This tutorial will walk you through the process of using Spring Security for authentication of an ICEfaces/JSF web application. Additionally, Spring Security and ICEfaces components will be used to authorize access to different pages and functions in the application.
The application uses Spring Security 2.0 and ICEfaces. It is an adaptation/port of Seema Richard's code using Acegi and JSF. Initially, the application will present a login page to the user. If the user attempts to log in with the correct user name and password, the user will be redirected to a page where a purchase can be made. Spring Security will ensure the user ID has been authenticated and that the user's presence on the purchase page is authorized. The user can visit the purchase page if they have the role ROLE_URLACCESS. Making a purchase is a secure function, so the user will only have the "buy" button enabled if they have the role ROLE_ALLACCESS. This is accomplished using the ICEfaces' enabledOnUserRole attribute.