I want to start a discussion on security implementation. The final stumbling block for me in the entire JSF/Facelets/SEAM/EJB3/JBoss stack is the security aspect. JAAS is a big hairy beast and is probably overkill for most web applications, and JSF doesn't seem to play well out-of-the-box with web-container managed security (Realms and Roles).
There are some pertinent JSF security discussions in the java forums:. - An article by Ed Burns: http://forum.java.sun.com/thread.jspa?threadID=675281&tstart=0 - Another discussion can be found here: http://forum.java.sun.com/thread.jspa?threadID=502322&start=0&tstart=0 I like the @LoggedIn example used by the HotelBooking demo. Perhaps it can be generalized to work with multiple role-types. I think the key is to have a User entity (which can be polymorphic: CustomerUser, AdminUser, etc.) that lives in the Session context... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3911281#3911281 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3911281 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user