https://github.com/adminfaces/admin-starter-security
AdminFaces starter project using JavaEE 8 security API
https://github.com/adminfaces/admin-starter-security
Last synced: about 1 month ago
JSON representation
AdminFaces starter project using JavaEE 8 security API
- Host: GitHub
- URL: https://github.com/adminfaces/admin-starter-security
- Owner: adminfaces
- Created: 2018-08-14T19:31:15.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2020-05-17T13:27:02.000Z (almost 6 years ago)
- Last Synced: 2025-01-03T04:31:26.061Z (about 1 year ago)
- Language: HTML
- Size: 3.72 MB
- Stars: 7
- Watchers: 6
- Forks: 7
- Open Issues: 2
-
Metadata Files:
- Readme: README.adoc
Awesome Lists containing this project
README
= AdminFaces Starter Security
:page-layout: base
:source-language: java
:icons: font
:linkattrs:
:sectanchors:
:sectlink:
:!numbered:
:doctype: book
:toc: preamble
:tip-caption: :bulb:
:note-caption: :information_source:
:important-caption: :heavy_exclamation_mark:
:caution-caption: :fire:
:warning-caption: :warning:
A https://github.com/adminfaces[AdminFaces^] sample project using JavaEE/JakartaEE 8 security API.
== Screenshots
.Login page
image:starter1.png[link="https://github.com/adminfaces/admin-starter/blob/master/starter1.png"]
.Car list
image:starter2.png[link="https://raw.githubusercontent.com/adminfaces/admin-starter/master/starter2.png"]
.Car form
image:starter3.png[link="https://raw.githubusercontent.com/adminfaces/admin-starter/master/starter3.png"]
.Car form responsive
image:starter4.png[link="https://raw.githubusercontent.com/adminfaces/admin-starter/master/starter4.png"]
== Authentication
The application has two users configured via `Custom IdentityStore`, https://github.com/adminfaces/admin-starter-security/blob/master/src/main/java/com/github/adminfaces/starter/infra/security/CustomInMemoryIdentityStore.java[see here^].
.email/password
* admin@faces.com/admin
* user@faces.com/user
`admin@faces.com` user has role `admin`.
`user@faces.com` user has role `user`.
== Authorization
Admin user with `role admin` can access any page while `role user` can access only pages under `/pages` path (only car-list page). See https://github.com/adminfaces/admin-starter-security/blob/9c5b989dbc02186d92a82fd4fe1373407ab822a6/src/main/webapp/WEB-INF/web.xml#L12-L38[url security constraints^].
Users without access to restricted pages (car-form) will be redirected to `Access Denied` page:
.AccessDenied
image:403.png[link="https://raw.githubusercontent.com/adminfaces/admin-starter-security/master/403.png"]
Admin have permissions for all CRUD operations on top of Car entity while common user can only view/list cars.
At page level buttons (like delete) are disabled using following EL:
----
disabled="#{not externalContext.isUserInRole('ADMIN')"
----
At method level `@RolesAllowed("ADMIN")` annotation is used.
TIP: Try using uncommenting finById rolesAllowed on https://github.com/adminfaces/admin-starter-security/blob/master/src/main/java/com/github/adminfaces/starter/service/CarService.java#L181[carService here^] and use `find by ID` on car-list page with non admin user, it should redirect to Access Denied page.
== Running
It should run in any JavaEE/JakartaEE 8 application server.
It was tested with `WildFly 16.0.0` and `Glassfish/Payara 5`.
*Or* using docker:
----
docker run -it --rm -p 8080:8080 rmpestano/admin-starter-security
----
The application is available at http://localhost:8080/admin-starter