Skip to main content

How the way for create a new NavigationHandler

4 replies [Last post]
carlosdelfino
Offline
Joined: 2003-09-18
Points: 0

Hi Dears Engineers and programers!

I need get navigation rules for my database, and make a new model for authorization the navigations.

I think the best way for this is using a new NavigationHandler.

My navigations roles is very dinamics and use of faces-config.xml is not a good manner!.

Have one tutorial for create one new NavigationHandler, and other sugestions for make a Dynamic navigation roles?

thanks.

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
carlosdelfino
Offline
Joined: 2003-09-18
Points: 0

Ok.

Very Good!

Thanks a Lot!

I will try this, and put the result here!!!

rlubke
Offline
Joined: 2003-08-21
Points: 0

The best approach would be leveraging the ability to decorate the NavigationHandler.
This process is pretty straight forward.

1. Create a new NavigationHandler that accepts a NavigationHandler argument within
it's constructor.

public class CustomNavigationHandler extends NavigationHandler {

private NavigationHandler delegate;

public CustomNavigationHandler(NavigationHandler delegate) {
this.delegate = delegate;
}

public void handleNavigation(FacesContext ctx,
String fromAction,
String outcome) {
....
}
}

2. Implement handleNavigation(). My suggestion would be check the custom database rules
first of course and if you don't find any match, then delegate to the default navigation handler.

public void handleNavigation(FacesContext ctx,
String fromAction,
String outcome) {
// custom database-based navigation logic
// if match found handle the navigation tasks here

// no match found, delegate to the default NavigationHandler
delegate.handleNavigation(ctx, fromAction, outcome);
}

You can look at the source [1] for the default NavigationHandler implementation to
see what actions it takes when it matches a navigation based on the method parameters.

Hope this helps.

[1] http://fisheye5.cenqua.com/browse/javaserverfaces-sources/jsf-ri/src/com...

jkva
Offline
Joined: 2005-04-06
Points: 0

You can use a database to store your navigation rules and create a custom NavigationHandler to handle navigation based on those rules, but it won't enforce authorization, since a user can always access an URL directly by entering an URL in the address bar of his browser. The NavigationHandler doesn't intercept direct calls to the page.

A PhaseListener is at the moment probably the best way to do fine grained authorization. Just let it intercept the lifecycle after phase 1 (so the viewId is set on the UIViewRoot) and place some logic there to check the user rights against the viewId. If they don't match, redirect the user to an error page or something like that.

carlosdelfino
Offline
Joined: 2003-09-18
Points: 0

Thanks jkva!!!

My approach is use a NavigationHandler like a second tier for security. This means is only for change the navigation rules for one or other user. Like one Manager need a third way for validate the process, and other Manager not need.

But with you sugestion I use a PhaseListener for make the second security tier. I will think about this.

But the first security tier is the http basic/form authetication, but not work yet. However, I use the session object for preserve the autorization object, make with jsf form, and test identy on Managed Bean.

And in managed Bean I make too a Authorization process.

Thanks a Lot.