@All
I have created a CODI add-on that allows you to 'secure' JSF components by
using an implementation of the CODI AbstractAccessDecisionVoter.
These voters can then be used to restrict the access. In the next example,
the text is only visible when the voter 'loggedIn' (which is a named CDI
bean extending AbstractAccessDecisionVoter) don't set any
ViolationException.
<h:outputFormat value="#{msg['general.label.welcome']} | ">
<s:securedComponent voter="loggedIn"/>
<f:param value="#{loggedInUserBean.login}"/>
</h:outputFormat>
It is also possible to supply the method some parameter values. You can
supply it for example with the looping variable from a dataTable, and thus
hiding the values in a column except when the user has access to it.
<h:column>
<f:facet name="header">Salary</f:facet>
<h:outputText value="#{employee.salary}">
<s:securedComponent voter="currentUser, hasAdministratorRole">
<s:securedComponentParameter value="#{employee}"/>
</s:securedComponent>
</h:outputText>
</h:column>
In the above example, the salary value is visible only to employee itself or
the administrator.
More info can be found in the readme that comes with the add-on.
You can find the initial version here (1)
Since it has a very deep integration with JSF structures, I need to make
more tests to confirm it works in more environments. For the moment, the
example works with Tomcat 6.0.29.
When you do have questions, remarks or finds any problems, just let it me
know.
1 = http://bitbucket.org/os890/codi-addons secureComponent directory.
Regards
rudy.
