security « IceFaces « JSF Q&A





1. Icefaces + j_security_check    icefaces.org

Hi guys, i'm trying to integrate Icefaces and container managed security to resolve the issue of users being able to enter a direct url ang gain access to restricted resources. After an hour or so i configured a jdbc realm on glassfish using mysql and wrote the corresponding jsp with a form and (action="j_security_check"), made necessary changes on web.xml and sun-web.xml. ...

2. Security Tutorial Help    icefaces.org

3. security constrains    icefaces.org

Hi, I am using Icefacec 1.8.0 and NetbeansIDE 6.5 i am develop some application where user can open pages from links relative to his permission in the system, i render links that he has permission to view it, but if user type the URL of page that he don't own it's permission it will open successfully. i try to re-direct him ...

5. outputResource security, temp files?    icefaces.org

6. Security with icefaces 2.0 alpha 2: logout problem    icefaces.org

I have a problem with security. I have icefaces login form. I'am using j_security_check mechanism. For logout I use req.logout() and session.invalidate() and after that redirect to login form. Everything works fine. But if I want to do login again I see dispose-window.icefaces.jsf page !!! What is dispose-window.icefaces.jsf page mean? And what to do with this problem? Anybody can help me? ...

7. Security Icefaces    icefaces.org

8. Security software can block icefaces web apps    icefaces.org

I deployed several ICEFaces based webapps which get a fair amount of traffic and have had several users complain they can access my ICEFaces webapps. They report getting an exception like: java.lang.NullPointerException com.icesoft.faces.webapp.xmlhttp.PersistentFacesServlet.service (PersistentFacesServlet.java:177) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) After doing a bit of Google research I found the root cause was the use Norton Internet Security on WindowsXP. I also found this blog talking ...

9. Security with ICEFaces    icefaces.org

Hi, I plan to have user/role defined in the database (i.e. use local db for authorization/authentication). I am using JSF/Facelets/ICEFaces. I have the following question: 1. how to configure web.xml to secure the page? 2. How exactly does isUserInRole in iceface tags work? Any like or sample will be very helpful. Thanks much.





10. Security in a JSF/facelet application    icefaces.org

Hi, 1. I have a JSF/facelet/iceface application. I plan to use my own table for username/role/password. is there a reference/sample online for this scenario? Thanks much. 2. On my logon page, I plan to let user press enter in password inputText. I set the partialSubmit to true in password inputText. Ideally, after validation, it should move forward to the next page. ...

13. Security    icefaces.org

Hi I am creating a login page and i have set my mind on using enabledonuserrole attribute. is it necessary to use acegi security ??? aslo i want to use HTTPS .... can i implement security and enabledonuserrole w/o acegi please help i am really confused and have no clue what to maybe someone can also point me to a tutorial ...

16. Security issues    icefaces.org





17. Error starting tomcat 6 with security manager enabled    icefaces.org

Hi, When my deploy my war file and try to start my tomcat 6 with security manager enabled, it throwing java.security.AccessControlException: access denied exception. When I start without security manager it works fine. Any ideas on how to reslove this issue? Thanks Please see below a complete stack trace: localhost.log Code: 29-Jan-2008 16:55:25 org.apache.catalina.core.StandardContext listenerStart SEVERE: Error configuring application listener of ...

18. Icefaces, Facelets and security    icefaces.org

I am using IceFaces in a facelets configuration on Tomcat 5.5. How do you use standard web.xml security-constraint and url-patterns when Icefaces hides this from the server? Example: I goto the /index.iface page and navigate (via commandlink and faces-config) to /something/page.jspx. If I setup a security-constraint with url-pattern /something/* it never takes effect (- perhaps as expected as the browser url ...

19. Security and xmlhttp url's    icefaces.org

When creating an login.iface for spring security I need to allow unauthenticated users access to /xmlhttp/**, so they can retrieve the javascript needed by icefaces. Looking at my logs, this only fetches some javascript files and a blank page, but I want to be sure I'm not opening my application to the world this way. So, is it a security leak ...