Prevent the user from making a GET request to the page

Question

Prevent the user from making a GET request to the page

I apologize if my question makes no sense. So, here is what I have: 2 pages, A.jsfand B.jsf. When I press the button in A.jsf, the code sets the value objectand redirects to B.jsf. The contain B.jsfwill depend on which object I set to A.jsf(which depends on which button I click). Therefore, I do not want the user to enter this in a web browser.

http: // myhost: myport / myproject / B.jsf

and go directly to B.jsf. So no GET request on B.jsf, only POST. And if I see a GET request on B.jsf, I am redirected to A.jsf. I feel the solution is inside web.xml.
By the way, I am using Netbean 6.8 and java EE 6

EDIT Here is the solution. Thanks BalusC
MyFilter.java

package org.xdrawings.filter;

public class MyFilter implements Filter{

    private FilterConfig filterConfig = null;

    public void destroy(){}

    public void init(FilterConfig filterConfig){
        this.filterConfig = filterConfig;
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException{
        HttpServletRequest req = (HttpServletRequest)request;
        HttpServletResponse res = (HttpServletResponse) response;
        if("GET".equals(req.getMethod()) && "/B.jsf".equals(req.getServletPath())){
            res.sendRedirect("A.jsf");
        }else {
            chain.doFilter(request, response);
        }
    }
}

then in my web.xml

<filter>
    <filter-name>My Filter</filter-name>
    <filter-class>org.xdrawings.filter.MyFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>My Filter</filter-name>
    <url-pattern>*.jsf</url-pattern>
</filter-mapping>

All credits go to BalusC

+3

java web-applications jsf web.xml

Thang pham Aug 18 '10 at 23:50

source share

2 answers

- , B.jsf , A.jsf, , ?

+1

Borealid 19 . '10 0:04

BalusC · Accepted Answer · 2010-08-19T00:39:24+0000

Yes, you guessed it, this can be controlled from web.xml. You need to declare security-constrainton url-patternfrom /b.jsfusing http-methodof GETalong with empty auth-constraint.

<security-constraint>
    <display-name>Prevent GET requests on the b.jsf file</display-name>
    <web-resource-collection>
        <web-resource-name>The b.jsf file</web-resource-name>
        <url-pattern>/b.jsf</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint />
</security-constraint>

HTTP 403 error. ( ) a.jsf ( , 403 , ). , :

scope bean, b.jsf, ResponseStateManager#isPostback(), ExternalContext#redirect().

FacesContext context = FacesContext.getCurrentInstance();
if (!context.getRenderKit().getResponseStateManager().isPostback(context)) {
    context.getExternalContext().redirect("a.jsf");
}

JSF 2.0, FacesContext#isPostback(), .

, Filter, . HTTP HttpServletRequest#getServletPath() getMethod(), HttpServletResponse#sendRedirect().

HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
if ("GET".equals(req.getMethod()) && "/b.jsf".equals(req.getServletPath())) {
   res.sendRedirect("a.jsf");
} else {
   chain.doFilter(request, response);
}

, init-param Filter web.xml.

Prevent the user from making a GET request to the page

More articles: