Securing JSF Views? This is a pretty common question on the forums.
- First Post
- Replies
- Stats
-
Go to
- ----- 2025 -----
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
http://ocpsoft.com/support/topic/limit-access-to-jsf-files
I know "the answer", but what is "our answer"?
Shane or Brian, would either of you like to respond to this? Does Seam Faces
do this already with the ViewConfig? I wasn't sure if we actually blocked
direct access to the /faces/ mapped URLs or not. I don't think so, right? We
should probably look in to that.
--
Lincoln Baxter, III
http://ocpsoft.com
http://scrumshark.com
"Keep it Simple"
Attachments:
- attachment.html (text/html — 679 bytes)
This happened to be one of the items on my todo list, so here goes.
Brian, I saw in Jose's example that he used *.xhtml as the Faces Servlet
mapping. I had never thought of that before. I guess I assumed that the
Servlet mapping had to be different than the template suffix. So it turns
out this is an elegant solution to preventing direct access to *.xhtml files
without going through the Faces Servlet. Could you add this recommendation
to the Seam Faces documentation. That is, unless someone sees something
flawed about this approach.
-Dan
On Wed, May 25, 2011 at 10:52, Lincoln Baxter, III
<lincolnbaxter(a)gmail.com>wrote:
http://ocpsoft.com/support/topic/limit-access-to-jsf-files
I know "the answer", but what is "our answer"?
Shane or Brian, would either of you like to respond to this? Does Seam
Faces do this already with the ViewConfig? I wasn't sure if we actually
blocked direct access to the /faces/ mapped URLs or not. I don't think so,
right? We should probably look in to that.
--
Lincoln Baxter, III
http://ocpsoft.com
http://scrumshark.com
"Keep it Simple"
_______________________________________________
seam-dev mailing list
seam-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/seam-dev
--
Dan Allen
Principal Software Engineer, Red Hat | Author of Seam in Action
Registered Linux User #231597
http://www.google.com/profiles/dan.j.allen#about
http://mojavelinux.com
http://mojavelinux.com/seaminaction
5017
days inactive
5017
days old
1 comments
2 participants
tags (0)
participants (2)
-
Dan Allen -
Lincoln Baxter, III