You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@myfaces.apache.org by Peter Cheung <ps...@gmail.com> on 2006/01/25 22:32:34 UTC
Transfer From HTTPS To Non-HTTPS JSF Page
I am working on a app. has a mix of HTTPS and non-HTTPS pages. Since the
browser doesn't show the URL of the current JSF page(showing 1 URL behind),
when the user first gets from a HTTPS to a non-HTTPS JSF page, there is no
warning (produced by the IE) about leaving HTTPS, but once they move to one
more non-HTTPS page, the warning of about to leave HTTPS page appears. That
is very misleading to the user. I wonder if there is any way to force the
display of the URL of the current JSF page.
I also have a related problem, when the warning of about to leave HTTPS page
appears, the parameters that the page previous page is passing in the
CommandLink are lost. I wonder if there is any way to get around this
problem. My target user are general public, so I can't ask them to lower
their security level on their IE, before coming to my site. I know changing
the pages to session scope may be an option, but I am hoping to keep them in
the request scope.
Thanks in advance.
Re: Transfer From HTTPS To Non-HTTPS JSF Page
Posted by Peter Cheung <ps...@gmail.com>.
I found a non-elegant way of solving this problem. The following is what I
came up with:
In HTTPS JSF page B, there is a link:
<h:commandLink action="go_non_secure" immediate="true">
<x:graphicImage id="go_non_secure" url="images/something.gif"/>
<f:param id="current_parameter" name="para" value="8"/>
<f:param id="current_page" name="page" value="1"/>
</h:commandLink>
When this link is clicked, it goes to "go_non_secure", which is defined in
faces_config.xml as:
<navigation-case>
<from-outcome>go_non_secure</from-outcome>
<to-view-id>/to_non_secure.jsp</to-view-id>
<redirect/>
</navigation-case>
to_non_secure.jsp, the intermediate JSF page only has a few lines:
<%@ page session="false" contentType="text/html;charset=utf-8"%>
<%
response.sendRedirect("real_non_secure.jsf?para=8&page=1");
%>
What this page does, is redirect to the real target page with the
parameters.
And the logic in the backing bean of the target page:
Map parameters =
getFacesContext().getExternalContext().getRequestParameterMap();
String item = (String)parameters.get(START_ITEM);
String page = (String)parameters.get(CURRENT_PAGE);
It is working now, but I don't think this is the appropriate solution. I
wonder if there is any other way of solving this problem? Also, I wonder how
to programmically populate the parameters to the RequestParametMap. I tried
to "put" it to the Map, but Tomcat threw an OperationNotSupportException.
Tks in advance.
On 1/26/06, Peter Cheung <ps...@gmail.com> wrote:
>
> After I changed the navigation rule of the link to use <redirect/>, the
> URL on the browser did show the correct one, and then the warning ("about to
> leave non-secure page") dialog box popped up, but after I clicked "ok",
> the parameters that were passed together were failed to pass to the
> subsequent page. I also tried to redirect to a intermediate JSF page, and
> that page in turn put the parameter to the parameterMap in the request
> scope, but still the following page didn't get the parameters. I wonder if
> there is any way to get around this problem. Tks.
>
> On 1/25/06, Matthias Wessendorf <mw...@gmail.com> wrote:
> >
> > On 1/25/06, Peter Cheung <ps...@gmail.com> wrote:
> > > I am working on a app. has a mix of HTTPS and non-HTTPS pages. Since
> > the
> > > browser doesn't show the URL of the current JSF page(showing 1 URL
> > behind),
> > > when the user first gets from a HTTPS to a non-HTTPS JSF page, there
> > is no
> > > warning (produced by the IE) about leaving HTTPS, but once they move
> > to one
> > > more non-HTTPS page, the warning of about to leave HTTPS page appears.
> > That
> > > is very misleading to the user. I wonder if there is any way to force
> > the
> > > display of the URL of the current JSF page.
> >
> > using <redirect/> inside of your navigation rulez (faces-config.xml).
> >
> > but this calls externalContext.redirect() (which itself calls
> > Facescontext.responseComplete())
> >
> > -Matthias
> >
>
>
Re: Transfer From HTTPS To Non-HTTPS JSF Page
Posted by Peter Cheung <ps...@gmail.com>.
After I changed the navigation rule of the link to use <redirect/>, the
URL on the browser did show the correct one, and then the warning ("about to
leave non-secure page") dialog box popped up, but after I clicked "ok",
the parameters that were passed together were failed to pass to the
subsequent page. I also tried to redirect to a intermediate JSF page, and
that page in turn put the parameter to the parameterMap in the request
scope, but still the following page didn't get the parameters. I wonder if
there is any way to get around this problem. Tks.
On 1/25/06, Matthias Wessendorf <mw...@gmail.com> wrote:
>
> On 1/25/06, Peter Cheung <ps...@gmail.com> wrote:
> > I am working on a app. has a mix of HTTPS and non-HTTPS pages. Since the
> > browser doesn't show the URL of the current JSF page(showing 1 URL
> behind),
> > when the user first gets from a HTTPS to a non-HTTPS JSF page, there is
> no
> > warning (produced by the IE) about leaving HTTPS, but once they move to
> one
> > more non-HTTPS page, the warning of about to leave HTTPS page appears.
> That
> > is very misleading to the user. I wonder if there is any way to force
> the
> > display of the URL of the current JSF page.
>
> using <redirect/> inside of your navigation rulez (faces-config.xml).
>
> but this calls externalContext.redirect() (which itself calls
> Facescontext.responseComplete())
>
> -Matthias
>
Re: Transfer From HTTPS To Non-HTTPS JSF Page
Posted by Matthias Wessendorf <mw...@gmail.com>.
On 1/25/06, Peter Cheung <ps...@gmail.com> wrote:
> I am working on a app. has a mix of HTTPS and non-HTTPS pages. Since the
> browser doesn't show the URL of the current JSF page(showing 1 URL behind),
> when the user first gets from a HTTPS to a non-HTTPS JSF page, there is no
> warning (produced by the IE) about leaving HTTPS, but once they move to one
> more non-HTTPS page, the warning of about to leave HTTPS page appears. That
> is very misleading to the user. I wonder if there is any way to force the
> display of the URL of the current JSF page.
using <redirect/> inside of your navigation rulez (faces-config.xml).
but this calls externalContext.redirect() (which itself calls
Facescontext.responseComplete())
-Matthias