JSF2中的授权 [英] authorization in JSF2

问题描述

在JSF2中实现授权的最佳方法是什么? 通过servlet过滤器，相位侦听器或其他方法，这些是我不知道的新东西?

what is the best way to implement authorization in JSF2? through, servlet filter, phase listener or ther is something new that I am not aware of?

推荐答案

这有两部分:身份验证和授权.

There are two pieces to this: Authentication, and Authorisation.

首次身份验证:您可以将您的web.xml配置为根据url模式执行基于JAAS的身份验证.或者，如果基于URL的身份验证对您而言太粗粒度，则可以使用HttpServletRequest login()方法(Servlet 3.0中的新增功能)使用PhaseListener或页面操作手动进行此操作.您可以通过FacesContext.getCurrentInstance().getExternalContext()访问此方法.

First Authentication: You can configure your web.xml to perform JAAS-based authentication according to a url pattern. Alternatively, if url-based authentication is too coarse-grained for you, you could do this manually with a PhaseListener or page actions using the HttpServletRequest login() method (new in Servlet 3.0). You can access this method through the FacesContext.getCurrentInstance().getExternalContext().

一旦您已通过JASS领域认证，则可以考虑基于角色的授权.再次有很多选择:

Once you are authenticated to a JASS realm, you can consider role based authorisation. Again there are a number of options:

1. 您可以根据url模式将页面访问权限限制为web.xml中的指定角色
2. 您可以使用FacesContext.getCurrentInstance().getExternalContext().isUserInRole("role")以编程方式访问备用bean中的当前角色.
3. 您可以根据用户角色，使用表达式语言在视图中有条件地渲染组件. (Seam具有s:hasRole EL表达式，IceFaces具有renderOnUserRole属性，或者您可以从自己的支持bean中公开角色).

1. You can restrict page access to specified roles in the web.xml according to a url-pattern
2. You can use the FacesContext.getCurrentInstance().getExternalContext().isUserInRole("role") to programmatically access the current role in your backing beans.
3. You can conditionally render components in the view using Expression Language, based on the user role. (Seam has the s:hasRole EL expression, IceFaces has the renderedOnUserRole attribute, or you can expose the role from your own backing bean).

这篇关于JSF2中的授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！