Issue Details (XML | Word | Printable)

Key: JAVASERVERFACES_SPEC_PUBLIC-446
Type: Sub-task Sub-task
Status: Open Open
Priority: Major Major
Assignee: Unassigned
Reporter: gbabu
Votes: 1
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
javaserverfaces-spec-public
JAVASERVERFACES_SPEC_PUBLIC-948

How to Provide JAAS Authorization in JSF with Facelets

Created: 22/Aug/08 11:01 PM   Updated: 08/Nov/13 09:15 PM
Component/s: Security
Affects Version/s: 1.2
Fix Version/s: 2.2

Time Tracking:
Not Specified

Environment:

Operating System: Windows XP
Platform: Sun


Issuezilla Id: 446
Status Whiteboard:

cat2 frame size_large importance_large draft

Tags:
Participants: Ed Burns, gbabu, kithouna and rogerk


 Description  « Hide

hello hi JSF and JAAS experts,

I have web application implementing with jsf facelets and tomcat .Now i
want to provide security in my application that is some web pages allow for
admin and some web pages for user and..... that means based on role of user i
want to give the access for web pages. so for that i am using JAAS for
authentication and authorization . I am successfully implemented JAAS
authentication for who is logged in. And i am getting subject and putting that
subject in context session using following snippet.And also i am able to getting
subject and its principals in that subject.

My doubt is based on that subject , how to write policy file and how to
call doAsPrivileged() mehod on that Subject in order to navigate web pages.how
to provide web pages permission for particular role in policy file..

For example i have three pages login.xhtml,user.xhtml,admin.xhtml.
1> if the logged in person is admin, then we want to display admin.xhtml
2> if the loggend is person is user , then we want to display user.xhtml

untill now i did and found who is logged in and what are his type( admin or
user) .now i want configure the web.xml and faces-config.xml based on policy file

YOu can find my Post at SUN FORUM following URL

http://forums.sun.com/thread.jspa?threadID=5325380



gbabu added a comment - 24/Aug/08 10:21 PM

please help me in this


Ed Burns added a comment - 24/Sep/09 09:13 AM

Move to unscheduled target milestone


Ed Burns added a comment - 24/Nov/09 07:46 AM

Move to security categor.


Ed Burns added a comment - 04/Mar/10 01:27 PM

cat2


Ed Burns added a comment - 22/Mar/10 11:23 AM

frame


Ed Burns added a comment - 15/May/10 07:54 AM

These are targeted at 2.1.


Ed Burns added a comment - 08/Jun/10 01:58 PM

triage


Ed Burns added a comment - 22/Jun/10 09:04 PM

rogerk


rogerk added a comment - 27/Oct/10 11:05 AM

triage


rogerk added a comment - 16/Nov/10 12:22 PM

triage


kithouna added a comment - 28/Jan/13 09:39 AM

Isn't JASPIC the missing link here? This doesn't look like it's JSF specific. In Java EE, the JASPIC SPI is the thing that makes the container aware of the principal and its roles (whether these are obtained via JAAS or otherwise).

All JSF can do is to better integrate with this.