Security (framework?) for JSF 2.0_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-02-10 10:28 出处：网络

I have implemented some pages for my webproject. However, now I would like to add security. I will have a couple of roles, like admin, user, other and some pages shall only be accessable for the admi

相关专题：jsf-2 security

I have implemented some pages for my webproject. However, now I would like to add security.

I will have a couple of roles, like admin, user, other and some pages shall only be accessable for the admins, some for the users and so o开发者_如何学编程n.

If its intresting, Im using Hibernate for the database. I plan to store the roles and users in the database.

Can you help me to tell the best practice (if any) for a scalable solution for implementing the security in my webproject? Links, books or a good example is very grateful =)

Best regards

Apache Shiro is a new and supposedly very elegant and easy to use security framework.

Spring security may be suitable for your needs.

http://static.springsource.org/spring-security/site/features.html

BTW which IDE you are using?

You can undoubtedly visit OWASP web site..The OWASP web site provides you on every bit of information about the potential security attacks/threats to a web application..

The website will provide you all the information related to a particular attack/threat and also the possible solution to avoid the threat..

You can even download the ESAPI jar provided by OWASP which provides ample amount of functionalities to handle security attacks/threats. It will considerably reduce your development time.

Here's the link to the website

https://www.owasp.org/index.php/Main_Page

Based on the underlying technology you are using you will get relevant solutions to avoid attacks/threats.

Also you can store the names of the module or the URL in the DB and you can have a mapping between roles and the module. Based on the role of the user you can fetch the module and display respective modules to the user.

You can further visit this link for some more details on when to use SHIRO and when to use EASPI.

Apache Shiro & Java Security for Novicesenter link description here

But I am sure that after going through EASPI web site and few days of studying security attacks you can easily use EASPI to provide enhance security feature to your web application.