Restricting users from accessing pages by directly changing the URL in JSF

后端 未结 4 843
悲&欢浪女
悲&欢浪女 2021-02-09 04:26

I have two kinds of users in my application - clients and sellers. I am using a PhaseListener in JSF to prevent users from accessing pages without logging in, but a

4条回答
  •  無奈伤痛
    2021-02-09 05:28

    You could use a file or something where you map every page with a userrole.(some pages might be accessible by more then 1 userrole example:

    client,seller
    client
    seller
    

    And you define some sort of LoginController class where you check currentuserrole and requested page (url) against that list. And if not granted then redirect to custom error page or login page or whatever.

    You add this logincontroller class a phaselistener to your facesconfig.

提交回复
热议问题