Re: How do you handle security with JSF?

2005-01-25 Thread Heath Borders
We just have one level of security for all our JSF pages, but pages that cannot be secure (like the login page) must be done in plain JSP. Since we only have 1 or 2 of those, we just use a JSP and a servlet. On Tue, 25 Jan 2005 14:21:41 +0100, niksa_os <[EMAIL PROTECTED]> wrote: > How do you han

RE: How do you handle security with JSF?

2005-01-25 Thread Guy Katz
servlet API objects and access this like in a servlet or access it through the VB mechanism. -Original Message- From: Heath Borders [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 25, 2005 3:54 PM To: MyFaces Discussion Subject: Re: How do you handle security with JSF? We just have one

Re: How do you handle security with JSF?

2005-01-25 Thread Dave Sag
ry 25, 2005 3:54 PM To: MyFaces Discussion Subject: Re: How do you handle security with JSF? We just have one level of security for all our JSF pages, but pages that cannot be secure (like the login page) must be done in plain JSP. Since we only have 1 or 2 of those, we just use a JSP and a servlet. O

Re: How do you handle security with JSF?

2005-01-26 Thread niksa_os
How did you build JAAS? JAAS is just API, not implementation right? Did you use any framework or tool for help? For smaller projects I use a managed bean in conjunction with a servlet filter. I also have singleton UserRegistry class that both the loginhandler and the filter can access. this wor

Re: How do you handle security with JSF?

2005-01-26 Thread Dave Sag
we wrote our own LoginModule and User and Role classes (implementing javax.security.Principal) and have installed these classes into Tomcat as per the various books on JAAS and Tomcat. you can then access that user's name with request.getUserPrincipal().getName() or in jsf #{request.userPrin

Re: How do you handle security with JSF?

2005-01-26 Thread niksa_os
Do you know for anyAPI or framework that simplify JAAS? Or you build all from start? What about using different web server then Tomcat and your JAAS? Is it possible to move that core or you need to change something? we wrote our own LoginModule and User and Role classes (implementing javax.securit

Re: How do you handle security with JSF?

2005-01-26 Thread Dave Sag
there are only 3 classes you need to write, the loginmodule, the user and the role. and the role can be as simple as a string. JAAS is extremely portable. dave On 26/01/2005, at 2:23 PM, niksa_os wrote: Do you know for anyAPI or framework that simplify JAAS? Or you build all from start? What abo

RE: How do you handle security with JSF?

2005-01-26 Thread Korhonen, Kalle
> -Original Message- > From: niksa_os [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 26, 2005 5:23 AM > Subject: Re: How do you handle security with JSF? > Do you know for anyAPI or framework that simplify JAAS? > Or you build all from start? > > From:

Re: How do you handle security with JSF?

2005-01-27 Thread Dave Sag
eers dave On 26/01/2005, at 5:53 PM, Korhonen, Kalle wrote: -Original Message- From: niksa_os [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 26, 2005 5:23 AM Subject: Re: How do you handle security with JSF? Do you know for anyAPI or framework that simplify JAAS? Or you build all from st