0

I'm asking if the Bean (Sessionscoped, ManagedBean) is secure enough to save a variable "isAdmin = true". The user must not have a chance to change this value!

So the main question is: does the user has access to the beans (when there are no getters/setters and components on the view)?

Niko
  • 1,054
  • 5
  • 25
  • 52

1 Answers1

0

Yes, it should be secure because it's a server side component so user have no access to it's fields except the one you make visible for him.

Petr Mensik
  • 26,874
  • 17
  • 90
  • 115