基于用户角色渲染 JSF 组件

发布于 2024-10-13 04:06:40 字数 358 浏览 2 评论 0原文

如何根据登录用户的角色呈现 JSF 组件？我知道外部上下文公开了原理，但是我应该如何在 JSF 中正确进行渲染？在 JSP 中，它会是这样的：

<% isUserInRole(Roles.ADMIN) { %>
<button>Edit!</button>
<% } %>

How do I write this in JSF the best possible way?我最好的猜测是渲染的属性与返回布尔值的支持 bean 的方法相关联，但是如果我必须仅为管理员呈现一些导航项，那么这将引入不相关的支持 bean...

Glassfish V3.1、JSF 2.x

原文

How do I render JSF components based on a logged in user's role? I know the external context exposes the principals, but how should I do the rendering properly in JSF? In JSP it would be something like

<% isUserInRole(Roles.ADMIN) { %>
<button>Edit!</button>
<% } %>

How do I write this in JSF the best possible way? My best guess is the rendered attribute tied to a backing bean's method that returns a boolean, but that would introduce an irrelevant backing bean if I have to render some navigation items only for admins...

Glassfish V3.1, JSF 2.x

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

极致的悲 2024-10-20 04:06:40

如果您的 web.xml 被声明为 Servlet 3.0（隐含地与 JSP/EL 2.2 相关），

<?xml version="1.0" encoding="UTF-8"?>
<web-app 
    xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
    version="3.0">

那么您可以利用能够在 EL 中调用带有参数的方法，如 ExternalContext#isUserInRole()< /code>：

rendered="#{facesContext.externalContext.isUserInRole('ADMIN')}"

请注意，这需要一个支持 Servlet 3.0 的容器，但由于您使用的是 Glassfish 3（支持 Servlet 3.0），因此它应该可以正常工作。

另请注意，如果您使用 Facelets 而不是 JSP，那么您将拥有 HttpServletRequest 在 EL 中可用作 #{request}，允许您使用以下较短的表达式：

rendered="#{request.isUserInRole('ADMIN')}"

If your web.xml is declared as Servlet 3.0 (which implicitly relates to JSP/EL 2.2)

<?xml version="1.0" encoding="UTF-8"?>
<web-app 
    xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
    version="3.0">

then you can take benefit of being able to invoke methods with arguments in EL like as ExternalContext#isUserInRole():

rendered="#{facesContext.externalContext.isUserInRole('ADMIN')}"

Note that this requires a Servlet 3.0 capable container, but since you're using Glassfish 3 (which supports Servlet 3.0), it should work without any issues.

Also note that if you're using Facelets instead of JSP, then you've the HttpServletRequest available as #{request} in EL, allowing you the following shorter expression:

rendered="#{request.isUserInRole('ADMIN')}"

回复收藏 0 原文

泅渡 2024-10-20 04:06:40

作为对 @wasimbhalli 的回应，我发现该表达式始终返回 false 有两个原因：

角色名称区分大小写。
rendered="#{facesContext.externalContext.isUserInRole('ADMIN')}" 可能会返回 false，但请尝试
rendered="#{facesContext.externalContext.isUserInRole('admin')}"，或rendered="#{facesContext.externalContext.isUserInRole('Admin')}"。
您必须在 web.xml 中定义您的角色（或作为注释）并将其映射到 glassfish-web.xml 中。

以下是如何在web.ml中指定角色

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
  <security-role>
    <role-name>admin</role-name>
  </security-role>
</web-app>

以下是如何将身份验证组映射到glassfish-web.xml中的角色。

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app>
  <security-role-mapping>
    <role-name>admin</role-name> <!-- name defined in web.xml or annotations -->
    <group-name>admin</group-name><!-- name from authentication mechanism -->
  </security-role-mapping>
</glassfish-web-app>

在我的测试中，即使名称相同，也有必要进行映射，如我在示例代码中所示。另外，在我的测试中，我尝试仅定义映射并仅在 web.xml 中定义角色，但都不起作用。我需要两者，因为以正确的大小写指定角色名称。

In response to @wasimbhalli, there are two reasons I have found that the expression would always return false:

The role name is case sensitive.
rendered="#{facesContext.externalContext.isUserInRole('ADMIN')}" may return false, but try
rendered="#{facesContext.externalContext.isUserInRole('admin')}", or rendered="#{facesContext.externalContext.isUserInRole('Admin')}".
You have to define your roles in both web.xml (or as annotations) and map it in glassfish-web.xml.

The following is how to specify a role in web.ml

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
  <security-role>
    <role-name>admin</role-name>
  </security-role>
</web-app>

The following is how to map the authentication group to the role in glassfish-web.xml.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app>
  <security-role-mapping>
    <role-name>admin</role-name> <!-- name defined in web.xml or annotations -->
    <group-name>admin</group-name><!-- name from authentication mechanism -->
  </security-role-mapping>
</glassfish-web-app>

In my testing it was necessary to do the mapping even when the names were the same, as I show in my example code. Also in my testing, I tried to only define the mapping and only to define the role in web.xml, and neither worked. I needed both, as specifying the role name in the correct case.

回复收藏 0 原文