml) but I often do not want to allow access to create.xhtml by most users.

       

      I struggle with a url-pattern that will prevent access to all my create.jsf urls - but I am unable to define one which is acceptable to jboss 7.

       

      I can use the rendered=  attribute to make links only visible to those who possess the correct role - however, a user who looks over the shoulder of another user can easily deduce what url they can enter directly in their browser in order to gain access to the create.jsf I wish to protect.

       

      What is the best way to prevent access to all create.xhtml pages (create.jsf url's) ?

      • 157 Views
      • Tags:
        • 1. Re: Best way to secure access to create.xhtml
          lincolnthree
          lincolnthree Sep 16, 2013 10:01 AM (in response to gerry.matte)

          Hi there Gerry,

           

          Sorry for the slow reply. There are a few options. You can try using a Java EE security framework like Picketlink, or you can use a URL-rewriting framework like Rewrite Filter, or even Rewrite with security integration from Apache Shiro. We hope to ship a security plugin with Forge in the near future, that will handle setting up PicketLink or other security frameworks for your application.

           

          ~Lincoln

            • Actions