Category: JSF
-
Integrating Primefaces and Spring Security
Following all previous steps we always configured JSF and Spring. In case we use third party library like Primefaces you will have to configure resources required by Primefaces manually in Spring Security xml. Extending example at if we had Primefaces lib in our project we will have to add below configuration to jsfspring-sec-security-config.xml [sourcecode language=”xml”]…
-
Integrating Spring Security 3.1 and JSF 2.0
Today in this tutorial we will integrate our JSF 2.0 application with Spring Security 3.1. We will be using the basic security feature of Spring Security and later on we will expand on this. What we need JDK Eclipse Spring Core Spring Security Some additional jars Project Creation Create a new “Dynamic Web Project” In…
-
Integrate LDAP and Spring Security 3.1 for Authentication and Authorization in a JSF 2.0 Application.
Backtracking all our previous tutorial you will notice we always had our user definition with password placed in our database. Not every time this will be the case and frequently we will have to integrate our application with LDAP. In this tutorial we will integrate our earlier application with Apache Directory Services. If you don’t…
-
Secure your business layer with Spring Security Annotation
In the last post we secured our business layer with JSR-250 annotation. Spring Security provides similar functionality. In this tutorial we will use @PreAuthorize annotation to secure our business model built earlier. First change is in our BusinessModel.java where we move from @RolesAllowed to @PreAuthorize, one reason why you would need Spring Security annotation is…
-
Secure your business layer with JSR-250 and Spring Security in a JSF application
In the previouspost we looked at the different option that we have as part of Java EE and Spring security framework. In this tutorial we will see how we can leverage JSR-250 security annotation. To being with you need the source code from previous post. With some code behind us, let’s see how JSR-250 can…
-
Spring Security 3.1 conditionally securing your web page with JSF 2.0
Hello, in all our previous use cases we secured a whole page, but what if we want to secure only a certain element or part ? Consider a scenario where message displayed on admin login and guest login is different, message is a very simple example, you may want to show different menu to admin.…
-
Spring Security 3.1 Adding Salt to Password using BCryptPasswordEncoder and JSF 2.0
In the last post, we used StandardPasswordEncoder for encoding our password. In this tutorial we will use BCryptPasswordEncoder for encoding. This provides more security, you can even specify the strength by default it is 10, and in this post we are using the default configuration, we will see the custom configuration in next post. First…
-
Spring Security 3.1 Adding Salt to Password using StandardPasswordEncoder and JSF 2.0
In the last couple of post Spring Security 3.1 Adding Salt to Password using Custom Database and JSF 2.0 Spring Security 3.1 Group-Based Access Control with Custom Database and JSF 2.0 We added salt to our password and implemented Group-Based Access Control. But our salt was dependent on the username, which is not a very good thing…
-
Spring Security 3.1 Group-Based Access Control with Custom Database and JSF 2.0
In all our previous tutorials, access was given to users directly, which is hardly implemented in real world applications. Most of the security or permissioning system uses “Group-Based Access Control” system including Microsoft Active Directory, LDAP etc. “Group-Based Access Control” means access is given to a group and members of a given group will inherit…
-
Spring Security 3.1 Adding Salt to Password using Custom Database and JSF 2.0
In the last post we successfully secured our password, but there is a problem with that approach. Consider a scenario where two users have same password, our hashing mechanism can lead both password to be hashed with the same value, thus resulting in a security hole. It is now normal to use salt while hashing…