0

I'm asking if the Bean (Sessionscoped, ManagedBean) is secure enough to save a variable "isAdmin = true". The user must not have a chance to change this value!

So the main question is: does the user has access to the beans (when there are no getters/setters and components on the view)?

Niko
  • 1,044
  • 4
  • 24
  • 51

1 Answers1

0

Yes, it should be secure because it's a server side component so user have no access to it's fields except the one you make visible for him.

Petr Mensik
  • 25,808
  • 16
  • 86
  • 113