You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@myfaces.apache.org by Martin Grotzke <mg...@fsfe.org> on 2006/06/28 17:38:00 UTC
Authorization aware component?
hello,
i want to have/create an authorization aware (menu/button) component.
one approach would be to have s.th. like an "auth" component that would
act as a pseudo-container for components that are added to the auth's
parent component if the current user has the appropriate permissions
(more generally - on a certain condition).
another option would be to use rendered="#{...authorized}" on each
component, but in terms of performance that's probably not the best
solution.
do you have any recommendations on how to get "authorization-aware"
(or conditional) components?
thanx in advance,
cheers,
martin
Re: Authorization aware component?
Posted by Martin Grotzke <ma...@javakaffee.de>.
Hello,
On Thu, 2006-06-29 at 21:37 +0300, Cagatay Civici wrote:
> You can also check out the acegi-jsf components in jsf-comp. They can
> also work now even you do not use acegi and depend on container
> security.
>
> <acegijsf:authorize ifAllGranted="role1,role2">
> //secured components here
> </acegijsf>
Great. If we can use acegi managed security i'll check this out.
Thx && cheers,
Martin
>
> Regards,
>
> Cagatay
>
> On 6/28/06, Martin Grotzke <ma...@javakaffee.de> wrote:
> Hello,
>
> On Wed, 2006-06-28 at 18:06 +0200, Gilles DEMARTY wrote:
> > Hi martin,
> >
> > > i want to have/create an authorization aware (menu/button)
> component.
> > Every Tomahawk components are user-role aware
> > http://wiki.apache.org/myfaces/User-role_Awareness
>
> Thanx for this hint!
>
> Until now i thought we could not use the principal/role
> concept because
> we have a more fine grained security concept based on roles
> that have
> a specific "userType" and associate several permissions (roleA
> ->
> userTypeFoo, [permission1, permission2]; roleB -> ...).
>
> But if i we tie our permissions to the principal's roles, this
> should
> do the trick, so it simply depends on the point of view.
> Otherwise, if we would like to enable anything dependent on
> the user's
> role (in our terms of role, e.g. roleA) or userType, this
> would not be
> possible, or we would have to create pseudo permissions for
> the role and
> the userType. I'll think about it some minutes :)
>
> Thanx for pushing my mind,
> cheers,
> Martin
>
>
> >
> > hope this answers your request
> >
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
>
> iD8DBQBEoq7F7FvOl7Te
> +pYRAqyNAJ0SY8pMGHXfcOtlmzgZ0ySoMmOi4QCghACn
> 5eyDiUFdfjBD9nxdLyfuC1A=
> =ZNzw
> -----END PGP SIGNATURE-----
>
>
>
--
Martin Grotzke
Bernstorffstr. 17, 22767 Hamburg
Tel. +49 (0) 40.98239888
Mobil +49 (0) 170.9365656
E-Mail martin.grotzke@javakaffee.de
Online http://www.javakaffee.de
Re: Authorization aware component?
Posted by Cagatay Civici <ca...@gmail.com>.
Hi,
You can also check out the acegi-jsf components in jsf-comp. They can also
work now even you do not use acegi and depend on container security.
<acegijsf:authorize ifAllGranted="role1,role2">
//secured components here
</acegijsf>
Regards,
Cagatay
On 6/28/06, Martin Grotzke <ma...@javakaffee.de> wrote:
>
> Hello,
>
> On Wed, 2006-06-28 at 18:06 +0200, Gilles DEMARTY wrote:
> > Hi martin,
> >
> > > i want to have/create an authorization aware (menu/button) component.
> > Every Tomahawk components are user-role aware
> > http://wiki.apache.org/myfaces/User-role_Awareness
>
> Thanx for this hint!
>
> Until now i thought we could not use the principal/role concept because
> we have a more fine grained security concept based on roles that have
> a specific "userType" and associate several permissions (roleA ->
> userTypeFoo, [permission1, permission2]; roleB -> ...).
>
> But if i we tie our permissions to the principal's roles, this should
> do the trick, so it simply depends on the point of view.
> Otherwise, if we would like to enable anything dependent on the user's
> role (in our terms of role, e.g. roleA) or userType, this would not be
> possible, or we would have to create pseudo permissions for the role and
> the userType. I'll think about it some minutes :)
>
> Thanx for pushing my mind,
> cheers,
> Martin
>
>
> >
> > hope this answers your request
> >
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
>
> iD8DBQBEoq7F7FvOl7Te+pYRAqyNAJ0SY8pMGHXfcOtlmzgZ0ySoMmOi4QCghACn
> 5eyDiUFdfjBD9nxdLyfuC1A=
> =ZNzw
> -----END PGP SIGNATURE-----
>
>
>
Re: Authorization aware component?
Posted by Martin Grotzke <ma...@javakaffee.de>.
Hello,
On Wed, 2006-06-28 at 18:06 +0200, Gilles DEMARTY wrote:
> Hi martin,
>
> > i want to have/create an authorization aware (menu/button) component.
> Every Tomahawk components are user-role aware
> http://wiki.apache.org/myfaces/User-role_Awareness
Thanx for this hint!
Until now i thought we could not use the principal/role concept because
we have a more fine grained security concept based on roles that have
a specific "userType" and associate several permissions (roleA ->
userTypeFoo, [permission1, permission2]; roleB -> ...).
But if i we tie our permissions to the principal's roles, this should
do the trick, so it simply depends on the point of view.
Otherwise, if we would like to enable anything dependent on the user's
role (in our terms of role, e.g. roleA) or userType, this would not be
possible, or we would have to create pseudo permissions for the role and
the userType. I'll think about it some minutes :)
Thanx for pushing my mind,
cheers,
Martin
>
> hope this answers your request
>
Re: Authorization aware component?
Posted by Gilles DEMARTY <gi...@gmail.com>.
Hi martin,
> i want to have/create an authorization aware (menu/button) component.
Every Tomahawk components are user-role aware
http://wiki.apache.org/myfaces/User-role_Awareness
hope this answers your request