Hi all,
We have a jsp tag which checks whether the user has the permission to
access a given page. The tag retrieves the user and the item displayed on
the page from the session, and checks the permissions of the user on the
item. If the user is not permitted to access the item, the tag adds a faces
message to the context and redirects to the main page of the application.
This works all fine.
Now this page permisson check tag would be the only tag in the application
so far which is NOT a jsf component. Does it make sense to convert this
into a jsf component ? (Note it has no counterpart in the rendered html.)
If yes, how can I hook the permission check logic into the jsf lifecycle ?
If I implement the permission check as a standard JSF component, my
understanding was that the logical place to do the check is the "invoke
application" phase ? But I did not find a place where a component can hook
itself into the "invoke application phase". Is there any ? Or should I do
this in the validation phase and hook into the processValidators() method
of UIComponent instead ?
Alternatively, as one can regard permission checks as a sort of validation,
I tried to implement the permission check as a validator. The logical point
to put the validator tag is directly inside the f:view tag, as it is a
permission for the entire page. However, this does not work as the View
Root is no EditableValueHolder. Of course, one could put the validator
inside any EditableValueHolder on the page, but I'd consider this as a bad
hack (e.g. what if the EditableValueHolder is sometimes rendered and
sometimes not ?)
Any hints towards the "jsf way" of doing page permission checks are
appreciated.
Regards,
Thomas
