Restricting users from accessing pages by directly changing the URL in JSF

Question

I have two kinds of users in my application - clients and sellers. I am using a PhaseListener in JSF to prevent users from accessing pages without logging in, but a

Answer 1

You could use a file or something where you map every page with a userrole.(some pages might be accessible by more then 1 userrole example:

client,seller
client
seller

And you define some sort of LoginController class where you check currentuserrole and requested page (url) against that list. And if not granted then redirect to custom error page or login page or whatever.

You add this logincontroller class a phaselistener to your facesconfig.