AdminFaces Starter Security
A AdminFaces sample project using JavaEE 8 security API.
Admin user with
role admin can access any page while
role user can access only pages under
/pages path (only car-list page). See url security constraints.
Users without access to restricted pages (car-form) will be redirected to
Access Denied page:
Admin have permissions for all CRUD operations on top of Car entity while common user can only view/list cars.
At page level buttons (like delete) are disabled using following EL:
At method level
@RolesAllowed("ADMIN") annotation is used.
Try using uncommenting finById rolesAllowed on carService here and use
It should run in any JavaEE 8 application server.
It was tested with
WildFly 13.0.0 using ee8-preview mode and
Or using docker:
docker run -it -p 8080:8080 rmpestano/admin-starter-security
The application is available at http://localhost:8080/admin-starter