PrimeFaces EL Extensions for UI Authorization

In the past I’ve worked on UI authorization for JSF, starting with porting SpringSecurity JSP tags to JSF and then MyFaces Security Context. Recently I’ve also added an improved version of these EL extensions to PrimeFaces. Here are some examples;

  • #{p:ifGranted(‘ROLE_ADMIN’)}
  • #{p:ifAllGranted(‘ROLE_EDITOR, ROLE_APPROVER’)}
  • #{p:ifAnyGranted(‘ROLE_USER, ROLE_ADMIN’)}
  • #{p:ifNotGranted(‘ROLE_GUEST’)}
  • #{p:remoteUser()}
  • #{p:userPrincipal()}

Usage is simple as;

<h:commandButton value="Delete" rendered="#{p:ifGranted('ROLE_ADMIN')}" />
<p:commandButton value="View" disabled="#{p:ifNotGranted('ROLE_USER, ROLE_ADMIN')}" />

With these extensions, there is no need to bloat components with attributes like visibleUserInRole and disabledUserInRole, as security is a cross-cutting concern and UI components should not be aware of it.

A future improvement might be to make it more pluggable as it currently delegates calls to FacesContext.ExternalContext API which is enough for most cases.


One Response to PrimeFaces EL Extensions for UI Authorization

  1. gpapp says:

    That’s great! I hacked together something based on your implementation, but would really welcome to see it as a primefaces extension.

    Is it available somewhere? (a maven repo maybe?)

%d bloggers like this: