问题
I need to create a webapp that has a login system. the user should authenticate against a database. I want to save the userrole in session - or are there other (better) ways?
Furthermore there are areas for user access. Guest area, user area, admin area.
The question now is. How can I easily implement the authorization with jsf2.0? I don't want to test on each site, if the user is permitted to acces the site or not.
Is there a configuration in web.xml or faces-config.xml that test the cases?
Can someone show me a tutorial or sample code?
Thanks and best regards veote
回答1:
You can also look at options (Framewroks)
- Spring Security
- Apache Shiro
- Java EE Security Tutorial
- As already suggested Application Server provided Authentication/Authorization.
- Implement a Filter (Custom home grown logic for Authentication/Authorization)
Blogs covering AnA in JSF
- User session filter
- Access Control in JSF using a PhaseListener
Hope this helps
回答2:
I am not familiar with Websphere, but since it is a Java EE 6 compliant application server, you can create a JDBCRealm for this purpose. See this chapter of the Java EE 6 tutorial.
回答3:
You can try this approach, it uses PhaseListener to check if user has rights for accessing current site during the RESTORE_VIEW phase. It is quite easy to implement it and it's portable between different servers(opposite from realms)
来源:https://stackoverflow.com/questions/9738114/apache-myfaces-2-0-authentication-and-authorization