jsf 2.0 is backing session bean secure? [duplicate] - security

This question already has an answer here:
Which properties in a JSF backing bean can be set by a user?
(1 answer)
Closed 8 years ago.
I'm asking if the Bean (Sessionscoped, ManagedBean) is secure enough to save a variable "isAdmin = true". The user must not have a chance to change this value!
So the main question is: does the user has access to the beans (when there are no getters/setters and components on the view)?

Yes, it should be secure because it's a server side component so user have no access to it's fields except the one you make visible for him.

Related

How to get id from request/response in JSF? [duplicate]

This question already has answers here:
How to find out client ID of component for ajax update/render? Cannot find component with expression "foo" referenced from "bar"
(6 answers)
Closed 4 years ago.
I have such id of dialog form form:processFilterPanel_fpanel_tv:dialogFormIO:j_idt195:ItemWidget_input
And I want to work with one element of form at backend side. The problem that this part of id j_idt195 is always changing by jsf (when it starts a new session) and I don't know how to get it. Have any ideas?
Just use id="yourFavId" on the component and reference it.
JSF gives those weird looking ids to the html components that didn't have a defined one.

How to get HttpSession attributes from jsf web page [duplicate]

This question already has an answer here:
How can I access session attribute in Facelets page
(1 answer)
Closed 5 years ago.
I am trying to write some code in jsf scriptlet to get a attribute from HttpSession and compare with a UI value (to display a pop-up when both session and UI values are same ) .
You can do it in JSF with EL: #{session.getAttribute('key') eq uiValue}.
List of all JSF EL objects can be found here.

Primefaces Filled Field Automatically [duplicate]

This question already has answers here:
Clear JSF form input values after submitting
(5 answers)
Closed 5 years ago.
I'm developing a project using JSF and Primefaces and I got some forms.
Every time I open those forms all fields are already filled with the last information I saved on database.
I'd like every time I open those forms all fields were blank.
How can I do this?
Thank you!!
What Scope are you using in your managed bean? if you are using session scope for example it will hold the last values of your bean properties as long as the application session exists. Depending on what you doing, I would use request scope instead. This will delete the bean when it is not being use and therefore clear the values when you request again. Or perhaps view scope, this will keep the values as long as you are in the same view. Another way would be to use javascript to clear the values by Ids.
if u are using
#SessionScoped
Try to change to :
#ViewScoped

request scope and view scope [duplicate]

This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How to choose the right bean scope?
I'm newbie in JSF programming, and I need a clarification about bean scopes. I have already read all the questions about this argument, but is not so clear.
I don't understand the request scope well. I understand that: "This is the default scope and basically the bean is alive throughout a single HTTP request."
So for example, suppose that we ask the browser to open a web page with a form. When we make the request, a request scope bean is created, the life-cycle begins and after the render response phase, the Java bean is destroyed.
Then we fill out the form and we press a button. This will start another HTTP request, right?
In the same context, if a have a view scope bean instead of a request scope bean, what is the difference? How many bean instances are created? Why is it better to use this with a datatable?
The request scope as all your sources including the post linked by BalusC say starts living a short while after your request hits the server, and is destroyed shortly after the last bit of the response has been send back.
Indeed, if you postback a form a new request starts and thus a new request scope. This means everything that is request scoped will be created again. So for a form that is first rendered, and then posted back once, 2 request scoped beans will be created.
The view scope lives as long as you do postbacks to the same view (page). This works by means of the hidden form parameter called javax.faces.ViewState. The value of this is an entry into some kind of logical Map if you use save state on server. How a JSF implementation actually resolves this is not that important here (but yes, it's mostly just a Map).
After the postback JSF is able to retrieve the exact same view scoped beans again by means of this parameter. So for a form that is first rendered, and then posted back once, 1 view scoped bean will be created.
For a datatable you will almost always want to use the view scope. The reason is that you want the data to be the same before and after a postback. If your data is 100% static and/or you don't have postbacks (your table is not in a form), you can use the request scope instead.

JSF Back Button [duplicate]

This question already has answers here:
back commandbutton in jsf
(5 answers)
Closed 8 years ago.
How do I make a link which navigates the user back one page (i.e. same as clicking browser back)?
Thanks.
To the point: just remember the request URL or the JSF viewId of the previous page so that you can use it in the href or value of the output/commandlink. There are several ways to achieve it, depending on how you're actually navigating through the pages and how "jsfish" you want to achieve it. You could pass it as a request parameter by f:param in h:outputLink, or you could set it as a bean property by f:setPropertyActionListener in h:commandLink, or you could create a PhaseListener which remembers the viewId and make use of navigation cases, or you could grab the -much less reliable- JavaScript history.go() function.

Resources