VisibleOnRole for PrimeFaces Components

[vinayarammohan]

Hi,

I just downloaded Primefaces2.2
I have used Tomohawk in the past and want to switch to Primefaces.
Is there a visibleOnRole attribute for the prime faces components to make them visible on the security role?
Is this something which will be added in near future?

Thanks
Vinaya

[bumble.bee]

You can use the rendered attribute to conditionally render a component.

PrimeFaces does provide a few EL functions that help with page authorization:

ifGranted(String role)
ifAllGranted(String roles)
ifAnyGranted(String roles)
ifNotGranted(String roles)
remoteUser()
userPrincipal()

See page 432 of Userguide.

[cagatay.civici]

Yes, we have the EL extensions for that;

http://cagataycivici.wordpress.com/2010 ... orization/

[vinayarammohan]

Hi Optimus.Prime,

I am using the ifGranted for the menu item in menubar as follows

Code: Select all

<p:menubar effect="NONE"  styleClass="wijmo-wijmenu-horizontal">
	<p:submenu label="Search" rendered="#{p:ifGranted('USERADMIN')}">
			<p:menuitem value="Stock" url="stock"  />
			<p:menuitem value="Supply" url="supply"/>		
	</p:submenu>	
	<p:menuitem value="Logout" url="logout"  />			
</p:menubar>

The user has the role USERADMIN, but #{p:ifGranted('USERADMIN')} is returning false.

Any suggestions??

Thanks
Vinaya

[priyaesh]

Hi Vinaya/Optimus

I am facing the same issues. Did you get this to work? I have my authorization and authentication done in my application using SpringSecurity. I always am getting FALSE when using - #{p:ifGranted('ROLE_ADMIN') for rendering purpose. I have ROLE_ADMIN and Users defined in Spring appcontext config file.

Do you know how this Primefaces EL function knows about SpringSecurityContext ??

Appreciate any quick response

Regards
Priyaesh

Primefaces 3.2, Spring 3, SpringSecurity 3

[smithh032772]

See the following topic, and search stackoverflow/google for related content/topic.

http://stackoverflow.com/questions/5933 ... t-el-expre

I'm not using Spring, but I have been thinking about adding something like this at some point. If I was you, I would see what Spring has to offer for your xhtml/JSF, and reference some bean attribute value related to user role, etc...

Also see following (I like searching for BalusC responses to JSF topics):

stackoverflow balusc jsf el expression authorize role

[priyaesh]

First of all Thanks Smith for reading my post and sharing few thoughts..

I went through a post in the forum. Is all the p:xxx EL functions compatible with Spring security ??

viewtopic.php?f=3&t=4233

Also recently a bug has been fixed (in 3.2 version) on parsing issue in SecurityUtils.

http://code.google.com/p/primefaces/iss ... il?id=3499

Also Oleg has commented the use of container based authentication here

http://ovaraksin.blogspot.in/2011/03/js ... based.html

But what I couldnt find is How/Will these primefaces EL tags would work with spring security or JEE authentications ???

Any idea?

Optimus/Oleg

Your thoughts ??

[cagatay.civici]

It has been a long time since I've used spring security but I remember if you have HTTPContextIntegrationfilter in filter chain it will work as this filter wraps httpservletrequest which these security el functions ask to see if user is in role.

[javascope]

Code: Select all

The user has the role USERADMIN, but #{p:ifGranted('USERADMIN')} is returning false.

when i implemented custom Authentication class, i encountered with the same case.

Later, i used the standard Authentication class like UsernamePasswordAuthenticationToken and then everything(ifGranted, ifAnyGranted,...) worked as it should be

regards,

[RodrigoSieja]

And what's the solution for applications using JAAS for authentication and authorization?