This content has been marked as final.
Show 3 replies
-
1. Re: How to Secure pages with request parameters?
baobaotuo Sep 11, 2008 7:45 AM (in response to baobaotuo)I thought about filter, but face the same problem.
The problem
rerender first after submit
really force me crazy.Help!!!!!!!!!
-
2. Re: How to Secure pages with request parameters?
baobaotuo Sep 11, 2008 8:15 AM (in response to baobaotuo)I just write a filter to trace the request state;
When entering the "member/home.xhtml" page.
I got
httpRequest.getRequestURI() /jeehe/member/home.seam
httpRequest.getRequestURL() http://localhost:8080/jeehe/member/home.seam
httpRequest.getContextPath() /jeehe
httpRequest.getLocalAddr() 0.0.0.0
httpRequest.getLocalName() 0.0.0.0
httpRequest.getLocalPort() 8080
httpRequest.getMethod() GET
httpRequest.getPathInfo() null
httpRequest.getPathTranslated() null
httpRequest.getProtocol() HTTP/1.1
httpRequest.getQueryString() memberId=1&cid=1
httpRequest.getRemoteAddr() 0:0:0:0:0:0:0:1
httpRequest.getRemoteHost() 0:0:0:0:0:0:0:1
httpRequest.getRemotePort() 2048
httpRequest.getRemoteUser() null
httpRequest.getRequestedSessionId() 0B37071E4808F260069E4ABAE1A9CC46
httpRequest.getScheme() http
httpRequest.getServerName() localhost
httpRequest.getServerPort() 8080
httpRequest.getServletPath() /member/home.seam
Than I submit the form
I got
httpRequest.getRequestURI() /jeehe/member/home.seam
httpRequest.getRequestURL() http://localhost:8080/jeehe/member/home.seam
httpRequest.getContextPath() /jeehe
httpRequest.getLocalAddr() 0.0.0.0
httpRequest.getLocalName() 0.0.0.0
httpRequest.getLocalPort() 8080
httpRequest.getMethod() POST
httpRequest.getPathInfo() null
httpRequest.getPathTranslated() null
httpRequest.getProtocol() HTTP/1.1
httpRequest.getQueryString() null
httpRequest.getRemoteAddr() 0:0:0:0:0:0:0:1
httpRequest.getRemoteHost() 0:0:0:0:0:0:0:1
httpRequest.getRemotePort() 2048
httpRequest.getRemoteUser() null
httpRequest.getRequestedSessionId() 0B37071E4808F260069E4ABAE1A9CC46
httpRequest.getScheme() http
httpRequest.getServerName() localhost
httpRequest.getServerPort() 8080
httpRequest.getServletPath() /member/home.seam
httpRequest.getRequestURI() /jeehe/search/index.seam
httpRequest.getRequestURL() http://localhost:8080/jeehe/search/index.seam
httpRequest.getContextPath() /jeehe
httpRequest.getLocalAddr() 0.0.0.0
httpRequest.getLocalName() 0.0.0.0
httpRequest.getLocalPort() 8080
httpRequest.getMethod() GET
httpRequest.getPathInfo() null
httpRequest.getPathTranslated() null
httpRequest.getProtocol() HTTP/1.1
httpRequest.getQueryString() searchQuery=%E6%B5%8B%E8%AF%95&searchType=all&cid=5
httpRequest.getRemoteAddr() 0:0:0:0:0:0:0:1
httpRequest.getRemoteHost() 0:0:0:0:0:0:0:1
httpRequest.getRemotePort() 2048
httpRequest.getRemoteUser() null
httpRequest.getRequestedSessionId() 0B37071E4808F260069E4ABAE1A9CC46
httpRequest.getScheme() http
httpRequest.getServerName() localhost
httpRequest.getServerPort() 8080
httpRequest.getServletPath() /search/index.seam
obviously.
It rerender the /member/home.xhtml,and lost the parameter.(httpRequest.getQueryString() null) -
3. Re: How to Secure pages with request parameters?
baobaotuo Sep 11, 2008 10:44 AM (in response to baobaotuo)I figure out that the below code is the cause for this question.
package org.jboss.seam.navigation;
public final class Page
/**
* Check the restore permission.
*/
public void postRestore(FacesContext facesContext)
{
checkPermission(facesContext, "restore");
}
Once I delete the
checkPermission(facesContext, "restore");
No secure exceptiuon is throwen.
I think this is just a simple bu not safe approach for this problem.
Can seam team tell me:
once I delete the line above ,is there any fatal bug coming?