问题
how can i check ACL in JSF pages?
For JSP i can use a tag like this:
<security:accesscontrollist hasPermission="READ" domainObject="${category}">
But this tag isnt recognized in JSF pages. Is there an component to do the same in a JSF page?
Tanks
回答1:
Yes, you can easily accomplish this by using the Spring Security Facelets Tag Library. To configure that see the documentation at this link. Then you can use it something like this:
<h:dataTable value="#{customer.orderList}" var="order" rendered="#{sec:areAllGranted('ROLE_USER,ROLE_ADMIN')}">
<h:column>
</h:column>
</h:dataTable>
If you use Primefaces component library then you do not have to configure anything, you can just use it out of the box. Here is the link
The above will get you to the Collection that you would be rendering per role in your SID. But if you even have permissions for your domain objects, you have to handle those in your spring beans using Spring EL expressions with @PostFilter annotation See this link . The list would be different for different users and is completely driven by ACL permissions.
来源:https://stackoverflow.com/questions/9067496/spring-acl-for-jsf