Skip to content

adminfaces/admin-starter-security

BranchesTags

Repository files navigation

AdminFaces Starter Security

A AdminFaces sample project using JavaEE/JakartaEE 8 security API.

Table of Contents

Screenshots

Login page

starter1

Car list

starter2

Car form

starter3

Car form responsive

starter4

Authentication

The application has two users configured via Custom IdentityStore, see here.

email/password

admin@faces.com user has role admin.

user@faces.com user has role user.

Authorization

Admin user with role admin can access any page while role user can access only pages under /pages path (only car-list page). See url security constraints.

Users without access to restricted pages (car-form) will be redirected to Access Denied page:

AccessDenied

403

Admin have permissions for all CRUD operations on top of Car entity while common user can only view/list cars.

At page level buttons (like delete) are disabled using following EL:

disabled="#{not externalContext.isUserInRole('ADMIN')"

At method level @RolesAllowed("ADMIN") annotation is used.

💡
 Try using uncommenting finById rolesAllowed on carService here and use find by ID on car-list page with non admin user, it should redirect to Access Denied page.

Running

It should run in any JavaEE/JakartaEE 8 application server.

It was tested with WildFly 16.0.0 and Glassfish/Payara 5.

Or using docker:

docker run -it --rm -p 8080:8080 rmpestano/admin-starter-security

The application is available at http://localhost:8080/admin-starter

About

AdminFaces starter project using JavaEE 8 security API

Resources

Readme
Activity
Custom properties

Stars

7 stars

Watchers

5 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages