jQuery in Action, 2nd edition*
The moose likes JSF and the fly likes JSF 2.0 using Post-Redirect-Post facing Security Threat (Vulnerability - Post Accpted as GET) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "JSF 2.0 using Post-Redirect-Post facing Security Threat (Vulnerability - Post Accpted as GET)" Watch "JSF 2.0 using Post-Redirect-Post facing Security Threat (Vulnerability - Post Accpted as GET)" New topic
Author

JSF 2.0 using Post-Redirect-Post facing Security Threat (Vulnerability - Post Accpted as GET)

ganesh seluka
Greenhorn

Joined: May 01, 2008
Posts: 7
I'm new to JSF 2.0 and am using faces-redirect=true for Page redirecting same to return from a Pop up screen. but in security findings i caught.. in which the post method using faces redirect it show all param's while passing / return from Pop up and same thing happen in page navigation as well

userProfile.XHTML?faces-redirect = true

Please suugest, how to resolve this Security findings ?
 
 
subject: JSF 2.0 using Post-Redirect-Post facing Security Threat (Vulnerability - Post Accpted as GET)
 
Similar Threads
Spring security intercept-url question
Is needed faces-config?
Confusing with JSF redirect
Using redirect from backing bean and getting IllegalStateException error
Implicit navigation redirect causing new session