Reputation: 265
Serving jsf page/resources from WEB-INF
I understand that one of the ways to serve jsf page/resource from any location is via RequestDispatcher#forward()
for example response to http://domain/contextpath/someotherlink.xhtml can be mapped
/WEB-INF/serving.xhtml
resource location with request.getRequestDispatcher("/WEB-INF/serving.xhtml").forward(request, response)
but the location of the mapped page get displayed in the action component like <h:form>
i.e <form method="post" action="/contextpath/WEB_INF/serving.xhtml" >
even with OCPsoft Rewrite URLRewriteFilter.
@Alex Tsurika did a offer a sample but JSF Expert @Balusc commented on the security hole of this approach even though he proposed same dispatch approach
Question:
how can this security hole be mitigated, as raised by @Balusc (UPDATE: I guess none as @Balusc cleared it in the comment)
how can
<form method="post" action="/contextpath/someotherlink.xhtml" >be displayed instead of<form method="post" action="/contextpath/WEB_INF/serving.xhtml" >
so as to solve the question ask by @Paul H
Is it possible to submit a form that has been rendered from a JSF page location in WEB-INF?
Thanks.
Upvotes: 0
Views: 151
Answers (0)
Related Questions
- WebFilter urlPattern not working
- redirecting from a servlet filter to jsf returns the actual jsf code not rendered to html
- Web Filter in JSF
- WebFilter and RewriteConfiguration conflict
- Filter pattern for only JSF pages and not static resources when using Tuckey URL rewriting
- JSF -- Filter for javax.faces.resource text replacements
- Jsf Template Showing Incorrect Url
- WebFilter urlPatterns ignored
- JSF ServletFilter Restriction on index page when logged in
- JSF and Filter redirection generate blank page