Web.xml: <security-constraint> [un]usable in JSF?

<security-constraint> in web.xml is a simple, effective and portable method of declaring a web application抯 security policies.

It's been noted, however, in an earlier topic (http://forum.java.sun.com/thread.jspa?threadID=747919&messageID=4279347) that it has it抯 limitations in the context of jsf.

A reasonable solution would be to consult <security-constraint> elements in one抯 own web.xml when rendering <h:commandLink>'s on a page according to the security policy.

Unfortunately, there is no standard method of reading web.xml, other than what抯 available from the ServletContext.

I found some container specific-implementations in the Cargo project from the http://cargo.codehaus.org,

but I抦 looking for a portable solution. Any thoughts?

Thanks, y抋ll!

[825 byte] By [openinaa] at [2007-11-26 13:18:54]