Reputation: 1094
jsf 2.0 filter alternative
since filter only work well when i use page-redirect=true on every commandbuttons' action, i am looking for a usable alternative.
all i have now are two filters (which don't work well):
Filter A -> /pages/* (Filter checks if user is logged in)
Filter B -> /pages/restricted/* (filter checks if user has admin permissions)
because of the navigation-procedure by JSF they do not work, because the url is never changing.
my question is: what is the best solution to restict page access without filters (is there a easy to use security (without complex roles etc.-> some users just have isAdmin=true)? or is there no problem at all when i use redirection? why does jsf then doesn't use it per default?
Is using a prerenderview component an acceptible solution? (if the user dosn't have enough rights, he should be navigated to a 404 page)
Upvotes: 0
Views: 421
Answers (1)
Reputation: 1109675
You're making a fundamental mistake. You should not be using command (POST) buttons/links for page-to-page navigation in first place, but you should be using direct (GET) buttons/links for that.
Long story short:
- What is the difference between redirect and navigation/forward and when to use what?
- How to navigate in JSF? How to make URL reflect current page (and not previous one)
- When should I use h:outputLink instead of h:commandLink?
Considering this information and best practices, a servlet filter is still the best solution. All existing security frameworks are also based on the filter principle.
See also:
Upvotes: 1
Related Questions
- How implement a login filter in JSF?
- Https on JSF 2, for protected resources and login
- where to put filter like logic in JSF2
- JSF login filter
- The filter does not work properly JSF
- JSF - implementing filter for restricted pages
- Using Authorization filter in JSF project for custom authentication
- JSF Filter prevent direct access certain page
- How do a web filter in JSF 2?
- Writing an authorization filter for my web app(JSF 2.0)