Jun 10th, 2008, 08:54 AM
Access flow implicit variable currentUser in non-web flow related JSF XHTML pages
According to the spring web flow documentation, the currentUser is flow implicit variable that stores the authenticated principal. However, this is only available in the pages managed by web flow.
I have a use case where the user can navigate to the home page from the link placed on the tool bar layout which is not part of any flow. However, this layout XHTML page is available in all the pages including the pages that are part of web flow as a template. The tool bar also shows the user who is authenticated by the spring security. But when I click on the home link from any of the existing flow related pages, the current user is not available in the tool bar available in the home page since it is not part of web flow.
I could not find any tag that I could use to get the authenticated principal to control the display of some items in XHTML (JSF facelets) that are not part of web flow using Spring Security.
Could some one shed some light into this issue?
Jun 10th, 2008, 09:30 AM
I think this is more of a Spring Security question, but there's a tag library you can use in XHTML that will allow you to wrap security around parts of the page based on the roles a user is granted (don't recall off the top what it is, but there is one). Otherwise, you can configure the page itself in the URL filter settings in the security configuration.
Jun 11th, 2008, 03:35 AM