JSF2中的授权 [英] authorization in JSF2
问题描述
在JSF2中实现授权的最佳方法是什么? 通过servlet过滤器,相位侦听器或其他方法,这些是我不知道的新东西?
what is the best way to implement authorization in JSF2? through, servlet filter, phase listener or ther is something new that I am not aware of?
推荐答案
这有两部分:身份验证和授权.
There are two pieces to this: Authentication, and Authorisation.
首次身份验证:您可以将您的web.xml配置为根据url模式执行基于JAAS的身份验证.或者,如果基于URL的身份验证对您而言太粗粒度,则可以使用HttpServletRequest login()方法(Servlet 3.0中的新增功能)使用PhaseListener或页面操作手动进行此操作.您可以通过FacesContext.getCurrentInstance().getExternalContext()
访问此方法.
First Authentication: You can configure your web.xml to perform JAAS-based authentication according to a url pattern. Alternatively, if url-based authentication is too coarse-grained for you, you could do this manually with a PhaseListener or page actions using the HttpServletRequest login() method (new in Servlet 3.0). You can access this method through the FacesContext.getCurrentInstance().getExternalContext()
.
一旦您已通过JASS领域认证,则可以考虑基于角色的授权.再次有很多选择:
Once you are authenticated to a JASS realm, you can consider role based authorisation. Again there are a number of options:
- 您可以根据url模式将页面访问权限限制为web.xml中的指定角色
- 您可以使用
FacesContext.getCurrentInstance().getExternalContext().isUserInRole("role")
以编程方式访问备用bean中的当前角色. - 您可以根据用户角色,使用表达式语言在视图中有条件地渲染组件. (Seam具有s:hasRole EL表达式,IceFaces具有renderOnUserRole属性,或者您可以从自己的支持bean中公开角色).
- You can restrict page access to specified roles in the web.xml according to a url-pattern
- You can use the
FacesContext.getCurrentInstance().getExternalContext().isUserInRole("role")
to programmatically access the current role in your backing beans. - You can conditionally render components in the view using Expression Language, based on the user role. (Seam has the s:hasRole EL expression, IceFaces has the renderedOnUserRole attribute, or you can expose the role from your own backing bean).
这篇关于JSF2中的授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!