Page security requires that the application is using a pages.xml
file, however is extremely simple to configure. Simply include a <restrict/>
element within the page
elements that you wish to secure. By default, if a value is not provided for the restrict
element, an implied permission of {viewId}:render
will be checked for whenever accessing that page. Otherwise the value will be evaluated as a standard security expression. Here's a couple of examples:
<page view-id="/settings.xhtml">
<restrict/>
</page>
<page view-id="/reports.xhtml">
<restrict>#{s:hasRole('admin')}</restrict>
</page>
In the above example, the first page has an implied permission restriction of /settings.xhtml:render
, while the second one checks that the user is a member of the admin
role.