Skip to content
AdminFaces starter project using JavaEE 8 security API
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src/main
.gitignore
403.png
Dockerfile
README.adoc
nb-configuration.xml
pom.xml
starter1.png
starter2.png
starter3.png
starter4.png

README.adoc

AdminFaces Starter Security

A AdminFaces sample project using JavaEE 8 security API.

Login page

starter1

Car list

starter2

Car form

starter3

Car form responsive

starter4

Authentication

The application has two users configured via Custom IdentityStore, see here.

email/password

admin@faces.com user has role admin.

user@faces.com user has role user.

Authorization

Admin user with role admin can access any page while role user can access only pages under /pages path (only car-list page). See url security constraints.

Users without access to restricted pages (car-form) will be redirected to Access Denied page:

AccessDenied

403

Admin have permissions for all CRUD operations on top of Car entity while common user can only view/list cars.

At page level buttons (like delete) are disabled using following EL:

disabled="#{not externalContext.isUserInRole('ADMIN')"

At method level @RolesAllowed("ADMIN") annotation is used.

Tip
Try using uncommenting finById rolesAllowed on carService here and use find by ID on car-list page with non admin user, it should redirect to Access Denied page.

Running

It should run in any JavaEE 8 application server.

It was tested with WildFly 13.0.0 using ee8-preview mode and Glassfish/Payara 5.

Or using docker:

docker run -it -p 8080:8080 rmpestano/admin-starter-security

The application is available at http://localhost:8080/admin-starter

You can’t perform that action at this time.