This document discusses approaches to integrating security with JavaServer Faces (JSF). It describes both non-JSF based approaches like container managed security and security filters, as well as JSF-specific approaches like using a view handler, phase listener, or Seam Security. It provides code examples for configuring security using these different techniques and restricting access to pages and backing beans.
O documento discute técnicas para atender bem os clientes, incluindo a importância de compreender os conceitos de atendimento ao cliente, como ouvir atentamente as necessidades do cliente e oferecer soluções em vez de apenas vender produtos. Também enfatiza a importância da comunicação eficaz, do treinamento contínuo e da análise do atendimento da concorrência.
A análise da curva ABC categoriza itens de estoque em A, B ou C com base em seu valor total e demanda. Itens A representam 65% do valor de estoque e 20-25% dos itens, enquanto itens B representam 25% do valor e 30-35% dos itens e itens C 10% do valor e 40-50% dos itens. A análise permite comparar valores reais e teóricos de estoque para encontrar o ponto ótimo de controle.
O documento discute o Princípio do Mentalismo, que afirma que tudo no universo é mental e depende do pensamento. Explica que os pensamentos negativos são mais comuns e podem atrair mais problemas, enquanto os pensamentos positivos atraem resultados positivos. Ensina técnicas como "cancelar" pensamentos negativos e substituí-los por afirmações positivas para melhorar a vida e a realidade pessoal.
O documento descreve as principais atribuições e requisitos para o cargo de recepcionista. Um recepcionista pode trabalhar em diversos tipos de empresas e é responsável por recepcionar visitantes, direcioná-los, responder perguntas, organizar documentos e correspondências, realizar ligações telefônicas e manter a recepção limpa e organizada. Boa comunicação, postura profissional e habilidades com computador e telefone são essenciais para a função.
Como trabalhar com clientes difíceis e transformá los em clientes satisfeitosAgendor
O documento discute 5 tipos de clientes difíceis e técnicas para lidar com eles de forma eficaz, incluindo: deixar o cliente desabafar para resolver o problema, ajudar o cliente a entender o que quer, e saber dizer não de forma assertiva. A prática é a melhor forma de aprender a lidar com clientes difíceis.
The document discusses effective presentation skills. It covers topics like reducing stage fright through preparation, using voice as a communication tool, and using visual aids to enhance a presentation rather than replace the speaker. Effective presentations require skills like structuring content in a logical pyramid format, engaging the audience, and summarizing key points.
O documento discute operações em supermercados, com três seções principais: 1) A importância da exposição correta dos produtos para maximizar vendas; 2) Conceitos básicos na exposição de produtos como gôndolas, ilhas e expositores; 3) Principais técnicas como merchandising, cross merchandising e comunicação visual.
O documento discute a importância da comunicação no ambiente de trabalho e oferece dicas para atendimento ao cliente. Ele destaca que uma comunicação eficaz é essencial para o sucesso profissional e relacionamentos interpessoais. O documento também enfatiza a necessidade de evitar atitudes negativas no atendimento e oferecer sempre um bom serviço ao cliente.
O documento discute técnicas para atender bem os clientes, incluindo a importância de compreender os conceitos de atendimento ao cliente, como ouvir atentamente as necessidades do cliente e oferecer soluções em vez de apenas vender produtos. Também enfatiza a importância da comunicação eficaz, do treinamento contínuo e da análise do atendimento da concorrência.
A análise da curva ABC categoriza itens de estoque em A, B ou C com base em seu valor total e demanda. Itens A representam 65% do valor de estoque e 20-25% dos itens, enquanto itens B representam 25% do valor e 30-35% dos itens e itens C 10% do valor e 40-50% dos itens. A análise permite comparar valores reais e teóricos de estoque para encontrar o ponto ótimo de controle.
O documento discute o Princípio do Mentalismo, que afirma que tudo no universo é mental e depende do pensamento. Explica que os pensamentos negativos são mais comuns e podem atrair mais problemas, enquanto os pensamentos positivos atraem resultados positivos. Ensina técnicas como "cancelar" pensamentos negativos e substituí-los por afirmações positivas para melhorar a vida e a realidade pessoal.
