HTML and CSS Reference
In-Depth Information
<user-data-constraint>
<description>Must switch to HTTPS as the page may contain confidential
information.</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!--
Security Contraints (protection) for the ADMINISTRATOR role.
-->
<security-constraint>
<display-name>Administrator Constrains</display-name>
<web-resource-collection>
<web-resource-name>AdministratorSection</web-resource-name>
<description>Administrator pages</description>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>ADMINISTRATOR</role-name>
</auth-constraint>
</security-constraint>
<!--
Specify which Login Mechanism and Security Realm to use. The details of
the Realm itself is configured on the application server (outside the
application).
-->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>CRMRealm</realm-name>
</login-config>
<!--
Definition of the Security Roles used in the application
-->
<security-role>
<description>A customer accessing the application</description>
<role-name>CUSTOMER</role-name>
</security-role>
<security-role>
<description>An administrator of the application</description>
<role-name>ADMINISTRATOR</role-name>
</security-role>
</web-app>
State Saving
As we touched upon in Chapter 5, JSF 2.2 introduced the concept of stateless views. You can make a view stateless by
specifying that a view should be transient as shown in Listing 5-23. This improves the performance of the application,
as it will not have to store the view state between requests. This will obviously not work for all views, as we must retain
the state for some views, but you should carefully consider if state retention is required for each of your views.
