I would recommend using the rendered flag to test. If you explicitly
set the rendered value, it will never use the EL expression from the
view since components always prefer non-null member values over value
binding expressions (although Tom's example will work as long as you
never try to use the rendered value binding on his "hasRole" tag)
In the case of rendering, you can use EL functions (with facelets) to
call functions to see if your user has the correct security. Also
JBoss Seam has some nice JSF security features:
http://docs.jboss.com/seam/1.2.1.GA/reference/en/html_single/#security
On 5/24/07, Cort, Tom <[EMAIL PROTECTED]> wrote:
I ran into this problem a few days ago. I solved it by extending
UIComponentBase and UIComponentTag to create a hasRole tag.
<blah:hasRole role="ADMIN">
<h:outputText="#{bundle.TopSecretAdminMessage}"/>
</blah:hasRole>
Here's the meat of the UIComponent....
public void encodeBegin(FacesContext context) throws IOException {
String role = (String)getAttributes().get("role");
if (JAASUtils.hasRole(role)) {
this.setRendered(true);
} else {
this.setRendered(false);
}
}
I'm new to JSF, so I don't know if this is the best/correct approach but it
does work. If anyone has a better solution, I'd be happy to hear about it.
--
Tom Cort
Systems Developer
Vermont Department of Taxes
