Using Acegi to protect Java applications, part 5th: Securing JavaBean in JSF applications

Configurable security for beans used in JSF applications

This series is made up of five parts, describes the Acegi security System, and demonstrates how to use Acegi to protect enterprise-class Java applications. This article is the last part of the series and will continue to discuss the use of Acegi to protect JSF applications. In part 4th, I described how to use Acegi to protect JSF pages without writing Java code. I also detail the events that occurred when deploying JSF-ACEGI applications and users accessing the program. In this section, I will focus on techniques for protecting JavaBean in JSF applications.

The first example of how to apply the bean security concepts demonstrated in part 3rd to JSF applications is less than ideal. It then demonstrates two new technologies that are particularly suited to protecting JavaBean in JSF applications. Finally, summarizing the four-point strategy allows you to use Acegi to protect beans in a JSF application without writing any Java code.

Simple technology

The easiest way to use a security bean in a JSF application is to perform the five steps described in Listing 4 of part 3rd. In part 3rd, I removed the WEB application context object for the Spring framework from the servlet context. You can safely access the bean at a later time using the WEB application context. Listing 1 below shows how to use the WEB application context in a JSF page:

Listing 1. Extracts a WEB application context from the servlet context and uses it for JSF pages

<%@ page language= "java" contenttype= "text/html; Charset=iso-8859-1 "
pageencoding= "Iso-8859-1"%>
<% @page import= "Sample. Catalogbean "%>
<% @page import= "Org.springframework.web.context.support.WebApplicationContextU tils"%>
<% @page import= "Org.springframework.web.context.WebApplicationContext"% >

<%@ taglib uri= "http://java.sun.com/jsf/html" prefix= "H"% >
<%@ taglib uri= "Http://java.sun.com/jsf/core" prefix= "F"% >

<title>acegi Simple method Security Application:test page</title>
<body>

<f:view>
<%
try {
Webapplicationcontext Webapplicationcontext =
Webapplicationcontextutils.getwebapplicationcontext (
This.getservletconfig (). Getservletcontext ());
Catalogbean Privatecatalog = (Catalogbean)
Webapplicationcontext.getbean ("Privatecatalog");
String privatedata = Catalog.getdata ();
Request.setattribute ("Privatedata", privatedata);
}
catch (Exception e) {}
%>


</f:view>
</body>