JAVA TOPICS
All Sections
JDJ Archives
AJAX
Borland Developers Conference 2005
Caching
Editorial
FrontPage Feature
General Java
Hibernate | JSF | Spring
JDJ Back Page
JDJ Commentary
JDJ Industry Interviews
JSR Watch
Java Desktop
Java EE 5
Java Industry News
Java ME
Java News Desk
Java SE 6
JavaFX
JavaOne 2006 News
Open-Sourcing Java
Product Reviews
Q&A
Virtualization
Write For Us
Yakov's Gas Station
SYS-CON.TV: JBoss's Seam: Eliminate Complexity and Build Next-Generation Web 2.0 Applications


2007 West
GOLD SPONSORS:
Active Endpoints
Your SOA Needs BPEL for Orchestration
BEA
Virtualized SOA: Adaptive Infrastructure for Demanding Applications
Nexaweb
Overcoming Bandwidth Challenges with Nexaweb
TIBCO
What is Service Virtualization?
SILVER SPONSORS:
WSO2
Using Web Services Technologies and FOSS Solutions
Click For 2007 East
Event Webcasts

2008 East
PLATINUM SPONSORS:
Appcelerator
Think Fast: Accelerate AJAX Development with Appcelerator
GOLD SPONSORS:
DreamFace Interactive
The Ultimate Framework for Creating Personalized Web 2.0 Mashups
ICEsoft
AJAX and Social Computing for the Enterprise
Kaazing
Enterprise Comet: Real–Time, Real–Time, or Real–Time Web 2.0?
Nexaweb
Now Playing: Desktop Apps in the Browser!
Sun
jMaki as an AJAX Mashup Framework
POWER PANELS:
The Business Value
of RIAs
What Lies Beyond AJAX?
KEYNOTES:
Douglas Crockford
Can We Fix the Web?
Anthony Franco
2008: The Year of the RIA
Click For 2007 Event Webcasts
Flex Is Strong Because of Java
I received an email stating that AOL finally aband
TOP THREE LINKS YOU MUST CLICK ON
Hibernate | JSF | Spring
Effective Page Authorization In JavaServer Faces
Application security - the art of applications defending themselves - represents an important line of defence in an overall in-depth security strategy. Web applications that follow the Model-View-Controller (MVC) architecture can, and should, have security implemented on all three layers. Normally it's the controller component that handles page authorization in MVC, the view layer that hides controls and information based on user authorization, and the model that enforces the business rules and input validation. However, it's up to the developer, based on an individual security policy and the programming technology used, to decide where to put security. Using pluggable validator components in JavaServer Faces (JSF), for example, developers may decide to verify user input on the view layer as well as on the model layer.
Reader Feedback : Page 1 of 1

Hi Duncan and Frank,

This article is really an interesting one. I found it at a right moment of time as I was trying to implement Page level security in a Project based on JSF.
I was wondering the article is based on Container-Managed Security or reading roles from web.xml. I have a requirement where I need to read the roles from database and not from web.xml, can I achieve this security feature by implementing the points mentioned in this article.
Awaiting for your response.
Thanks and Regards,
Keerthi.

Application security - the art of applications defending themselves - represents an important line of defence in an overall in-depth security strategy. Web applications that follow the Model-View-Controller (MVC) architecture can, and should, have security implemented on all three layers. Normally it's the controller component that handles page authorization in MVC, the view layer that hides controls and information based on user authorization, and the model that enforces the business rules and input validation. However, it's up to the developer, based on an individual security policy and the programming technology used, to decide where to put security. Using pluggable validator components in JavaServer Faces (JSF), for example, developers may decide to verify user input on the view layer as well as on the model layer.

Application security - the art of applications defending themselves - represents an important line of defence in an overall in-depth security strategy. Web applications that follow the Model-View-Controller (MVC) architecture can, and should, have security implemented on all three layers. Normally it's the controller component that handles page authorization in MVC, the view layer that hides controls and information based on user authorization, and the model that enforces the business rules and input validation. However, it's up to the developer, based on an individual security policy and the programming technology used, to decide where to put security. Using pluggable validator components in JavaServer Faces (JSF), for example, developers may decide to verify user input on the view layer as well as on the model layer.

