In response to @wasimbhalli, there are two reasons I have found that the expression would always return false:
The role name is case sensitive.
rendered="#{facesContext.externalContext.isUserInRole('ADMIN')}"
may return false
, but try
rendered="#{facesContext.externalContext.isUserInRole('admin')}"
, or rendered="#{facesContext.externalContext.isUserInRole('Admin')}".
You have to define your roles in both web.xml
(or as annotations) and map it in glassfish-web.xml
.
The following is how to specify a role in web.ml
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<security-role>
<role-name>admin</role-name>
</security-role>
</web-app>
The following is how to map the authentication group to the role in glassfish-web.xml
.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app>
<security-role-mapping>
<role-name>admin</role-name> <!-- name defined in web.xml or annotations -->
<group-name>admin</group-name><!-- name from authentication mechanism -->
</security-role-mapping>
</glassfish-web-app>
In my testing it was necessary to do the mapping even when the names were the same, as I show in my example code. Also in my testing, I tried to only define the mapping and only to define the role in web.xml
, and neither worked. I needed both, as specifying the role name in the correct case.
[jsf-2.0]
tag to indicate that :) – BalusC