You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@myfaces.apache.org by "David G. Friedman" <hu...@ix.netcom.com> on 2005/03/24 04:13:56 UTC
MyFaces and security (2 part question)
I'm still learning about JSF (Core Java Server Faces) and was wondering how
to add two types of security. I've tried searching the list archives at
marc.theaimsgroup.com, used search engines (i.e. Google), and even tried
checking out the old and myfaces sites (wiki, javadoc, jira, etc.). I
couldn't find what I was looking for so here are my 2 security related Faces
questions:
1. How can I access my JSP files if I hide them under /WEB-INF? I am a
current Struts developer (thinking of moving to MyFaces and Shale) and
access my pages through Actions so I can keep my JSP's hidden from prying
eyes in /WEB-INF/pages. I haven't figured out how to do that with MyFaces
yet.
2. Does anyone have suggestions on how to do SSL switching like the Struts
SSLExt package? I would like some links to be forced to go to a secure
(HTTPS) URL [true], while others are HTTP only [false] and some are allowed
to be both [any]. SSLExt(.sourceforge.net) has that for Struts but don't
(yet?) see how to do that with MyFaces/JSF.
Thank you for any constructive suggestions.
Regards,
David (humble@ix.netcom.com)
Re: MyFaces and security (2 part question)
Posted by Matt Raible <li...@raibledesigns.com>.
On Mar 23, 2005, at 8:13 PM, David G. Friedman wrote:
> I'm still learning about JSF (Core Java Server Faces) and was
> wondering how
> to add two types of security. I've tried searching the list archives
> at
> marc.theaimsgroup.com, used search engines (i.e. Google), and even
> tried
> checking out the old and myfaces sites (wiki, javadoc, jira, etc.). I
> couldn't find what I was looking for so here are my 2 security related
> Faces
> questions:
>
> 1. How can I access my JSP files if I hide them under /WEB-INF? I am a
> current Struts developer (thinking of moving to MyFaces and Shale) and
> access my pages through Actions so I can keep my JSP's hidden from
> prying
> eyes in /WEB-INF/pages. I haven't figured out how to do that with
> MyFaces
> yet.
I don't believe this is possible, unless you write your own ViewHandler.
>
> 2. Does anyone have suggestions on how to do SSL switching like the
> Struts
> SSLExt package? I would like some links to be forced to go to a secure
> (HTTPS) URL [true], while others are HTTP only [false] and some are
> allowed
> to be both [any]. SSLExt(.sourceforge.net) has that for Struts but
> don't
> (yet?) see how to do that with MyFaces/JSF.
You might checkout Acegi Security (http://acegisecurity.sf.net) - it
allows you to specify which URLs need to be secure in your application.
<shameless plug>
AppFuse (http://appfuse.dev.java.net) has Acegi Security integrated in
CVS and also supports MyFaces as a web framework. ;-)
</shameless plug>
Matt
>