Java Reference
In-Depth Information
PasswordValidationCallback pwdValidCallback =
new PasswordValidationCallback(cSubject,
username, password.toCharArray());
Apart from using the container validation mechanism, you can access your database
and make this validation yourself.
Security configuration
To configure the security of an application, you will need to do the following:
1. Determinethedifferentrolesoftheapplicationanddeclarethemin
web.xml
.
In our application, we only need an administrator role to perform batch pro-
cessing and some administrative tasks. The following code demonstrates
how to create a role named
admin
for this purpose:
<security-role>
<role-name>admin</role-name>
</security-role>
2. Map URL patterns to appropriate roles in the
web.xml
file. This will define
the forms that each role can access. Before performing this configuration,
you must group the forms depending on the access constraints you want to
define. In the case of our application, we have grouped the forms into two
folders: a folder for preregistration forms in the registration folder and anoth-
er folder for administration forms in the administration folder. Thus, to ensure
that only users of the admin role will have access to the administration forms,
we will associate the URL pattern
/faces/administration/*
to the
ad-
min
role.Thefollowingcodedemonstrateshowtodefineaconstraintthatas-
sociates the URL pattern
/faces/administration/*
to the
admin
role
(the word
faces
of the previous pattern represents the pattern defined in the
<servlet-mapping>
element of the
web.xml
file).
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
