On 10/4/05, Mike Kienenberger <[EMAIL PROTECTED]
> wrote:
I've switch from a login page to a filter that authenticates and sets
the User database record in the session. (Actually, I fetch this
record every request, and store it in the request, but that may be too
excessive for your situation).
I then have additional filters that work on that data to provide
coarse-grain security (ie, if you don't pass the filter, you can't
access any of the application).
I also have a SecurityRoleManager bean that provides fine-grain
control by operating on the record stored in the session. Ie,
"securityRoleManager.canEditDate()"
On 10/4/05, Eurig Jones <[EMAIL PROTECTED]> wrote:
> I'm trying to decide on a Login/Logout system to protect my files using
> JSF.. I've played about with extending NavigationHandler, but the
> problem is, it doesn't protect the files which aren't JSF, and you can
> still run the JSP files if you wanted to...
>
> How have you people gone about a database driven login/logout system
> using Faces?
>
