JSF versus Rich UI applications

Differences exist between generated and deployed JSF applications and Rich UI applications. You should understand these ramifications because they can affect the type of security you choose to implement.

For JSF applications, each JSF handler is associated with a Faces JSP. The JSF handler and EGL parts it references are generated into Java™. Each JSP is generated into its own file and has its own URL, which might need to be secured from unauthenticated users using JEE security. When securing URLs, you can choose to include some or all of the JSPs in your JSF application. Depending on your choices, you can keep some JSPs in your JSF application public and restrict other JSPs to authenticated users.

For Rich UI applications, EGL generates the contents of all the Rich UI handlers in an application into JavaScript™ in a single HTML file. If your Rich UI application calls EGL Web services, you must generate those services into Java because Web services run on an application server, not in a Web browser. The HTML file that EGL generates for a Rich UI application is associated with a single URL that can be secured with JEE security. If you choose to secure a URL with JEE security, users will be prompted to authenticate before they can access any part of your Rich UI application. If you want to make some of the areas of your Rich UI application public, you cannot use JEE authentication. Instead, use custom security to prompt users to log in before they can access the restricted parts of your application.

Another major difference between JSF and Rich UI applications is that the EGL Rich UI Proxy, which Rich UI applications use to call Web services, is not needed by JSF applications because JSF handlers are generated into Java instead of JavaScript.


Feedback