O documento descreve as principais atribuições e requisitos para o cargo de recepcionista. Um recepcionista pode trabalhar em diversos tipos de empresas e é responsável por recepcionar visitantes, direcioná-los, responder perguntas, organizar documentos e correspondências, realizar ligações telefônicas e manter a recepção limpa e organizada. Boa comunicação, postura profissional e habilidades com computador e telefone são essenciais para a função.
Como trabalhar com clientes difíceis e transformá los em clientes satisfeitosAgendor
O documento discute 5 tipos de clientes difíceis e técnicas para lidar com eles de forma eficaz, incluindo: deixar o cliente desabafar para resolver o problema, ajudar o cliente a entender o que quer, e saber dizer não de forma assertiva. A prática é a melhor forma de aprender a lidar com clientes difíceis.
The document discusses effective presentation skills. It covers topics like reducing stage fright through preparation, using voice as a communication tool, and using visual aids to enhance a presentation rather than replace the speaker. Effective presentations require skills like structuring content in a logical pyramid format, engaging the audience, and summarizing key points.
O documento discute operações em supermercados, com três seções principais: 1) A importância da exposição correta dos produtos para maximizar vendas; 2) Conceitos básicos na exposição de produtos como gôndolas, ilhas e expositores; 3) Principais técnicas como merchandising, cross merchandising e comunicação visual.
O documento discute a importância da comunicação no ambiente de trabalho e oferece dicas para atendimento ao cliente. Ele destaca que uma comunicação eficaz é essencial para o sucesso profissional e relacionamentos interpessoais. O documento também enfatiza a necessidade de evitar atitudes negativas no atendimento e oferecer sempre um bom serviço ao cliente.
This document discusses the history and future of JSF and Ajax. It begins with an overview of JSF and how it works. It then discusses early approaches to adding Ajax functionality to JSF such as Shale Remoting and Dynamic Faces. Next, it covers component libraries that integrated Ajax more fully like Ajax4JSF, Apache Trinidad, and ICEFaces. It concludes by looking ahead to further improvements in JSF 2.0.
This document provides an overview of Java Server Faces (JSF) including:
1) JSF is a component-oriented framework for building web applications using reusable UI components and a component tree model.
2) JSF uses managed beans with different scopes to implement inversion of control and binding between components and bean properties/methods.
3) The JSF request lifecycle handles converting and validating form values, invoking backend beans, and navigating between views.
4) Additional topics covered include internationalization, extending JSF, integration with other frameworks like Spring, and the future of JSF.
And the Greatest of These Is ... Rack SupportBen Scofield
The document discusses Rack, a Ruby web server interface. It begins by explaining Rack's basic request/response cycle and common middleware components like Rack::Cache. It then covers integrating Rack into Rails applications and building custom middleware for tasks like exception handling and progressive caching. The document concludes by discussing some advanced Rack techniques and tools.
This document profiles ÇaÄŸatay Çivici and provides an overview of the Apache MyFaces projects. Çivici is a member of the Apache MyFaces PMC and has authored books and components for MyFaces. The document summarizes the history and goals of the MyFaces projects including Core, Tomahawk, Trinidad, Tobago, and others. It provides examples of capabilities such as Ajax support, dialog frameworks, skinning, and client-side features.
Apache Roller, Acegi Security and Single Sign-onMatt Raible
Acegi Security is quickly becoming a widely respected security framework for Java applications. Not only does this security framework solve many of the deficiencies of J2EE's security mechanisms, but it's also easy to implement and configure. This tutorial will help you learn more about Acegi Security, as well as how to integrate it into your web applications. The Roller Weblogger project (currently in Apache's incubator) uses Acegi Security for many of its features: authentication, password encryption, remember me and SSL switching. After learning about Roller and Acegi, you will see how to deploy Roller onto Tomcat and Geronimo. Following that, you will learn how to hook Roller/Acegi into Apache Directory Server for authentication. Finally, you will learn how to integrate Roller with a Single Sign-on System (Yale's Central Authentication Service).
The document discusses Java EE security concepts including access control for EJBs and the web tier. It covers defining security roles and permissions using annotations and XML, configuring authentication using JAAS and login modules, and testing access from client code. The goals are to understand Java EE security basics, define an access control policy, and use an authentication provider.
