[seam-dev] Securing JSF Views? This is a pretty common question on the forums.

Dan Allen dan.j.allen at gmail.com
Wed May 25 12:06:58 EDT 2011


This happened to be one of the items on my todo list, so here goes.

Brian, I saw in Jose's example that he used *.xhtml as the Faces Servlet
mapping. I had never thought of that before. I guess I assumed that the
Servlet mapping had to be different than the template suffix. So it turns
out this is an elegant solution to preventing direct access to *.xhtml files
without going through the Faces Servlet. Could you add this recommendation
to the Seam Faces documentation. That is, unless someone sees something
flawed about this approach.

-Dan

On Wed, May 25, 2011 at 10:52, Lincoln Baxter, III
<lincolnbaxter at gmail.com>wrote:

> http://ocpsoft.com/support/topic/limit-access-to-jsf-files
>
> I know "the answer", but what is "our answer"?
>
> Shane or Brian, would either of you like to respond to this? Does Seam
> Faces do this already with the ViewConfig? I wasn't sure if we actually
> blocked direct access to the /faces/ mapped URLs or not. I don't think so,
> right? We should probably look in to that.
>
> --
> Lincoln Baxter, III
> http://ocpsoft.com
> http://scrumshark.com
> "Keep it Simple"
>
> _______________________________________________
> seam-dev mailing list
> seam-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/seam-dev
>
>


-- 
Dan Allen
Principal Software Engineer, Red Hat | Author of Seam in Action
Registered Linux User #231597

http://www.google.com/profiles/dan.j.allen#about
http://mojavelinux.com
http://mojavelinux.com/seaminaction
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/seam-dev/attachments/20110525/6244f666/attachment.html 


More information about the seam-dev mailing list