JSF - Role based pages display

Question

I am starting a web app project using JSF 2.0 and PrimeFaces. One of the requirements would be to display different page content based on the user role. E.g. only admins should see the menu item - User administration.

Security-wise I will go for Spring security.

How could this be achieved in an elegant way? Should I make a xhtml template for everyone and then create different pages for each role with the role-specific UI items?

Thank you

Answer 1

Simply use the attribute rendered + role check in components, for example for a submenu:

<p:submenu label="#{msg['header.management']}" rendered="#{request.isUserInRole('INTERNO')}">
        <p:submenu label="#{msg['header.roles']}" icon="ui-icon-contact">
                <p:menuitem value="#{msg['header.newRole']}" url="/pages/addRole.jsf" />
            <p:menuitem value="#{msg['header.mngRoles']}" url="/pages/viewRole.jsf" />
</p:submenu>

Being 'INTERNO' the role defined in Spring. I think this is pretty elegant.

To disable navigation for that pafe (or set of pages) you would still have to add an intercept to your spring-security.xml for example:

<intercept-url pattern="/pages/*Role*" access="hasRole('INTERNO')" />