Yes protecting views by role in the same way that Struts can assign
roles to an Action is next on the list - I just have to think about the
best way to do this and co-exist with any custom viewhandler impls and
a reasonable format for the additional metadata required.
Duncan
Martin Marinschek
Great ;)
keep us updated!
regards,
Martin
On 10/9/05, Duncan Mills [EMAIL PROTECTED] wrote:
Yes protecting views by role in the same way that Struts can assign roles
to an Action is next on the list - I just have to think about the best way
to do this and co-exist with any custom
Right - the nice thing about the jsf-security EL extensions is that
they don't have to be driven from Container Security you can plug in
pretty much any home grown concept of a login page to authenticate and
then your own auth mechanism as well. For instance if you take the
approach of using a
This is a very interesting project - will need to check it out for my
next web-app ;)
Will you also restrict delivering a view based on the user role? This
is the third layer of security restrictions necessary in JSF...
regards,
Martin
On 10/6/05, Duncan Mills [EMAIL PROTECTED] wrote:
Right
I can vouch for what Duncan is saying. We were able to write our own
custom authenticator for OC4J. It used Windows Active Directory for
authentication and Open LDAP for authorization. It was a bit more
cumbersome than Tomcat but it worked fine.
sean
On 10/5/05, Duncan Mills [EMAIL PROTECTED]
In the core javaserver faces, there are infos about container security
in chapter 11.
Tomcat Database Realm or LDAP way
http://www.horstmann.com/corejsf/
I bought this book, it's very good ;)
2005/10/6, Sean Schofield [EMAIL PROTECTED]:
I can vouch for what Duncan is saying. We were able to
Hi,
The standard approach is the best.
Is most easy to set and, is working always, and will not need other library.
Cristi.
Darren Hartford wrote:
The approached I've been using is the normal webapp
JAAS/security-constraint approach.
As far as integrating this within the JSF framework, I use
Several Points here
1) Using Security Attributes within your pages.
I'm about to release 1.0 of the jsf-security project on
SourceForge (www.sourceforge.net/projects/jsf-security) this provides
extensions to EL which will give you a new scope #{securityScope} and a
bunch of attributes and
This is great!
I posted a message before about how to login without any protected page. I looked at authenticator package where thereis FormAuthenticator. I like to do similar, but without a protected page. User can click a login link and register all necessary info with session after successful
I use acegi for Spring: *acegi*security.sourceforge.net/
Julian Garcia
Eurig Jones wrote:
I'm trying to decide on a Login/Logout system to protect my files
using JSF.. I've played about with extending NavigationHandler, but
the problem is, it doesn't protect the files which aren't JSF, and
Thing is I really want to keep to the same framework (JSF)
Julián García wrote:
I use acegi for Spring: *acegi*security.sourceforge.net/
Julian Garcia
Eurig Jones wrote:
I'm trying to decide on a Login/Logout system to protect my files
using JSF.. I've played about with extending
Why not use a filter ? You can configure it to /*
-Message d'origine-
De : Eurig Jones [mailto:[EMAIL PROTECTED]
Envoyé : mardi 4 octobre 2005 13:01
À : MyFaces Discussion
Objet : Re: Login system security
Thing is I really want to keep to the same framework (JSF)
Julián García
The approach would be to use a filter. Acegi comes with a filter already
configured and independent of any presentation framework (as long as
it's based in servlets)
If you dont want to introduce another (couple of) framework(s) use a
hand-coded filter. However, I think acegi and spring
@myfaces.apache.org
Subject: Login system security
I'm trying to decide on a Login/Logout system to protect my files using
JSF.. I've played about with extending NavigationHandler, but the
problem is, it doesn't protect the files which aren't JSF, and you can
still run the JSP files if you wanted to...
How
I've switch from a login page to a filter that authenticates and sets
the User database record in the session. (Actually, I fetch this
record every request, and store it in the request, but that may be too
excessive for your situation).
I then have additional filters that work on that data to
I am using the built in Tomcat DataSourceRealm so that single sign-on
is possible. My login is still using a normal JSP instead of JSF, so I
can't use JSF components to build my login page. Has anyone integrated
the form-base web.xml authentication with a JSF login page?On 10/4/05, Mike
The approached I've been using is the normal webapp
JAAS/security-constraint approach.
As far as integrating this within the JSF framework, I use the following
snippets in my sessionbean:
/**
* Getter for property username.
* @return Value of property
hi Andrew,
How to get a Realm object so that I can call authenticate()? I am using Database to store username and password. Thanks.Andrew robinson [EMAIL PROTECTED] wrote:
I am using the built in Tomcat DataSourceRealm so that single sign-on is possible. My login is still using a normal JSP
Filters are the way to go IMO. We use container authentication to
force login (with a custom screen) and then we rely on application
logic to control access to fields. We use a session bean as others
have mentioned to store user information.
We also have a spoof login page that is not
19 matches
Mail list logo