This session starts with an overview of the custom action framework. Learn how to leverage Alfresco's action services to perform repeatable operations on your content. Understand Alfresco's built-in actions and discover how you can encapsulate your business logic in your own custom actions should you need to. Then you'll see how these software components can be reused on demand from the browser or automatically from folder rules, scheduled jobs and other sources. Finally you'll be brought fully up to date with recent feature development by Alfresco in this area.
[DSBW Spring 2009] Unit 07: WebApp Design Patterns & Frameworks (3/3)Carles Farré
This document discusses various web application frameworks including Struts 1, Spring MVC, and JavaServer Faces (JSF). It provides an overview of each framework, their terminology in relation to Java EE design patterns, examples of usage, and architectural details. Specifically, it examines the user registration process in Struts 1 through code examples and configuration files.
The document discusses best practices for developing Android applications using an agile process. It covers topics like using extreme programming practices, testing Android apps, mocking dependencies, and challenges like the Dalvik runtime environment. Continuous integration is also mentioned as important for Android projects.
This document discusses how to configure and deploy a Java EE application with Seam and JPA/Hibernate on GlassFish using Ant build scripts. It includes tasks for starting and stopping GlassFish, deploying Hibernate as the JPA provider, configuring datasources and JNDI references, applying property replacements, and achieving hot deployment. The build scripts demonstrate how to integrate Seam components and transactions as well as work around issues with RichFaces on GlassFish.
This document provides an overview of adding interactivity to Plone sites using JavaScript and various Plone-specific tools. It discusses including JavaScript via the resource registry and browser resources, using the Kinetic Style Sheets (KSS) framework to add behaviors with CSS syntax, common JavaScript libraries, debugging techniques, and notes that KSS may be removed from core Plone in future versions due to its large size and lack of adoption.
The document provides an overview and code snippets for an Eagles 2011 NFL Draft mobile app created with Sencha Touch. It discusses challenges faced like learning Sencha Touch, displaying live updates, and adapting images for different screen sizes. Lessons learned include destroying DOM elements when done, establishing post-launch content parameters, and using background-size for images. The document also discusses tooling, dependencies, and best practices for mobile development.
Struts has outgrown its reputation as a simple web framework and has become more of a brand. Because of this, two next generation frameworks are being developed within the project: Shale and Action 2.0. Action 2.0 is based on WebWork, and though its backing beans are similar to JSF, its architecture is much simpler, and easier to use.
Migrating to Struts Action 2.0 is more about unlearning Struts than it is about learning the "WebWork Way". Once you understand how simple WebWork is, you'll find that Struts Action 2.0 is a powerful framework that supports action-based navigation, page-based navigation, AOP/Interceptors, components and rich Ajax support.
Come to this session to see code comparisons and learn about migration strategies to use the kick-ass web framework of 2006.
The document discusses developing and testing JavaScript components. It recommends:
1. Generating clean HTML and JavaScript code separately to maximize flexibility and performance. HTML serves as the contract between server and client-side code.
2. Testing JavaScript code with frameworks like QUnit or YUI Test. Tests should make asynchronous requests synchronous and wait for responses.
3. Integrating unit tests into a test suite that runs across browsers to catch errors and failures. Integration tests should confirm the server generates the expected HTML.
The document discusses different approaches to handling JavaScript and AJAX functionality in Rails applications. It begins by showing how to use Rails' remote_form_for helper to generate JavaScript and AJAX code inline. It then demonstrates how to handle AJAX requests by binding JavaScript directly. The document also explores using JSON to return data from the server and the RJS format for generating JavaScript responses. Overall it provides examples of incrementally moving away from Rails' default JavaScript handling towards binding JavaScript directly.
The document introduces the Spring framework. It discusses how Spring aims to simplify Java EE development while maintaining power. It covers key Spring concepts like dependency injection, aspect oriented programming (AOP), and transaction management. It also provides examples of how to configure data access, manage dependencies, and apply aspects using Spring's XML configuration or annotations.
