Security « Security « JSF Q&A





1. Securing a web application    stackoverflow.com

What steps can be taken to make sure a web application using Hibernate, Spring and JSF is secure? What vulnerabilites can exist and what security framework if any is standard?

2. Problem with JSF forwarding and security constraint    stackoverflow.com

I'm making a web application in which certain pages are login-protected. I have created a JDBC security realm in glassfish for this, and used Form authentication (Similar to the method

3. Jsf ActionListener for custom security implementation    stackoverflow.com

I've developed custom ActionListener:

public class SecureActionListener extends ActionListenerImpl implements ActionListener {

    private ActionListener _delegate;

    public SecureActionListener(ActionListener delegate) {
        ...

4. Does JSF1.2 has buit in CSRF protection?    stackoverflow.com

I have tested a JSF application with the CSRFtester tool, and the tool didn't report any CSRF problems. But I had read in the "OWASP_Top_10_2007_for_JEE.pdf", that all Java EE web application ...

5. Book Suggestion About JSF 2.0 Security Implementations    stackoverflow.com

i am looking for a book which has JSF 2.0 security topics and decent amount of tutorial/examples how to implement those security features (e.g session management, roles, limited number of login ...

6. Are filters or phase listers a good way to do security in Java EE 6?    stackoverflow.com

I've been doing it like this lately and find it so much better than XML hell(Spring security) or Glassfish security(because I don't need to have groups or set the tables up ...

7. How to secure webpages when user is not logged in    stackoverflow.com

I have some XHTML pages. When I run the project, I can view the page even if I am not logged in. When I type directly in the adress bar, I ...

8. What are the security concerns for JSF?    stackoverflow.com

I am steeped in Struts, and I am starting to learn JSF 2.0. Can I keep using what worked in Struts to reduce attack vectors, or are there new attack vectors ...

9. Security (framework?) for JSF 2.0    stackoverflow.com

I have implemented some pages for my webproject. However, now I would like to add security. I will have a couple of roles, like admin, user, other and some pages shall only ...





10. Access Security level (ACL) with Java EE 6?    stackoverflow.com

I am developing a web application where there are few roles like Admin,Reporter,Manager,Customer.Agent.Based on Role, some menu item need to be displayed . Admin can give permission (dynamically) to user say ...

11. j_security_check vs Programmatic Security    stackoverflow.com

I'm building a Web application using jsf, ejbs and jpa. I currently use form based j_security_check to handle authentication. I need to implement support for cookies ie "Remember me" option. Also I want ...

12. JAAS web-security on jboss 5    stackoverflow.com

hello i'm trying to perform a based form authentication on jboss: these are my configuration files. login-config.xml:

<application-policy name="MyPolicy">
<authentication>
    <login-module flag="required"
        code="org.jboss.security.auth.spi.DatabaseServerLoginModule">
  ...

13. JSF J_security_check How to get number of connected users and their role?    stackoverflow.com

I get the username of the connected user (using j_security_check) this way, through a managed bean:

......
    username =   FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal().getName();
And then display it in a jsf page ...

14. Security frameworks with JSF ? Which all are there?    stackoverflow.com

Spring Security is a choice, I know, but I dont know how good it is with JSF 2.0 ! But, I do know, it is too complex. Apache Shiro is also an ...

15. Securing JSF applications    stackoverflow.com

I've been asked by a freelancer friend of mine to join him on a JSF 2.0 project, and I'm slowly picking up speed and putting the pieces together. Coming from a ...

16. JSF and j_security_check connection    stackoverflow.com

I have an .xhtml page in which I have tried both BalusC's suggestion here and also the following without avoiding the OP's issue

  <meta http-equiv="refresh" content="#{session.maxInactiveInterval}"/>
Basically, I start ...





17. Access control on web app    stackoverflow.com

I am making a web app that has a login page (Using Facelets with JSF 2.0) which checks credentials before redirecting to a isLoggedIn or error page. I have access to ...

18. Evaluating container managed security for implementing security in a web application?    stackoverflow.com

I have been looking into several possible security solutions in the past days, in an attempt to secure my JSF application & came across several frameworks (like JAAS, Shiro, ...

19. Access Control in JSF using a PhaseListener - a generic version - what do think of this idea    stackoverflow.com

I have been looking for simple security for a simple JSF web site. I found this solution http://http://devgrok.blogspot.com/2009/07/access-control-using-phaselistener.html#comment-form Many of the idea in here is taking from the above link ...

20. Simple Security    coderanch.com

21. implement Role based security in JSF    coderanch.com

Most of my security is handled in a servlet filter. That basically controls who can visit what page. Now what you probably want to know more about is how to display or not display certain components on a form depending on the role of the user viewing the page. So the security filter has already been hit and now it's up ...

23. AJAX, JSF and security    coderanch.com

24. Using https: for security    coderanch.com

The following code <% String path = request.getContextPath(); String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/"; %> Works well for setting the base path relative to the server and application path. So you could just substitute request.getScheme() with https in some sort ...

25. Simple custom security in JSF app    coderanch.com

I have an app which is currently being used by my company. It uses container based security with only one role (sufficient for now). I now have to come up with a new release that will allow our clients to use it as well, with a complex set of rules defining what they can and can't do with it. At the ...

26. JSF and security    coderanch.com

27. custom security and HttpSession access    coderanch.com

Ok, I think I have a question for someone with alot more knowledge of JSF than me. I'm creating an app with custom security and I want to make sure that there will only be one session per account at a time (or one session per account if it's an privileged account of some sort). I was thinking of scanning a ...

28. JSF, roles and security-constraint    coderanch.com

29. JSF Security Issue    coderanch.com

30. JSF and Security    coderanch.com

31. Security in JSF    coderanch.com

Hey guys, Ive just had a search over the boards about implementing security in JSF and Im still a little unsure about the best way to go about implementing security... My situation is that we are going to have a large number of users for our system...in the region of 400 we expect. Each user will have access to defined sections ...

32. Security in JSF    coderanch.com

33. j_security_ckeck problem    coderanch.com

35. Security in JSF 2.0    coderanch.com

37. manage users for programmatic security    coderanch.com

Programmatic security is not considered the optimal way to secure applications. Programs can have bugs and the last place you want bugs is in security. Plus changing the security architecture requires rewriting the security code, and that often means modify the application logic. Declarative security is preferable, where possible. Because, unlike program code, declarations have a fairly small number of possibilities, ...

38. Security    coderanch.com

39. JSF security question    coderanch.com

40. Log In Security    coderanch.com

41. roll based security setup in jsf    forums.oracle.com