3 Replies Latest reply on Oct 23, 2006 4:28 PM by Todd Main

    Role enforcement on a RESTful page

    Todd Main Newbie

      I'm still struggling to get my Role based security working. When protecting an action, I'm in pretty good shape when the action is called first and then determines the outcome.

      However, I'm having trouble with some pull-style pages.

      I can't use my current approach of intercepting the action calls and returning a different destination (auth failure page). I can't throw an exception because JSF just pukes up an error page instead of letting me handle it and hijack the output.

      Have any of you had success in controlling access to JSF pages based on roles? This is a customer-facing application, so I need to display a kind & gentle error page, preferably one that indicates which role is needed.

      The only thing I can't think of (which I will attempt next) is an outer Facelets template that checks for the existence of a permission error object (using EL) and displays and error instead of rendering the normal content.