Authorization in JSF2 components

Question

In our project we have JSF2 pages used in internal network of a company. But we are going to open those pages to Internet. So pages will be available to everybody. But some fields will not be rendered if a user comes from Internet.

I know it is possible to write a rendered attribute for each component such as "userIsInRole". But additional "rendered" control doesn't seem to be efficient and elegant method. So I plan to mark the components which are going to be rendered online by using a custom attribute as shown below:

<h:inputText context="internet" />
...

In the renderer of the inputText or component code:

if(user is from Internet && context = "internet") {
    return true; // or render... whatever
}

If a component is not marked as Internet, then it means it will be available (rendered) only from inside of the company.

Is it possible implement authorization by using JSF2 components according to a given attribute? Is there any better options? Or should I design separate pages for internet users?

We use: PrimeFaces + Spring in our project.

Thank you

Answer 1

This is ridiculous. What's the difference in effort of ultimately using

<h:inputText context="internet" />

versus

<h:inputText rendered="#{intranet}" />

?

If your sole problem is that you need to repeat the whole condition everytime ending up in ugly code like so

<h:inputText rendered="#{not (user.hasRole('internet') and context eq 'internet')}" />
<h:inputText rendered="#{not (user.hasRole('internet') and context eq 'internet')}" />
<h:inputText rendered="#{not (user.hasRole('internet') and context eq 'internet')}" />
...

then just refactor the condition to a single request scoped variable

<c:set var="intranet" value="#{not (user.hasRole('internet') and context eq 'internet')}" scope="request" />
...
<h:inputText rendered="#{intranet}" />
<h:inputText rendered="#{intranet}" />
<h:inputText rendered="#{intranet}" />
...