Skip to main content

JSF Application Level Access Control

Chris Watts writes about JSF Application Level Access Control:

"After trying to work out how to do generically, or at least easily configurable, I wrote a handy little tool for JSF which allows you to perform security control similar to how you can in the web.xml using security-constraint tags but allowing for application level authentication. The trick is to use a PhaseListener, listening to the RESTORE_VIEW phase and checking the viewId in the afterPhase()..."