[jboss-user] [JBoss Seam] - Preventing direct access to pages

waynebagguley do-not-reply at jboss.com
Tue Mar 20 06:08:47 EDT 2007


Is there a way of preventing a user manipulating the URL and accessing a page that should only be accessed by the result of an action on a session bean?

For example, I have two pages of data entry followed by a pdf generated by the iText component. If I am on page 1 or 2 then it is still possible for me to access page 3 (and get useless results) by manipulating the URL.

This seems like a serious flaw in Seam to me. It's possible that I am missing something obvious as I am fairly new to Seam and JSF.

Thanks.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4029688#4029688

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4029688



More information about the jboss-user mailing list