I'm having a problem with a web application I'm creating here, I'm using
spring security to control access, session and login, with
java backend with
restful and frontend with
primefaces . I would like to know if you can hide the options that the user does not have permission to access.
Currently I intercept the url and if I don't have permission I call another screen that warns of this impediment asking it to return to the home. I wish those options didn't appear to him.
You can use Spring's namespace security facelet tags to conditionally render JSF components (including Primefaces) as per the authorization of the current user.
The namespace is http://www.springframework.org/security/tags . Let's say it's mapped to sec , an example code would be this:
<sec:authorize ifAllGranted="USUARIO_BACANA"> declare aqui os componentes para o usuário bacana. </sec:authorize>