1 Reply Latest reply: Jul 16, 2013 2:00 AM by gimbal2 RSS

    JSF 2.0 , passing URL hidden parameters in ExternalContext.redirect() programmatically

    user4658745

      Hi , I have the following code on the submit of command button on the jsp page

       

      ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
        try {
         externalContext.redirect("http://reportsserver.com/reports/rwservlet?server=server001&ORACLE_SHUTDOWN=YES&PARAMFORM=no&report=testrepr.rdf&desformat=pdf&desname=testrep.rdf.pdf&destype=cache&userid=scott/tiger@test&param1=7002&faces-redirect=true");
        } catch (IOException e) {
         // TODO Auto-generated catch block
         e.printStackTrace();
        }
      
      


      I need to send all the parameters after rwservlet? as hidden parameters. These values do not come from any form field on the page. They are a part of the properties file on the disk. I would not like them to be displayed to the user when loading the next webpage or on the next web page.

       

      Please let me know if there is any way to mark specific parameters in externalcontext.redirect() as hidden programatically

       

      The xhtml code is

          <h:commandButton value="Submit" action="#{helloWorldBean.submitAction}"></h:commandButton>

       

        • 1. Re: JSF 2.0 , passing URL hidden parameters in ExternalContext.redirect() programmatically
          gimbal2

          there is no such thing as a hidden parameter. Any parameter you do not see is one posted through a POST request, which tends to boil down to a form submission. You can make it slightly less visible by for example using an Ajax call to do the request to the reportserver and fetch the content; then you'd have to examine the site's javascript logic to figure out what parameters it is sending which gives you more opportunity to hide it far away in a .js file and obfuscate it.

           

          Another technique used is to actually encode or encrypt the parameter list so it is not readable anymore, but then the reportserver would have to be able to decode/decrypt it again.