The document provides an overview of model-view-controller (MVC) development using the CodeIgniter PHP framework. It discusses MVC patterns and variations, why CodeIgniter was chosen, CodeIgniter's implementation of MVC, basics of using CodeIgniter including its directory structure and core classes, and examples of building a basic web application and API with CodeIgniter.
SolrJS is a jQuery-based AJAX interface for the Solr search engine. It uses JavaScript objects called widgets to create Solr queries and render results from the server as HTML. The main Manager object holds these widgets and performs queries. Widgets can be either client-side or server-side. Example code shows how to set up a Manager, add widgets for facets and results, and perform queries in Symfony.
These are the slides from my YUI3 presentation at Open Hack Day in London.
Code demo can be found here:
http://blog.davglass.com/files/openhackday/openhackday/code/photos/
This document introduces PrimeNG, an open source library of Angular UI components. It provides over 80 reusable components for common interfaces like dropdowns, dialogs, tables, charts and more. PrimeNG is free to use, has been an open source project for 3 years, and has over 5000 downloads. Examples provided demonstrate how to use various components like dropdowns, dialogs, tables and charts in Angular applications. The document also discusses related libraries, themes, documentation and support options available for PrimeNG.
How to Mess Up Your Angular UI Componentscagataycivici
This document provides tips on how to potentially mess up Angular UI components. It begins by introducing the author, Çağatay Çivici, and his background and interests. It then covers various topics that could cause issues, such as one-way vs two-way binding, ngModel support, templating, content projection, change detection strategies, accessing the DOM, global events, and third-party integration. The document aims to help developers avoid common pitfalls when building Angular UI components through a series of examples and case studies.
This document discusses the history and future of JSF and Ajax. It begins with an overview of JSF and how it works. It then discusses early approaches to adding Ajax functionality to JSF such as Shale Remoting and Dynamic Faces. Next, it covers component libraries that integrated Ajax more fully like Ajax4JSF, Apache Trinidad, and ICEFaces. It concludes by looking ahead to further improvements in JSF 2.0.
This document provides an overview of Java Server Faces (JSF) including:
1) JSF is a component-oriented framework for building web applications using reusable UI components and a component tree model.
2) JSF uses managed beans with different scopes to implement inversion of control and binding between components and bean properties/methods.
3) The JSF request lifecycle handles converting and validating form values, invoking backend beans, and navigating between views.
4) Additional topics covered include internationalization, extending JSF, integration with other frameworks like Spring, and the future of JSF.
And the Greatest of These Is ... Rack SupportBen Scofield
The document discusses Rack, a Ruby web server interface. It begins by explaining Rack's basic request/response cycle and common middleware components like Rack::Cache. It then covers integrating Rack into Rails applications and building custom middleware for tasks like exception handling and progressive caching. The document concludes by discussing some advanced Rack techniques and tools.
This document profiles ÇaÄŸatay Çivici and provides an overview of the Apache MyFaces projects. Çivici is a member of the Apache MyFaces PMC and has authored books and components for MyFaces. The document summarizes the history and goals of the MyFaces projects including Core, Tomahawk, Trinidad, Tobago, and others. It provides examples of capabilities such as Ajax support, dialog frameworks, skinning, and client-side features.
Apache Roller, Acegi Security and Single Sign-onMatt Raible
Acegi Security is quickly becoming a widely respected security framework for Java applications. Not only does this security framework solve many of the deficiencies of J2EE's security mechanisms, but it's also easy to implement and configure. This tutorial will help you learn more about Acegi Security, as well as how to integrate it into your web applications. The Roller Weblogger project (currently in Apache's incubator) uses Acegi Security for many of its features: authentication, password encryption, remember me and SSL switching. After learning about Roller and Acegi, you will see how to deploy Roller onto Tomcat and Geronimo. Following that, you will learn how to hook Roller/Acegi into Apache Directory Server for authentication. Finally, you will learn how to integrate Roller with a Single Sign-on System (Yale's Central Authentication Service).
The document discusses Java EE security concepts including access control for EJBs and the web tier. It covers defining security roles and permissions using annotations and XML, configuring authentication using JAAS and login modules, and testing access from client code. The goals are to understand Java EE security basics, define an access control policy, and use an authentication provider.
