Restricting user access to pages by directly changing the URL in JSF

Question

Restricting user access to pages by directly changing the URL in JSF

I have two kinds of users in my application - customers and sellers. I use PhaseListenerin JSF to prevent users from accessing pages without logging in, but after they logged in, I don’t know how to prevent the user from changing the URL in the location bar and accessing pages that he is not allowed to For example, preventing customers from accessing merchant pages.

Does anyone have an idea on how I can prevent such illegal treatment?

+5

java authorization jsf

shouts Feb 26 '13 at 13:33

source share

4 answers

Filter. , javax.servlet.Filter doFilter() , , - . web.xml :

<filter>
  <filter-name>MyFilter</filter-name>
  <filter-class>mypackage.MyFilter</filter-class>
</filter>

<filter-mapping>
  <filter-name>MyFilter</filter-name>
  <url-pattern>*.xhtml</url-pattern>
</filter-mapping>

+1

partlov 26 . '13 13:41

-, ( 1 :

<entry key="acl_page_sub/page1">client,seller</entry>
<entry key="acl_page_sub2/page1">client</entry>
<entry key="acl_page_sub2/page2">seller</entry>

- LoginController, currentuserrole (url) . , - .

logincontroller faceconfig.

+1

roel 26 . '13 13:43

, . prerenderview jsf2 post post jsf1.2

0

Avinash Singh 26 . '13 14:35

BalusC · Accepted Answer · 2013-02-26T13:41:11+0000

/ ( , , , 't URL-, JSF).

, URL-, /seller/, , SELLER:

if (url.startsWith("/seller/") && user.getRoles().contains(Role.SELLER)) {
    // Allow access.
} else {
    // Block access.
}

, / , Java EE Apache Shiro. , , web.xml <security-constraint> , INI Shiro.

Restricting user access to pages by directly changing the URL in JSF

. :

More articles: