1 Reply Latest reply on Jul 21, 2006 8:11 PM by Jim Hazen

    JSF EL Resolver and Security ACL Issues

    js8523 Novice

      Dear All

      Context:

      I am trying to create a user, role, where each role can have any combination of a predefined set of privileges (viewCustomers, viewReservations, cancelReservation, etc), these privileges are given to the role at runtime.

      Problem:

      I am trying to use this privilege system to limit what is visible on my web app.

      What I would like to do is

      <h:div rendered="#{hasPrivilege["viewCustomers"]}" >


      I have seen that Gavin has set up something similar ish with isUserInRole, but this only accesses the servlet context, not any seam specific context (I would like to inject #{currentUser} into my JSF EL handler to get the current user principal and check that this user has the correct privileges (which is slightly more fine grained than the users role).

      I have seen Jacob Hookum's post
      http://weblogs.java.net/blog/jhook/archive/2006/03/the_unified_el.html

      but I cannot see how to plug a Custom EL Resolver into Seam context, or if it is possible to write such a custom EL resolver.

      If anybody has any ideas please could they share them,

      many thanks,

      James