Details

    • Type: Sub-task Sub-task
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.2
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Environment:

      Operating System: Windows XP
      Platform: Sun

    • Issuezilla Id:
      446
    • Status Whiteboard:
      Hide

      cat2 frame size_large importance_large draft

      Show
      cat2 frame size_large importance_large draft

      Description

      hello hi JSF and JAAS experts,

      I have web application implementing with jsf facelets and tomcat .Now i
      want to provide security in my application that is some web pages allow for
      admin and some web pages for user and..... that means based on role of user i
      want to give the access for web pages. so for that i am using JAAS for
      authentication and authorization . I am successfully implemented JAAS
      authentication for who is logged in. And i am getting subject and putting that
      subject in context session using following snippet.And also i am able to getting
      subject and its principals in that subject.

      My doubt is based on that subject , how to write policy file and how to
      call doAsPrivileged() mehod on that Subject in order to navigate web pages.how
      to provide web pages permission for particular role in policy file..

      For example i have three pages login.xhtml,user.xhtml,admin.xhtml.
      1> if the logged in person is admin, then we want to display admin.xhtml
      2> if the loggend is person is user , then we want to display user.xhtml

      untill now i did and found who is logged in and what are his type( admin or
      user) .now i want configure the web.xml and faces-config.xml based on policy file

      YOu can find my Post at SUN FORUM following URL

      http://forums.sun.com/thread.jspa?threadID=5325380

        Activity

        Hide
        Ed Burns added a comment -

        rogerk

        Show
        Ed Burns added a comment - rogerk
        Hide
        rogerk added a comment -

        triage

        Show
        rogerk added a comment - triage
        Hide
        rogerk added a comment -

        triage

        Show
        rogerk added a comment - triage
        Hide
        kithouna added a comment -

        Isn't JASPIC the missing link here? This doesn't look like it's JSF specific. In Java EE, the JASPIC SPI is the thing that makes the container aware of the principal and its roles (whether these are obtained via JAAS or otherwise).

        All JSF can do is to better integrate with this.

        Show
        kithouna added a comment - Isn't JASPIC the missing link here? This doesn't look like it's JSF specific. In Java EE, the JASPIC SPI is the thing that makes the container aware of the principal and its roles (whether these are obtained via JAAS or otherwise). All JSF can do is to better integrate with this.
        Hide
        Ed Burns added a comment -

        Set priority to baseline ahead of JSF 2.3 triage. Priorities will be assigned accurately after this exercise.

        Show
        Ed Burns added a comment - Set priority to baseline ahead of JSF 2.3 triage. Priorities will be assigned accurately after this exercise.

          People

          • Assignee:
            Unassigned
            Reporter:
            gbabu
          • Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated: