I thinking about solution like this:
sec:intercept-url
's to access only those pages which are dedicated to role, so user with one role won't be able to access pages for another roleWhat are You thinking about this solution?
masterLayout
look like:
<h:body>
<f:subview id="menuUser" rendered="#{sessionBean.user}">
<ui:include src="/WEB-INF/templates/menuBarUser.xhtml" />
</f:subview>
<f:subview id="menuAdmin" rendered="#{sessionBean.admin}">
<ui:include src="/WEB-INF/templates/menuBarAdmin.xhtml" />
</f:subview>
<ui:insert name="content" />
</h:body>
security-context.xml:
...
<sec:intercept-url pattern="/user/**" access="ROLE_USER" />
<sec:intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
...
I don't know if I catch up your question right, but sounds like you can use Spring Security Facelets Tag Library .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.