This session starts with an overview of the custom action framework. Learn how to leverage Alfresco's action services to perform repeatable operations on your content. Understand Alfresco's built-in actions and discover how you can encapsulate your business logic in your own custom actions should you need to. Then you'll see how these software components can be reused on demand from the browser or automatically from folder rules, scheduled jobs and other sources. Finally you'll be brought fully up to date with recent feature development by Alfresco in this area.
[DSBW Spring 2009] Unit 07: WebApp Design Patterns & Frameworks (3/3)Carles Farré
This document discusses various web application frameworks including Struts 1, Spring MVC, and JavaServer Faces (JSF). It provides an overview of each framework, their terminology in relation to Java EE design patterns, examples of usage, and architectural details. Specifically, it examines the user registration process in Struts 1 through code examples and configuration files.
The document discusses best practices for developing Android applications using an agile process. It covers topics like using extreme programming practices, testing Android apps, mocking dependencies, and challenges like the Dalvik runtime environment. Continuous integration is also mentioned as important for Android projects.
This document discusses how to configure and deploy a Java EE application with Seam and JPA/Hibernate on GlassFish using Ant build scripts. It includes tasks for starting and stopping GlassFish, deploying Hibernate as the JPA provider, configuring datasources and JNDI references, applying property replacements, and achieving hot deployment. The build scripts demonstrate how to integrate Seam components and transactions as well as work around issues with RichFaces on GlassFish.
This document provides an overview of adding interactivity to Plone sites using JavaScript and various Plone-specific tools. It discusses including JavaScript via the resource registry and browser resources, using the Kinetic Style Sheets (KSS) framework to add behaviors with CSS syntax, common JavaScript libraries, debugging techniques, and notes that KSS may be removed from core Plone in future versions due to its large size and lack of adoption.
The document provides an overview and code snippets for an Eagles 2011 NFL Draft mobile app created with Sencha Touch. It discusses challenges faced like learning Sencha Touch, displaying live updates, and adapting images for different screen sizes. Lessons learned include destroying DOM elements when done, establishing post-launch content parameters, and using background-size for images. The document also discusses tooling, dependencies, and best practices for mobile development.
Struts has outgrown its reputation as a simple web framework and has become more of a brand. Because of this, two next generation frameworks are being developed within the project: Shale and Action 2.0. Action 2.0 is based on WebWork, and though its backing beans are similar to JSF, its architecture is much simpler, and easier to use.
Migrating to Struts Action 2.0 is more about unlearning Struts than it is about learning the "WebWork Way". Once you understand how simple WebWork is, you'll find that Struts Action 2.0 is a powerful framework that supports action-based navigation, page-based navigation, AOP/Interceptors, components and rich Ajax support.
Come to this session to see code comparisons and learn about migration strategies to use the kick-ass web framework of 2006.
The document discusses developing and testing JavaScript components. It recommends:
1. Generating clean HTML and JavaScript code separately to maximize flexibility and performance. HTML serves as the contract between server and client-side code.
2. Testing JavaScript code with frameworks like QUnit or YUI Test. Tests should make asynchronous requests synchronous and wait for responses.
3. Integrating unit tests into a test suite that runs across browsers to catch errors and failures. Integration tests should confirm the server generates the expected HTML.
The document discusses different approaches to handling JavaScript and AJAX functionality in Rails applications. It begins by showing how to use Rails' remote_form_for helper to generate JavaScript and AJAX code inline. It then demonstrates how to handle AJAX requests by binding JavaScript directly. The document also explores using JSON to return data from the server and the RJS format for generating JavaScript responses. Overall it provides examples of incrementally moving away from Rails' default JavaScript handling towards binding JavaScript directly.
The document introduces the Spring framework. It discusses how Spring aims to simplify Java EE development while maintaining power. It covers key Spring concepts like dependency injection, aspect oriented programming (AOP), and transaction management. It also provides examples of how to configure data access, manage dependencies, and apply aspects using Spring's XML configuration or annotations.
The document provides an overview of model-view-controller (MVC) development using the CodeIgniter PHP framework. It discusses MVC patterns and variations, why CodeIgniter was chosen, CodeIgniter's implementation of MVC, basics of using CodeIgniter including its directory structure and core classes, and examples of building a basic web application and API with CodeIgniter.
