IMO this is not a deltaspike issue. For security take a look at https://www.pac4j.org/
Usually you have 1 page that logs in all users - Authentication Then you assign roles to that user - Authorization To secure your page utilize isUserInRole(*"ADMIN");* https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String) On Wed, Aug 21, 2019 at 11:21 AM Tappe, Heiko <[email protected]> wrote: > > I am in the process of migrating some seam 3 based app to deltaspike. > Right now my problem is how to secure my pages. The examples I've seen so > far work with a simple and single login. > But my app uses different logins for different parts of the app. For > example > - Standard login for /pages/* > - Admin login for /adminpages/* > What I would like to achieve is that when requesting a page without being > logged in to be redirected to the appropriate login page and after > successful login the original page (with all its request params) is to be > shown. > Though sometimes right after a successful login one or two more info pages > are to be shown before the original page comes back into play. > If the user tries to access for instance an admin page though logged in as > a standard user (or the other way round) an error page should be displayed. > > > Any idea how to achieve this? > > > --Heiko >