Application security - the art of applications defending themselves - represents an important line of defence in an overall in-depth security strategy. Web applications that follow the Model-View-Controller (MVC) architecture can, and should, have security implemented on all three layers. Normally it's the controller component that handles page authorization in MVC, the view layer that hides controls and information based on user authorization, and the model that enforces the business rules and input validation. However, it's up to the developer, based on an individual security policy and the programming technology used, to decide where to put security. Using pluggable validator components in JavaServer Faces (JSF), for example, developers may decide to verify user input on the view layer as well as on the model layer.

Application security - the art of applications defending themselves - represents an important line of defence in an overall in-depth security strategy. Web applications that follow the Model-View-Controller (MVC) architecture can, and should, have security implemented on all three layers. Normally it's the controller component that handles page authorization in MVC, the view layer that hides controls and information based on user authorization, and the model that enforces the business rules and input validation. However, it's up to the developer, based on an individual security policy and the programming technology used, to decide where to put security. Using pluggable validator components in JavaServer Faces (JSF), for example, developers may decide to verify user input on the view layer as well as on the model layer.


FEATURED WHITE PAPERS
YOUR FEEDBACK
What Does the Future Hold for the Java Language?
By Joe Winchester
Tommy wrote: I simply do not agree on many parts: - .NET has a lot of traction - you can certainly know well (and master) more than one language. If you cannot master more than one language, this could potentially be one of your limits. - Java is not a perfect language - It is ea...
i-Technology Opinion: Why Use Extreme Programming?
By Troy Holmes
James Nwaba wrote: This is a nice article - very straight froward, easy to understand.However, there was no mention of any organization that have implemented XP. The author said, "Many of the concepts found in this lightweight method of development have been implemented into the ...
iPhone Office: 100 Ways to Turn Your Device into the Ultimate Productivity Tool
By Jessica Merritt
QueZZtion wrote: Can the iPhone really work as a multimedia remote for iTunes or even a desktop?
DoJa in NTT DoCoMo Phones
By Zev Blut
Venkat wrote: Excellent explanation. It will be helpful if it was in pictorial form ie with the emulator images. Can u please send me the I-mode to I appli communication and a brief explanatioj about the architecture.Thanks in advance.
i-Technology Opinion: Outsourcing...to Students
By Yakov Fain
Robert Dobbs wrote: Timothy, this video will get you started in the right direction: http://www.youtube.com/wa tch?v=3PycZtfns_U
HOT DISCUSSIONS
What Does the Future Hold for the Java Language?
By Joe Winchester
Next-Generation Web Development: Bye Bye MVC, Hello RIA + SOA
By Nolan Wright
Marathon Technologies Named "Best of Tech·Ed 2008 Finalist" for Server Virtualization
By Virtualization News Desk
InstallFree Signs Distribution Agreement With CDG Europe
By Virtualization News Desk
Ceedo Launches an Application Virtualization Solution for the Enterprise
By Virtualization News Desk
J-CASE Tag Library - Interactive Storyboarding with JSP
By Masayuki Otoshi
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS
SYS-CON FEATURED WHITEPAPERS