SolrJS is a jQuery-based AJAX interface for the Solr search engine. It uses JavaScript objects called widgets to create Solr queries and render results from the server as HTML. The main Manager object holds these widgets and performs queries. Widgets can be either client-side or server-side. Example code shows how to set up a Manager, add widgets for facets and results, and perform queries in Symfony.
These are the slides from my YUI3 presentation at Open Hack Day in London.
Code demo can be found here:
http://blog.davglass.com/files/openhackday/openhackday/code/photos/
This document introduces PrimeNG, an open source library of Angular UI components. It provides over 80 reusable components for common interfaces like dropdowns, dialogs, tables, charts and more. PrimeNG is free to use, has been an open source project for 3 years, and has over 5000 downloads. Examples provided demonstrate how to use various components like dropdowns, dialogs, tables and charts in Angular applications. The document also discusses related libraries, themes, documentation and support options available for PrimeNG.
How to Mess Up Your Angular UI Componentscagataycivici
This document provides tips on how to potentially mess up Angular UI components. It begins by introducing the author, Çağatay Çivici, and his background and interests. It then covers various topics that could cause issues, such as one-way vs two-way binding, ngModel support, templating, content projection, change detection strategies, accessing the DOM, global events, and third-party integration. The document aims to help developers avoid common pitfalls when building Angular UI components through a series of examples and case studies.
This document provides an overview of Angular and discusses its core concepts and features. It introduces Angular components, templates, dependency injection, forms, routing, modularity, and UI libraries like PrimeNG. It also covers more advanced topics like lazy loading, AOT compilation, change detection, and server-side rendering. The document is meant to help get started with Angular and provide guidance on when and how to use it for building applications. Key recommendations include using the Angular CLI, enabling AOT and lazy loading for production builds, and leveraging PrimeNG for UI components. It also addresses common questions around Angular's stability, comparisons to other frameworks, and whether backend development may be preferable.
PrimeTime JSF with PrimeFaces - Dec 2014cagataycivici
This document provides an overview of PrimeFaces, an open source JavaServer Faces (JSF) component library. It describes key features like being lightweight, easy to use, supporting Ajax, client-side validation, themes, and mobile. It also discusses the community, documentation, books, and commercial support options available for PrimeFaces.
This document provides a user guide for PrimeFaces, an open source JavaServer Faces (JSF) component library. It covers topics such as downloading and setting up PrimeFaces, using the various PrimeFaces components, partial rendering and processing, client-side validation, theming, and more. The guide includes over 150 pages detailing all aspects of working with the PrimeFaces component suite and extensions.
This document provides information about Çagatay Çivici and PrimeFaces. Çagatay Çivici is a JSF expert group member and lead of PrimeFaces. PrimeFaces is an open source Java server faces component library developed by PrimeTeknoloji, where Çagatay is a co-founder. The document outlines features of PrimeFaces like being lightweight, easy to use, supporting over 100 UI components, and advanced Ajax capabilities.
The document compares several JavaServer Faces component libraries: Tomahawk, Trinidad, RichFaces, and IceFaces. It provides overviews of their features, such as components, documentation, licensing, and support. It then polls the audience on categories like best feature set, ajax features, documentation, and tool support. Trinidad is selected as having the best overall feature set, while RichFaces wins for documentation and ajax features. IceFaces has the best tool support, and Tomahawk and Trinidad tie for best community support.
Facelets is a view declaration language for JavaServer Faces (JSF) that is faster and more lightweight than using JSP with JSF. It allows for templating, composition components, custom logic tags, and EL functions. Facelets improves on JSP by having a separate lifecycle from JSF and avoiding issues with content interweaving. Migrating from JSP to Facelets involves changing the file extension to .xhtml and configuring the view handler.
