HTML and CSS Reference
JSF2 Security and Performance
In this chapter, you will learn how to secure your JSF application using the security features provided by Java EE
containers. You know how to apply container-managed authentication, authorization, and data protection in
the weather application that was introduced in Chapter 10. In this chapter, you will also learn how to tune the
performance of your JSF application in order to make your JSF pages more responsive.
JSF Application Security
Web application security can be divided into three main aspects which we will elaborate on in detail in this section:
• Authentication is the act of confirming to the system that the user identity is true.
• Authorization defines which parts of the system the user is allowed to access after performing
• Data Protection is about ensuring that the data between the user and the system cannot be
modified or fabricated by unauthorized parties.
In Java EE, you can rely on the security features provided by Java EE containers in order to implement security
requirements in your Java EE application (if your Java EE application depends on the security features provided by
the Java EE container; this means that your Java EE application is using “container-managed security”). Instead of
managing the security on the container level, you can also manage the security on the application level (this approach
is called application managed security). Application managed security does not mean implementing all of the
application security features from scratch; application managed security usually utilizes the security features provided
by the Java EE container in order to implement custom security features in the application which are required by the
■ If there is no reason for implementing custom security solution from the customer requirements, then
container-managed security is highly recommended for Java EE application(s).
Java EE container-managed security provides container-managed authentication, authorization, and data
protection. In the next subsections, we will illustrate these terms in detail.