oo... but it seems that
this assumption was wrong.
Dominik
-Ursprüngliche Nachricht-
Von: Jeff Bischoff [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 7. November 2006 20:12
An: MyFaces Discussion
Betreff: Re: AW: AW: AW: AW: [O/T] JSF Best Practices for
Authentication/Authorization
Dominik
this assumption was wrong.
Dominik
-Ursprüngliche Nachricht-
Von: Jeff Bischoff [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 7. November 2006 20:12
An: MyFaces Discussion
Betreff: Re: AW: AW: AW: AW: [O/T] JSF Best Practices for
Authentication/Authorization
Dominik,
Reponses inline:
[EMAIL PRO
Dominik,
Reponses inline:
[EMAIL PROTECTED] wrote:
Hmm, I wonder what kind of overhead that incurs. Of course, if you are
only checking it once per HTTP request, I don't suppose it would matter.
Sounds like it would be roughly equivalent to creating an exception (due
to the stack trace manipu
ndardize on this
> sort of thing. :)
Yeah ;)...
Dominik
-Ursprüngliche Nachricht-
Von: Jeff Bischoff [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 7. November 2006 19:38
An: MyFaces Discussion
Betreff: Re: AW: AW: AW: [O/T] JSF Best Practices for
Authentication/Authorization
Dominik,
Dominik,
Hmm, I wonder what kind of overhead that incurs. Of course, if you are
only checking it once per HTTP request, I don't suppose it would matter.
Sounds like it would be roughly equivalent to creating an exception (due
to the stack trace manipulation).
Andrew is doing something like t
Yes, that's correct, the JsfSecurityManager get's the stack trace, looks up
the calling method, retrieving the annotation, checking the access rights,
and throwing an exception if access is not allowed.
> @SecurityGuard(TypRoles.ADMIN)
> public AdminBean getAdminBean()
> {
> JsfSecurityM
> Sounds like file downloads must be an integral part of your application.
> What approach did you take for this?
Yes, it is ;). I've done something like this:
--> There is a base project, containing all classes responsible for file
downloads (There are different types of downloads, downloads
esday, November 07, 2006 15:52
To: MyFaces Discussion
Subject: Re: AW: AW: [O/T] JSF Best Practices for
Authentication/Authorization
[EMAIL PROTECTED] wrote:
> Yes, that's correct. I am using http basic authentication, which means
that
> when a page get's rendered, the user is already au
[EMAIL PROTECTED] wrote:
Yes, that's correct. I am using http basic authentication, which means that
when a page get's rendered, the user is already authenticated and there is
no possiblity to re-show the login screen again, because the browser caches
the username and password.
I am not able to
Yes, that's correct. I am using http basic authentication, which means that
when a page get's rendered, the user is already authenticated and there is
no possiblity to re-show the login screen again, because the browser caches
the username and password.
I am not able to use form based login, becau
10 matches
Mail list logo
