Lincoln Baxter

Greenhorn
+ Follow
since Aug 25, 2008
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
1
Received in last 30 days
0
Total given
1
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Lincoln Baxter

Tim,

I couldn't agree more. Definitely take a look at an existing security package before you try to create your own authentication/authorization system. You will likely miss something and create a vulnerable application.

--Lincoln
13 years ago
JSF
To answer your question about security -- PrettyFaces is no more or less secure than using any other bookmarking/URL-rewriting/URL-parameterization strategy (of which there are few.)

Any time you accept input from the URL, you are taking a risk because that data comes directly from the user. PrettyFaces does in fact offer a validation feature that allows for convenient validation of URLs using existing/built-in JSF validators; thus, your security improves if you decide to use these features:

It is highly recommended that you use both of these features, so keep in mind that if you decide not to use PrettyFaces, you should still do something like this yourself; again, any data that you accept from the URL is going to be at risk to user attacks - this is not unique to URL-rewriting tools, but you should know that this particular tool makes it easy to resolve these vulnerabilities:

Methods of securing a URL using PrettyFaces:
-- Parameter validation using JSF validators.
-- Parameter restriction using regular expressions.

If either of these validation methods detects invalid data, the default is to abort processing and show the 404 page, just as if you'd entered an invalid URL. If you wish to customize the outcome target when invalid data is detected, you can always do that as well.

Let me know if you have additional questions.
--Lincoln

(Hi Tim & Tanya, glad PrettyFaces is still working out well for you Let me know if there is anything I can do to help!)
13 years ago
JSF
You need to use the proper naming access format:

#{myBeanClass.rememberMe}

public boolean getRememberMe()
{
return this.isCheckBox();
}
14 years ago
JSF
Try:

public boolean getCheckBox() {
return checkBox;
}
14 years ago
JSF
You may be able to construct a FacesContext manually if you require it... Or you should consider using a 3rd party Bean scope management system like Weld(CDI) that will provide access to beans at all phases of the Servlet lifecycle (and simplify your faces configuration):

1. http://ocpsoft.com/java/jsf-java/jsf-20-extension-development-accessing-facescontext-in-a-filter/
2. http://seamframework.org/Weld
14 years ago
JSF
If you want this functionality, while I don't recommend using it for your entire applications since (as mentioned previously) it will not improve security, you can use PrettyFaces dynamic View ID functionality to funnel all requests through the same URL:

http://ocpsoft.com/prettyfaces/docs/#dynamicviewid

(Click the link in my signature if you want more general information on what PrettyFaces does.)
14 years ago
JSF
Not to state the obvious, but, well... that tutorial requires an IDE ;) very thorough guide for JSF1.2, though!
14 years ago
JSF
It sounds like you're looking for a very technical explanation of how JSF works, and if that's the case, the best place to read is the JSF Specification itself.

You can find it here in PDF format, here
14 years ago
JSF
I would create a @ManagedBean with @ApplicationScope (or a @Named entity if using CDI/JSR-299) and put your logic in a method annotated with @PostConstruct

This will cause the @PostConstruct annotated method to be invoked immediately after the bean is constructed on JSF application start-up.
14 years ago
JSF
I also recommend the new <h:link> and <h:button> components to take advantage of JSF2's new simplified navigation system.
14 years ago
JSF
For more information on passing request-parameters between pages, I recommend two things:

1. http://java.dzone.com/articles/bookmarkability-jsf-2?page=0,1 for JSF2's new view parameters/bookmarks.

This will give a step-by-step tutorial on how to do View Parameters and Bookmarks with JSF2. Start here.

2. As an additional step, for pretty/clean URLs, try PrettyFaces: http://ocpsoft.com/prettyfaces/
3. I second Jason's link: http://www.javaserverfaces.org is a good place to start.
14 years ago
JSF
Well said, Dan!

Another benefit of the <h:link> and <h:button> tags is that they enforce the POST, Redirect, GET pattern, which provides a much more consistent, user-friendly experience that is safer from potential issues with duplicate form submissions the "back" button.
14 years ago
JSF
if you want to use CDI on tomcat, take a look at JBoss Weld
14 years ago
JSF