I'm making my term paper and I have some doubts in my way.
Now my main question is: how to always shoe the same URL to users using JSF 2.0 (Apache Tomcat 7, JSF 2.0, Java 6)?
I have dozens of pages, one of login, others with the features of my website, but I want that just one URL be showed to users. What I want is:
If user go to login page, the url will be:
mypage.com/
If user login with succesfull, the url will be:
mypage.com/
If user do any thing inside system, the url will be:
mypage.com/
Note that I always want "render" (this is the right meaning?) a different page, but show the same URL to user.
How I can do that? Page Forward?
Doesn't necessarily mean it's a bad thing to maintain your url static.
If you use page forward, you're currently in other url, even browser's address bar doesn't reflect that. With page redirect (POST-REDIRECT-GET pattern) you get the new url on it, however it requires one step more from http protocol point of view, so it's a bit slower. Both of them allow you going to an specific view with its url (bookmarkable app) and also are considered into JSF navigation case based system.
What actually could be considered a pitfall, but could be used depending on the case, is to have your application's main frame (could be the main template from JSF's point of view) in an url and just rerender some of its content via ajax. That doesn't allow you to have bookmarkable pages, however it could be even faster than performing a page forward if you're interested in maintaining many parts of your view with the same content.
Related
I need to redirect (after do something) to an URL from doView().
How is it possible?
Many thanks in advance,
From your tags I'm assuming you're writing a portlet, possibly including an actionhandler. Now as soon as you're coming to the render phase, you intend to redirect to a completely different URL (e.g. to redirect your browser to show something outside of the portal) - correct me if I'm wrong.
With this, HTTP redirect is out of the game if you want this to work reliably. (There has been a lively debate on the liferay forums on the reasons)
For this reason javascript is your friend if you intend on the redirect to happen during render phase. However, note that this still might interfere with user expectation: Imagine if two different portlets generate different javascript redirects - which one do you expect to win?
Architecturally it might be cleaner to trigger a redirect during the action phase, but that's not your question
I know there are some advantages in using page forwarding as it is the default in JSF.
I also know how to set redirect for some pages using 'faces-redirect' in the implicit navigation or the tag in the faces-config file.
I searched a lot on internet but I didn't find an easy and straight way (such as a configuration parameter) to enable redirect for all pages.
The reason I would like to use page redirect everywhere is the following: if every page is asked whit its url the container can be used for page authorization without the need of additional security library. Don't know if it can be a good idea, but performances are not an issue in this moment and using container security can save development time for the first release.
You can achieve this with a custom ConfigureableNavigationHandler. You can find a kickoff example in the answer to this question: JSF 2 and Post/Redirect/Get?
However, I have the feeling that you're designing page-to-page navigation the wrong way. You seem to be using POST requests for simple page-to-page navigation. If you fix them to be GET requests, then you don't need to worry about this. So, use <h:link> instead of <h:commandLink> for page-to-page navigation. This way you don't need to implement the PRG. See also When should I use h:outputLink instead of h:commandLink?
I am working with a JSF application that posts on every mouse click, so if you get 5 pages deep, your url stays the same.
now i need to link to one of these pages from outside of jsf. what can i do?
(i am new to jsf)
Navigation rules use forward by default, that's why the URL does not change.
Use http://site.com/ctx/page.jsf to access a given page. *.jsf is the mapping of your faces servlet to in web.xml (it can have different value in your configuration, but normally it is *.jsf or /faces/*
i dont know if ive got it right but as much as i understood it you need to use GET instead of POST this time, right?
in my current project we still use JSF 1.2 and that is achieved by PrettyFaces (http://ocpsoft.com/prettyfaces/) by us. do you mean that?
I have an application that utilizes rather unfriendly dynamic URLs most of the time. I am providing friendly URLs to some content, but these are used only as an entry point into the application, after which point all of the generated URLs will be the unfriendly variety.
My question is, if I know that the user is on a page for which a friendly URL could be generated and they choose to bookmark it, is there a way to tell the browser to bookmark the friendly one instead of what is in the address bar?
I had hoped that rel="canonical" would help here, but it seems as if it's only used for indexing. Maybe one day browsers will utilise it.
No. This is by design, and a Good Thing.
Imagine the following scenario: Piskvor surfs to http://innocentlookingpage.example.com/ and clicks "bookmark". He doesn't notice that the bookmark he saved points to http://evilsite.example.net/ Next time he opens that bookmark, he might get a bit of a surprise.
Another example without cross-domain issues:
Piskvor the site admin clicks "bookmark" on the homepage of http://security-holes-r-us.example.org/ - unfortunately, the page is vulnerable to script injection, and the injected code changes the bookmark to http://security-holes-r-us.example.org/admin?action=delete&what=everything&sure=absolutely . If he's still logged in the next time he opens the bookmark, he may find his site purged of data (Granted, it was his fault not to prevent script injection AND to have non-idempotent GET resources, but that is all too common).
I have a tomcat hosted web-app, in one of the jsp pages the webapp displays I am using an iframe to embed an html document.
I need to have the html pages separate to the web-app so that they can be altered without requiring a relaunch of the original web-app or access by editors to the web-app.
It is also essential that html pages are secure and not available directly in any way, i.e. only available within this web-app or by authenticating the user. I also want to avoid making the user login to both the web-app and the page in the iframe.
I am not sure how to approach this, I have an apache server, php, and of course tomcat at my disposal.
I can think of two approaches but am not sure how to implement either:
I pass through the authentication details from the jsp page and store all the usernames etc elsewhere for the .htaccess file to check against (not ideal as this means the upkeep of two username / password files)
I somehow enforce that these pages can only be accessed when they are being shown within this iframe i.e. use the web-app as an authenticator and hold the web pages to be only accessible via it.
Presently I can only think of a rather clunky, double log-in way, using .htaccess on an apache server which will require the user to enter a username and password again before viewing the documents.
Can anyone think of a more elegant solution?
Thanks!
CJ
Easiest approach would be to not serve the HTML pages by a public webserver, but just host them in some fixed path outside the public webcontent. Then you can create an servlet which gets an InputStream of the HTML file by FileInputStream and writes it to the OutputStream of the servlet response as obtained by HttpServletResponse#getOutputStream() the usual Java IO way.
Then, in your JSP just change the <iframe> src to point to that servlet instead, along with the desired HTML file as request parameter or pathinfo.
<iframe src="htmlservlet/file.html" />
This way you can control the authentication at one place, the JSP/Servlet webapp.