2. About Me
• Apache MyFaces PMC(Project Management Committee) member
• Co-Author of “The Definitive Guide to Apache MyFaces and Facelets” from
APRESS
• Reference in “Core JavaServer Faces 2nd Edition”
• Recognized speaker in international and local conferences
• Oracle RCF(Rich Client Framework) member
• Krank (CRUD Framework for JSF-Spring-JPA) member
• Sourceforge jsf-comp member
• Spring Security(Acegi) JSF Integration author
• JSF Chart Creator project lead
• FacesTrace project lead
• YUI4JSF project lead
• FC Barcelona Fan
• Blog: http://www.prime.com.tr/cagataycivici
• Prime Technology - 2008
3. Roadmap
• JSF and Security
• Non-JSF Based Approaches
• JSF Based Approaches
• Page authorization
• Protect ViewState
4. JSF and Security
• The mismatch! Security Support in
JSF
• JSF
– MVC Framework
– Component Oriented
– Event Driven
• Security
– Authentication
– Authorization
5. JSF API
• FacesContext.getCurrentInstance().getExternalContext().getRemoteUser()
• FacesContext.getCurrentInstance().getExternalContext().getAuthType()
• FacesContext.getCurrentInstance().getExternalContext().isUserInRole(Strin
g role)
• FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal()
6. Approaches
• Non-JSF based
– Container Managed Security
– Security Filter
– Spring Security
• JSF based
– ViewHandler
– PhaseListener
– Seam Security
8. Container Managed Security
The Good
• Based on Servlet API
• Well known
• Fine for URL Protection
• JSF Component Security
• JSF Login Page
• Securing JSF Navigations
11. Servlet Filter
The Good
• Based on Servlet API
• Well known
• Good for URL Protection
• Non-Faces Resources
The Bad
• JSF Component Security
• Faces APIs
• Requires Maintenance
13. Spring Security
• Securing JSF Beans
public class MySecuredBackingBean {
…
…
…
@Secured({“ROLE_ADMIN,ROLE_ADMINS_GIRLFRIEN
D”})
public String delete() {
//delete something
}
…
…
…
}
14. Spring Security
The Good
• Extendable
• Easy configuration
• Bean security
• ACL
• Securing methods
The Bad
• Complex for simple applications
• Page authorization
15. ViewHandler
• Decorate for Security
• Integration point: createView
public class SecurityViewHandler extends ViewHandler{
…
…
…
public UIViewRoot createView(FacesContext facesContext, String viewId) {
if(!userCanAccess(viewId))
return base.createView(facesContext, quot;/accessDenied.jspquot;);
else
return base.createView(facesContext, viewId);
}
…
…
…
}
24. Seam Security
• Securing backing beans
@Name(“orderControllerquot;)
public class OrderController {
@Restrict(quot;#{s:hasRole(‘ROLE_ADMIN')}quot;)
public void deleteOrder() {
//blabla
}
}
25. Seam Security
The Good
• JSF Based
• URL Protection
• Controller security
• Entity security
• Page authorization
• JSF login form
The Bad
• Authenticate method
27. Acegi-JSF Components
• Page definition security
<authz:authorize ifAllGranted=”ROLE_SUPERVISOR,ROLE_ADMIN”>
Components that are only visible to the users that satisfy the requirements here…
<h:commandButton value=“Delete” …/>
</authz:authorize>
• ifAllGranted
• ifAnyGranted
• ifNotGranted
<authz:authentication operation=”username”/>
31. MyFaces SecurityContext
• EL extension
• Defaults to Container Managed Security
• Easy to plugin custom SecurityContextImpl
#{securityContext.authType}
#{securityContext.remoteUser}
#{securityContext.ifGranted['rolename']}
#{securityContext.ifAllGranted['rolename1,rolename2']}
#{securityContext.ifAnyGranted['rolename1,rolename2']}
#{securityContext.ifNotGranted['rolename1,rolename2']}
<h:commandButton action=“#{someBackingBean.deleteSomething}”
rendered=“#{securityContext.ifAllGranted['rolename1,rolename2']}”
32. Custom SecurityContext
public class MyAwesomeSecurityContextImpl extends SecurityContext{
public String getAuthType() {
//return my authtype as string
}
public String getRemoteUser() {
//return current logged in user
}
public boolean ifGranted(String role) {
//check if user in the given role
} }
<context-param>
<param-name>org.apache.myfaces.SECURITY_CONTEXT</param-
name>
<param-
value>com.my.company.MyAwesomeSecurityContextImpl</param-value>
</context-param>