Sometimes it’s crucial to protect an application or data against unauthorized access. Although Alumni offers some public pages, most are restricted to members. The system will grant access to certain features for well-known users only. Luckily, the application server provides some security features, like authentication and authorization, and controls access to parts of the program with the concept of user roles.

Container-provided security isn’t specific to JSF. It’s part of the HTTP handling and can be used by a simple servlet too. Before integrating ...