Thanks jkva!!!
My approach is use a NavigationHandler like a second tier for security. This means is only for change the navigation rules for one or other user. Like one Manager need a third way for validate the process, and other Manager not need.
But with you sugestion I use a PhaseListener for make the second security tier. I will think about this.
But the first security tier is the http basic/form authetication, but not work yet. However, I use the session object for preserve the autorization object, make with jsf form, and test identy on Managed Bean.
And in managed Bean I make too a Authorization process.
Thanks a Lot.
[Message sent by forum member 'carlosdelfino' (carlosdelfino)]
http://forums.java.net/jive/thread.jspa?messageID=292939