BREAKING JAVA NEWS
Domark International, Inc. Completes Its Acquisition of Javaco, Inc.
Domark International, Inc. (OTCBB:DOMK) announced today that it has completed its acqui
Jul. 18, 2008 01:00 PM
Saving Your Investment: Transforming J2EE applications into Web 2.0 using GWT
By RIA News Desk
The pressure is on to keep pace with Web 2.0 entrants into the marketplace. Rewriting is expensive;
WSRP Really Works! - Part 2
By Matt Silver
A standard from OASIS called Web Services for Remote Portlets (WSRP) is used so portlets can be deco
Adobe's Kevin Lynch and Microsoft's Scott Guthrie to Keynote AJAX World RIA Conference & Expo
By RIA News Desk
Two of the biggest launches in Rich Internet Application history took place in 2007/2008 when Adobe
Sun Expects Q4 Earnings Above Estimates
By Java News Desk
On Tuesday evening Sun issued a fourth-quarter guidance range largely above analysts' estimates. The
Virtualization Conference Keynote Webcast Live on SYS-CON.TV
By James Hamilton
Brian Stevens, the Chief Technology Officer and Vice President of Engineering of Red Hat, delivered
The Beauty of JavaScript
By RIA News Desk
JavaScript is one of the most interesting and misunderstood programming languages in common use toda
JavaScript: The Good Parts
By RIA News Desk
JavaScript is a language with more than its share of bad parts. It went from non-existence to global
Use JavaScript 2 Today with OpenLaszlo
By RIA News Desk
JavaScript 2 is becoming increasingly important. Learn how to take advantage of JavaScript 2 while s
Server-Side JavaScript - All the Cool Kids Are Doing It!
By RIA News Desk
In this session that no developer who uses JavaScript or ActionScript will want to miss, delegates w
AJAX with jQuery
By RIA News Desk
jQuery is a rapidly growing, popular JavaScript library. Its powerful and modular architecture, whic
Why the Web Dinosaurs Died
By Jonas Jacobi; John Fallows; Ric Smith; Brian Albers
A fast-moving Comet is about to impact the Internet. When it hits, it will wipe away the architectur
Sun Achieves Land Speed Record: 1M Messages Per Second
By Java News Desk
Algorithmic trading continues to drive the quest for greater speed and lower latency in the capital
AJAX and RIA Technology Will Be Free for All: Sun CEO
By Java News
'Java's always been a RIA platform - before the world really wanted one,' claimed Sun's CEO Jonathan
Quest Software's JProbe Now Available as Eclipse Plug-In
By Eclipse News Desk
Quest Software announced the latest release of its Java profiler, JProbe 8.0, which is now offered a
What Does the Future Hold for the Java Language?
By Joe Winchester
Before Java I was a Smalltalk guy. I remember switching from one language to the other and the tippi
White Paper: "Ensuring Code Quality in Multi-Threaded Applications"
By Java News Desk
Today, the world of software development is presented with a new challenge. To fully leverage this n
AccuRev and Rally Software Partner to Scale Agile Software Development Best Practices
By SOA World Magazine News Desk
AccuRev and Rally announced a technology partnership that will integrate AccuRev software change and
MyEclipse 6.5: The Maven Tipping Point for 1 Million Java Developers
By Eclipse News Desk
Genuitec announced the availability of MyEclipse Enterprise Workbench 6.5; Java's most compelling ID
AccuRev Leverages Web 2.0 Technology to Extend Process Management Reach Across the Organization
By Web 2.0 News Desk
AccuRev announced a new AJAX-based Web Interface and a native integration with Microsoft Windows Exp
Voyager Offers Android, .NET CF, Java Runtime Support
By Wireless News Desk
Recursion Software released a private beta version of their Voyager mobile platform, with powerful i
SPONSORED BY INFRAGISTICS
SOA in a JVM: OSGi Service Platform - A Dynamic Component System for Java
There are many forces that influence technological evolution. After a decade of building enterprise
Jun. 30, 2008 03:45 PM
AJAX and Enterprise RIA Tools - JSF, Flex, and JavaFX
2008 is going to be an important year for Rich Internet Applications. Most organizations are deliver
Jun. 20, 2008 12:45 PM
Final Voting Phase on OpenAjax Browser Wishlist
The OpenAjax Alliance is developing an Ajax industry wishlist for future browsers, using a dedicated
Jun. 18, 2008 07:45 PM
AJAX World RIA Conference News - Netflix UI Guru To Present on Crafting Rich Web Interfaces
In every field of design one of the first things students do is learn from the work of others. They
Jun. 11, 2008 10:30 AM
Infragistics Releases CTP UI Components for Microsoft Silverlight Beta 2
Infragistics announced the availability of two Community Technology Preview (CTP) User Interface (UI
Jun. 4, 2008 08:00 AM
Yahoo User Interface 2.5.2 Released
The YUI development team has released version 2.5.2; you can download the new release from SourceFor
Jun. 2, 2008 05:00 AM
ADS BY GOOGLE