1 Reply Latest reply on Sep 16, 2013 10:01 AM by Lincoln Baxter III

    Best way to secure access to create.xhtml

    Gerry Matte Apprentice

      Each time I generate a new web application using forge, I spend considerable time configuring security within a web.xml file.

      Very often, I wish to allow authenticated users access to some of the view pages created by forge (search.xhtml,view.xhtml) but I often do not want to allow access to create.xhtml by most users.

       

      I struggle with a url-pattern that will prevent access to all my create.jsf urls - but I am unable to define one which is acceptable to jboss 7.

       

      I can use the rendered=  attribute to make links only visible to those who possess the correct role - however, a user who looks over the shoulder of another user can easily deduce what url they can enter directly in their browser in order to gain access to the create.jsf I wish to protect.

       

      What is the best way to prevent access to all create.xhtml pages (create.jsf url's) ?