Reputation: 437
Access Security level (ACL) with Java EE 6?
I am developing a web application where there are few roles like Admin,Reporter,Manager,Customer.Agent.Based on Role, some menu item need to be displayed . Admin can give permission (dynamically) to user say Agent ( which is not default permission ).Is there a better way to handle this situation ??
Thanks
Upvotes: 0
Views: 888
Answers (1)
Reputation: 2738
You could have some controller which is responsible for permission logic. You would have a permission system where you can grant specific permissions to specific users / groups. The controller could be implemented as a jsf managed bean. You could have a method like this:
public boolean hasPermission(PermissionKey permissionKey) {
...
}
This method would check role + specific permissions.
PermissionKey, in this example, would be an enum, but you can make it a string or something else. Possible values would be, for example, "DELETE_ACCOUNT" or "HANDLE_PAYMENT".
In your views, you can just conditionnaly display components like this:
<h:outputText value="some text" rendered="#{authController.hasPermission('DELETE_ACCOUNT')}" />
Upvotes: 1
Related Questions
- How control access and rights in JSF?
- Access Control in Java EE
- How do I do security in JSF?
- Access Control-j2ee
- Java EE 6 security and redirection
- Can a JSF Page level permission be set using Shiro
- User can only call methods if the object belongs the user
- Spring ACL for JSF?
- authorization in JSF2
- Acl mechanism for JSF