1. Securing a web application stackoverflow.comWhat steps can be taken to make sure a web application using Hibernate, Spring and JSF is secure? What vulnerabilites can exist and what security framework if any is standard? |
2. Problem with JSF forwarding and security constraint stackoverflow.comI'm making a web application in which certain pages are login-protected. I have created a JDBC security realm in glassfish for this, and used Form authentication (Similar to the method |
3. Jsf ActionListener for custom security implementation stackoverflow.comI've developed custom ActionListener: |
4. Does JSF1.2 has buit in CSRF protection? stackoverflow.comI have tested a JSF application with the CSRFtester tool, and the tool didn't report any CSRF problems. But I had read in the "OWASP_Top_10_2007_for_JEE.pdf", that all Java EE web application ... |
5. Book Suggestion About JSF 2.0 Security Implementations stackoverflow.comi am looking for a book which has JSF 2.0 security topics and decent amount of tutorial/examples how to implement those security features (e.g session management, roles, limited number of login ... |
6. Are filters or phase listers a good way to do security in Java EE 6? stackoverflow.comI've been doing it like this lately and find it so much better than XML hell(Spring security) or Glassfish security(because I don't need to have groups or set the tables up ... |
7. How to secure webpages when user is not logged in stackoverflow.comI have some XHTML pages. When I run the project, I can view the page even if I am not logged in. When I type directly in the adress bar, I ... |
8. What are the security concerns for JSF? stackoverflow.comI am steeped in Struts, and I am starting to learn JSF 2.0. Can I keep using what worked in Struts to reduce attack vectors, or are there new attack vectors ... |
9. Security (framework?) for JSF 2.0 stackoverflow.comI have implemented some pages for my webproject. However, now I would like to add security. I will have a couple of roles, like admin, user, other and some pages shall only ... |
10. Access Security level (ACL) with Java EE 6? stackoverflow.comI am developing a web application where there are few roles like Admin,Reporter,Manager,Customer.Agent.Based on Role, some menu item need to be displayed . Admin can give permission (dynamically) to user say ... |
11. j_security_check vs Programmatic Security stackoverflow.comI'm building a Web application using jsf, ejbs and jpa. I currently use form based j_security_check to handle authentication. I need to implement support for cookies ie "Remember me" option. Also I want ... |
12. JAAS web-security on jboss 5 stackoverflow.comhello i'm trying to perform a based form authentication on jboss: these are my configuration files. login-config.xml: |
13. JSF J_security_check How to get number of connected users and their role? stackoverflow.comI get the username of the connected user (using j_security_check) this way, through a managed bean: |
14. Security frameworks with JSF ? Which all are there? stackoverflow.comSpring Security is a choice, I know, but I dont know how good it is with JSF 2.0 ! But, I do know, it is too complex. Apache Shiro is also an ... |
15. Securing JSF applications stackoverflow.comI've been asked by a freelancer friend of mine to join him on a JSF 2.0 project, and I'm slowly picking up speed and putting the pieces together. Coming from a ... |
16. JSF and j_security_check connection stackoverflow.comI have an .xhtml page in which I have tried both BalusC's suggestion here and also the following without avoiding the OP's issue |
17. Access control on web app stackoverflow.comI am making a web app that has a login page (Using Facelets with JSF 2.0) which checks credentials before redirecting to a isLoggedIn or error page. I have access to ... |
18. Evaluating container managed security for implementing security in a web application? stackoverflow.comI have been looking into several possible security solutions in the past days, in an attempt to secure my JSF application & came across several frameworks (like JAAS, Shiro, ... |
19. Access Control in JSF using a PhaseListener - a generic version - what do think of this idea stackoverflow.comI have been looking for simple security for a simple JSF web site. I found this solution http://http://devgrok.blogspot.com/2009/07/access-control-using-phaselistener.html#comment-form Many of the idea in here is taking from the above link ... |
20. Simple Security coderanch.com |
21. implement Role based security in JSF coderanch.comMost of my security is handled in a servlet filter. That basically controls who can visit what page. Now what you probably want to know more about is how to display or not display certain components on a form depending on the role of the user viewing the page. So the security filter has already been hit and now it's up ... |
22. Anyone is willing to look at security-constraint ? coderanch.com |
23. AJAX, JSF and security coderanch.com |
24. Using https: for security coderanch.comThe following code <% String path = request.getContextPath(); String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/"; %> |
25. Simple custom security in JSF app coderanch.comI have an app which is currently being used by my company. It uses container based security with only one role (sufficient for now). I now have to come up with a new release that will allow our clients to use it as well, with a complex set of rules defining what they can and can't do with it. At the ... |
26. JSF and security coderanch.com |
27. custom security and HttpSession access coderanch.comOk, I think I have a question for someone with alot more knowledge of JSF than me. I'm creating an app with custom security and I want to make sure that there will only be one session per account at a time (or one session per account if it's an privileged account of some sort). I was thinking of scanning a ... |
28. JSF, roles and security-constraint coderanch.com |
29. JSF Security Issue coderanch.com |
30. JSF and Security coderanch.com |
31. Security in JSF coderanch.comHey guys, Ive just had a search over the boards about implementing security in JSF and Im still a little unsure about the best way to go about implementing security... My situation is that we are going to have a large number of users for our system...in the region of 400 we expect. Each user will have access to defined sections ... |
32. Security in JSF coderanch.com |
33. j_security_ckeck problem coderanch.com |
34. Encrypting Client State with a Security Constraint coderanch.com |
35. Security in JSF 2.0 coderanch.com |
36. [Facelet & JSF Security] What do you think of this? coderanch.com |
37. manage users for programmatic security coderanch.comProgrammatic security is not considered the optimal way to secure applications. Programs can have bugs and the last place you want bugs is in security. Plus changing the security architecture requires rewriting the security code, and that often means modify the application logic. Declarative security is preferable, where possible. Because, unlike program code, declarations have a fairly small number of possibilities, ... |
38. Security coderanch.com |
39. JSF security question coderanch.com |
40. Log In Security coderanch.com |
41. roll based security setup in jsf forums.oracle.com |