hi PF users,
i have came so far developing my first project using primefaces but i didn't though about securing it. so i have done some search about the available solution like acegi, then i though about implementing my own security solution:
the authentication is done via a simple authentication dialog with login and password (am using for this a bean called connexionBean which store whether the authentication has succeeded or not).
for the authorization part, i add a filter which intercept any request and check the connexionBean related to the session and redirect the request when the client isn't authenticated.
so, is my solution is enough or it can breached???
is my application secure enough???
Why not using JAAS? JAAS is official included in JEE and so Glassfish. Also it is simple to use and can be managed with annotatons.
Look here for a tutorial:
http://download.oracle.com/docs/cd/E174 ... bncas.html
Look here for a tutorial:
http://download.oracle.com/docs/cd/E174 ... bncas.html
PrimeFaces 3.0, Glassfish 3.1.2, Mojarra 2.1.6,
thanks for the suggestion, i already have done some research about JAAS and other securing solution like i said so to understand the securing mechanisms.
but my project is going to be presented to a jury and it will much appreciated to use my own developed security system rather than using a predefined one.
but my project is going to be presented to a jury and it will much appreciated to use my own developed security system rather than using a predefined one.
Ben Khalifa Mouadh
engineering student at National School of Computer Sciences - Tunisia
JSF 2.0, GlassFish v3, PF 2.0.1,Majorra 2.0.2, netBeans 6.8
engineering student at National School of Computer Sciences - Tunisia
JSF 2.0, GlassFish v3, PF 2.0.1,Majorra 2.0.2, netBeans 6.8
Are you sure?but my project is going to be presented to a jury and it will much appreciated to use my own developed security system rather than using a predefined one.
I now that all my old professors prefered using well known standard instead of inventing the wheel over and over again.
Also you are using at least JSF and Primefaces and maybe even a lot more Frameworks if you build "real" JEE applications. So why not using one framework more for Security especially when it is an official part of the JEE and so a standard.
PrimeFaces 3.0, Glassfish 3.1.2, Mojarra 2.1.6,
sure it's better to use a known standard but am now in the final phase of the project and i don't think that i got enough time (i have some paper work to do) and i have already tested my security solution and it worked fine. i just post this topic to check whether my application could be breached or not.
Ben Khalifa Mouadh
engineering student at National School of Computer Sciences - Tunisia
JSF 2.0, GlassFish v3, PF 2.0.1,Majorra 2.0.2, netBeans 6.8
engineering student at National School of Computer Sciences - Tunisia
JSF 2.0, GlassFish v3, PF 2.0.1,Majorra 2.0.2, netBeans 6.8
-
- Information
-
Who is online
Users browsing this forum: No registered users and 12 guests