Security « Security « JSF Q&A

32.Web Service
JSF Q&A » Security » Security 

1. Securing a web application

What steps can be taken to make sure a web application using Hibernate, Spring and JSF is secure? What vulnerabilites can exist and what security framework if any is standard?

2. Problem with JSF forwarding and security constraint

I'm making a web application in which certain pages are login-protected. I have created a JDBC security realm in glassfish for this, and used Form authentication (Similar to the method

3. Jsf ActionListener for custom security implementation

I've developed custom ActionListener:

public class SecureActionListener extends ActionListenerImpl implements ActionListener {

    private ActionListener _delegate;

    public SecureActionListener(ActionListener delegate) {

4. Does JSF1.2 has buit in CSRF protection?

I have tested a JSF application with the CSRFtester tool, and the tool didn't report any CSRF problems. But I had read in the "OWASP_Top_10_2007_for_JEE.pdf", that all Java EE web application ...

5. Book Suggestion About JSF 2.0 Security Implementations

i am looking for a book which has JSF 2.0 security topics and decent amount of tutorial/examples how to implement those security features (e.g session management, roles, limited number of login ...

6. Are filters or phase listers a good way to do security in Java EE 6?

I've been doing it like this lately and find it so much better than XML hell(Spring security) or Glassfish security(because I don't need to have groups or set the tables up ...

7. How to secure webpages when user is not logged in

I have some XHTML pages. When I run the project, I can view the page even if I am not logged in. When I type directly in the adress bar, I ...

8. What are the security concerns for JSF?

I am steeped in Struts, and I am starting to learn JSF 2.0. Can I keep using what worked in Struts to reduce attack vectors, or are there new attack vectors ...

9. Security (framework?) for JSF 2.0

I have implemented some pages for my webproject. However, now I would like to add security. I will have a couple of roles, like admin, user, other and some pages shall only ...

10. Access Security level (ACL) with Java EE 6?

I am developing a web application where there are few roles like Admin,Reporter,Manager,Customer.Agent.Based on Role, some menu item need to be displayed . Admin can give permission (dynamically) to user say ...

11. j_security_check vs Programmatic Security

I'm building a Web application using jsf, ejbs and jpa. I currently use form based j_security_check to handle authentication. I need to implement support for cookies ie "Remember me" option. Also I want ...

12. JAAS web-security on jboss 5

hello i'm trying to perform a based form authentication on jboss: these are my configuration files. login-config.xml:

<application-policy name="MyPolicy">
    <login-module flag="required"

13. JSF J_security_check How to get number of connected users and their role?

I get the username of the connected user (using j_security_check) this way, through a managed bean:

    username =   FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal().getName();
And then display it in a jsf page ...

14. Security frameworks with JSF ? Which all are there?

Spring Security is a choice, I know, but I dont know how good it is with JSF 2.0 ! But, I do know, it is too complex. Apache Shiro is also an ...

15. Securing JSF applications

I've been asked by a freelancer friend of mine to join him on a JSF 2.0 project, and I'm slowly picking up speed and putting the pieces together. Coming from a ...

16. JSF and j_security_check connection

I have an .xhtml page in which I have tried both BalusC's suggestion here and also the following without avoiding the OP's issue

  <meta http-equiv="refresh" content="#{session.maxInactiveInterval}"/>
Basically, I start ...

17. Access control on web app

I am making a web app that has a login page (Using Facelets with JSF 2.0) which checks credentials before redirecting to a isLoggedIn or error page. I have access to ...

18. Evaluating container managed security for implementing security in a web application?

I have been looking into several possible security solutions in the past days, in an attempt to secure my JSF application & came across several frameworks (like JAAS, Shiro, ...

19. Access Control in JSF using a PhaseListener - a generic version - what do think of this idea

I have been looking for simple security for a simple JSF web site. I found this solution http:// Many of the idea in here is taking from the above link ...

20. Simple Security

21. implement Role based security in JSF

Most of my security is handled in a servlet filter. That basically controls who can visit what page. Now what you probably want to know more about is how to display or not display certain components on a form depending on the role of the user viewing the page. So the security filter has already been hit and now it's up ...

23. AJAX, JSF and security

24. Using https: for security

The following code <% String path = request.getContextPath(); String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/"; %> Works well for setting the base path relative to the server and application path. So you could just substitute request.getScheme() with https in some sort ...

25. Simple custom security in JSF app

I have an app which is currently being used by my company. It uses container based security with only one role (sufficient for now). I now have to come up with a new release that will allow our clients to use it as well, with a complex set of rules defining what they can and can't do with it. At the ...

26. JSF and security

27. custom security and HttpSession access

Ok, I think I have a question for someone with alot more knowledge of JSF than me. I'm creating an app with custom security and I want to make sure that there will only be one session per account at a time (or one session per account if it's an privileged account of some sort). I was thinking of scanning a ...

28. JSF, roles and security-constraint

29. JSF Security Issue

30. JSF and Security

31. Security in JSF

Hey guys, Ive just had a search over the boards about implementing security in JSF and Im still a little unsure about the best way to go about implementing security... My situation is that we are going to have a large number of users for our the region of 400 we expect. Each user will have access to defined sections ...

32. Security in JSF

33. j_security_ckeck problem

35. Security in JSF 2.0

37. manage users for programmatic security

Programmatic security is not considered the optimal way to secure applications. Programs can have bugs and the last place you want bugs is in security. Plus changing the security architecture requires rewriting the security code, and that often means modify the application logic. Declarative security is preferable, where possible. Because, unlike program code, declarations have a fairly small number of possibilities, ...

38. Security

39. JSF security question

40. Log In Security

41. roll based security setup in jsf  | Contact Us | Privacy Policy
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.