Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Redirection in JSF 2.0  RSS feed

 
Janardhan Chowdary
Greenhorn
Posts: 15
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Friends,

I have used ' action="two.xhtml?faces-redirect=true" ' to redirect from one.xhtml page to another two.xhtml page upon clicking on a command button.

Now in the URL i can see the two.xhtml.

My doubt is will there be a security problem if we showed up our redirected pages to the user in the URL ?
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, the JSF redirect is more commonly used precisely because it shows the "real" URL in the user's browser.

Hiding the URL wouldn't make things more secure anyway. The only real security you can get on URLs is if the URLs are themselves secured. For example, using URL/role pairing rules in web.xml. The JSF redirect actually makes that feature work better, since without it, the URL used to access a resource might not be the secured URL.
 
Janardhan Chowdary
Greenhorn
Posts: 15
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Holloway wrote:Actually, the JSF redirect is more commonly used precisely because it shows the "real" URL in the user's browser.

Hiding the URL wouldn't make things more secure anyway. The only real security you can get on URLs is if the URLs are themselves secured. For example, using URL/role pairing rules in web.xml. The JSF redirect actually makes that feature work better, since without it, the URL used to access a resource might not be the secured URL.


Thanks Tim, Your answer makes sense.

Which way you follow for a redirection ? do you configure them faces-config.xml file or any other ?
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For a JSF redirect, I mostly use faces-config because it's legacy code.

For external redirects, I have a special JSF Utilities class that insulates the access to JSF internals and J2EE-dependent methods from the general application code.

Most commonly, however, my external "redirects" are actually external page links. I don't do that much actual URL redirection.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!