On Mar 23, 2005, at 8:13 PM, David G. Friedman wrote:
I'm still learning about JSF (Core Java Server Faces) and was
wondering how
to add two types of security. I've tried searching the list archives
at
marc.theaimsgroup.com, used search engines (i.e. Google), and even
tried
checking out the old and myfaces sites (wiki, javadoc, jira, etc.). I
couldn't find what I was looking for so here are my 2 security related
Faces
questions:
1. How can I access my JSP files if I hide them under /WEB-INF? I am a
current Struts developer (thinking of moving to MyFaces and Shale) and
access my pages through Actions so I can keep my JSP's hidden from
prying
eyes in /WEB-INF/pages. I haven't figured out how to do that with
MyFaces
yet.
I don't believe this is possible, unless you write your own ViewHandler.
2. Does anyone have suggestions on how to do SSL switching like the
Struts
SSLExt package? I would like some links to be forced to go to a secure
(HTTPS) URL [true], while others are HTTP only [false] and some are
allowed
to be both [any]. SSLExt(.sourceforge.net) has that for Struts but
don't
(yet?) see how to do that with MyFaces/JSF.
You might checkout Acegi Security (http://acegisecurity.sf.net) - it
allows you to specify which URLs need to be secure in your application.
AppFuse (http://appfuse.dev.java.net) has Acegi Security integrated in
CVS and also supports MyFaces as a web framework. ;-)
Matt