The extended versions all support user-role-awareness: they have extra attributes enabledOnUserRole and visibleOnUserRole. The values for these attributes are supposed to be comma separated lists of user roles. If the current user has a role that is in this list, the component is rendered enabled, resp. visible (a better name for the latter attribute might have been renderedOnUserRole).

User Roles

User roles are a JAAS concept. The actual check happens in the components by a call like

  if (facesContext.getExternalContext().isUserInRole(''role'')) {
    ...
  }
  else {
    ...
  }

For more information on user roles, see the JSF API documentation.

visibleOnUserRole

If the current user has one of the roles listed in the attribute visibleOnUserRole, the rendered attribute is used to decide whether or not to process the component. If the current user does not have one of the roles listed in the attribute visibleOnUserRole, the the component is not processed (as if rendered="false" on a standard component).

Since the influence of the attribute visibleOnUserRole is actually implemented via the standard rendered attribute, users should be aware that when the current user does not have one of the roles listed in the attribute visibleOnUserRole, the component is not processed in any phase. Although the name refers to visibility, the attribute does influence more than merely the rendering.

enabledOnUserRole

If the current user has one of the roles listed in the attribute enabledOnUserRole, the disabled attribute is used to decide whether or not to render the component enabled. If the current user does not have one of the roles listed in the attribute enabledOnUserRole, the the component is rendered disabled.

Note the reversal of logic from the standard disabled attribute to the extended not disabled on user role enabledOnUserRole attribute.

User-role_Awareness (last edited 2009-09-20 23:01:50 by localhost)