<a href="https://jira.jboss.org/browse/SEAMFACES-26">https://jira.jboss.org/browse/SEAMFACES-26</a><br><br><div class="gmail_quote">On Wed, Jun 9, 2010 at 11:11 AM, Lincoln Baxter, III <span dir="ltr"><<a href="mailto:lincolnbaxter@gmail.com">lincolnbaxter@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Next question - what is our Crypto library of choice?<div><div></div><div class="h5"><br><br>
<div class="gmail_quote">On Wed, Jun 9, 2010 at 11:09 AM, Dan Allen <span dir="ltr"><<a href="mailto:dan.j.allen@gmail.com" target="_blank">dan.j.allen@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div class="gmail_quote"><div>On Wed, Jun 9, 2010 at 11:06 AM, Lincoln Baxter, III <span dir="ltr"><<a href="mailto:lincolnbaxter@gmail.com" target="_blank">lincolnbaxter@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Yeah - Just saw that this morning. I'd like to see a way to implement this for ALL pages, not requiring a custom tag. I believe this could be done easily using the PreRenderViewEvent to add a hidden form field to store the token in all outbound forms, then use a phase-listener after Restore_View, comparing the request parameter to the restored component value. Very similar to the <s:token> component, but as a global solution that could be enabled/disabled via XML config.<br>
</blockquote><div><br></div></div><div>Global solution is good. In fact, it's even more secure since it solves the "doh, I forgot to add the tag" security hole ;)</div><div><br></div><font color="#888888"><div>
-Dan</div><div> </div></font></div><div><div></div><div>
-- <br>Dan Allen<br>Senior Software Engineer, Red Hat | Author of Seam in Action<br>Registered Linux User #231597<br><br><a href="http://mojavelinux.com" target="_blank">http://mojavelinux.com</a><br><a href="http://mojavelinux.com/seaminaction" target="_blank">http://mojavelinux.com/seaminaction</a><br>
<a href="http://www.google.com/profiles/dan.j.allen" target="_blank">http://www.google.com/profiles/dan.j.allen</a><br>
</div></div></blockquote></div><br><br clear="all"><br></div></div><div><div></div><div class="h5">-- <br>Lincoln Baxter, III<br><a href="http://ocpsoft.com" target="_blank">http://ocpsoft.com</a><br><a href="http://scrumshark.com" target="_blank">http://scrumshark.com</a><br>
"Keep it Simple"<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Lincoln Baxter, III<br><a href="http://ocpsoft.com">http://ocpsoft.com</a><br><a href="http://scrumshark.com">http://scrumshark.com</a><br>"Keep it Simple"<br>