JSF EL Resolver and Security ACL Issues

js8523 Jul 21, 2006 6:43 PM

Dear All

Context:

I am trying to create a user, role, where each role can have any combination of a predefined set of privileges (viewCustomers, viewReservations, cancelReservation, etc), these privileges are given to the role at runtime.

Problem:

I am trying to use this privilege system to limit what is visible on my web app.

What I would like to do is

<h:div rendered="#{hasPrivilege["viewCustomers"]}" >

I have seen that Gavin has set up something similar ish with isUserInRole, but this only accesses the servlet context, not any seam specific context (I would like to inject #{currentUser} into my JSF EL handler to get the current user principal and check that this user has the correct privileges (which is slightly more fine grained than the users role).

I have seen Jacob Hookum's post
http://weblogs.java.net/blog/jhook/archive/2006/03/the_unified_el.html

but I cannot see how to plug a Custom EL Resolver into Seam context, or if it is possible to write such a custom EL resolver.

If anybody has any ideas please could they share them,

many thanks,

James

1. Re: JSF EL Resolver and Security ACL Issues

cptnkirk Jul 21, 2006 8:11 PM (in response to js8523)

In addition to isUserInRole, Seam also provides access to the Principal.

See userPrincipal

http://docs.jboss.com/seam/latest/reference/en/html/components.html#d0e6626
Actions