This happened to be one of the items on my todo list, so here goes.

Brian, I saw in Jose's example that he used *.xhtml as the Faces Servlet mapping. I had never thought of that before. I guess I assumed that the Servlet mapping had to be different than the template suffix. So it turns out this is an elegant solution to preventing direct access to *.xhtml files without going through the Faces Servlet. Could you add this recommendation to the Seam Faces documentation. That is, unless someone sees something flawed about this approach.

-Dan

On Wed, May 25, 2011 at 10:52, Lincoln Baxter, III <lincolnbaxter@gmail.com> wrote:
http://ocpsoft.com/support/topic/limit-access-to-jsf-files

I know "the answer", but what is "our answer"?

Shane or Brian, would either of you like to respond to this? Does Seam Faces do this already with the ViewConfig? I wasn't sure if we actually blocked direct access to the /faces/ mapped URLs or not. I don't think so, right? We should probably look in to that.

--
Lincoln Baxter, III
http://ocpsoft.com
http://scrumshark.com
"Keep it Simple"

_______________________________________________
seam-dev mailing list
seam-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/seam-dev




--
Dan Allen
Principal Software Engineer, Red Hat | Author of Seam in Action
Registered Linux User #231597

http://www.google.com/profiles/dan.j.allen#about
http://mojavelinux.com
http://mojavelinux.com/seaminaction