I learnt how to use container authentication with JDBC realm. I searched a lot on internet but I couldn't find anything on JSF authorization except the following article. JSF authorization
My goal is to avoid access to protected pages using direct links and to show/hide menu items and form components based on the authenticated user privileges. The last part can be implemented using the rendered attribute of JSF tags but before creating my own dirty and high coupled solution I wonder if there are some specific best practices or libraries that can help. in fact the number of components to be conditionally rendered is quite high and I wouldn't like to write a specific function for each of them. Perhaps I can create for each authenticated user a map with the names (id) of all the conditionally rendered components and a single function with a String parameter (the unique name/id of the component). Is that a good idea ? What alternatives do I have ? I wouldn't like to add to the project other general purpose frameworks such as spring for using only a small part of them (the security one).
Thanks Filippo
#{facesContext.externalContext.isUserInRole('foo')}
can be shortened to#{request.isUserInRole('foo')}
if you don't care about the servlet/portlet environment abstraction. – Gensler