PasswordValidationCallback pwdValidCallback =
Apart from using the container validation mechanism, you can access your database
and make this validation yourself.
To configure the security of an application, you will need to do the following:
1. Determinethedifferentrolesoftheapplicationanddeclarethemin web.xml .
In our application, we only need an administrator role to perform batch pro-
cessing and some administrative tasks. The following code demonstrates
how to create a role named admin for this purpose:
2. Map URL patterns to appropriate roles in the web.xml file. This will define
the forms that each role can access. Before performing this configuration,
you must group the forms depending on the access constraints you want to
define. In the case of our application, we have grouped the forms into two
folders: a folder for preregistration forms in the registration folder and anoth-
er folder for administration forms in the administration folder. Thus, to ensure
that only users of the admin role will have access to the administration forms,
we will associate the URL pattern /faces/administration/* to the ad-
sociates the URL pattern /faces/administration/* to the admin role
(the word faces of the previous pattern represents the pattern defined in the
<servlet-mapping> element of the web.xml file).