Is there a way of preventing a user manipulating the URL and accessing a page that should only be accessed by the result of an action on a session bean?
For example, I have two pages of data entry followed by a pdf generated by the iText component. If I am on page 1 or 2 then it is still possible for me to access page 3 (and get useless results) by manipulating the URL.
This seems like a serious flaw in Seam to me. It's possible that I am missing something obvious as I am fairly new to Seam and JSF.