This discussion is archived
1 Reply Latest reply: Jul 16, 2013 12:00 AM by gimbal2 RSS

JSF 2.0 , passing URL hidden parameters in ExternalContext.redirect() programmatically

user4658745 Newbie
Currently Being Moderated

Hi , I have the following code on the submit of command button on the jsp page

 

ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
  try {
   externalContext.redirect("http://reportsserver.com/reports/rwservlet?server=server001&ORACLE_SHUTDOWN=YES&PARAMFORM=no&report=testrepr.rdf&desformat=pdf&desname=testrep.rdf.pdf&destype=cache&userid=scott/tiger@test&param1=7002&faces-redirect=true");
  } catch (IOException e) {
   // TODO Auto-generated catch block
   e.printStackTrace();
  }


I need to send all the parameters after rwservlet? as hidden parameters. These values do not come from any form field on the page. They are a part of the properties file on the disk. I would not like them to be displayed to the user when loading the next webpage or on the next web page.

 

Please let me know if there is any way to mark specific parameters in externalcontext.redirect() as hidden programatically

 

The xhtml code is

    <h:commandButton value="Submit" action="#{helloWorldBean.submitAction}"></h:commandButton>

 

  • 1. Re: JSF 2.0 , passing URL hidden parameters in ExternalContext.redirect() programmatically
    gimbal2 Guru
    Currently Being Moderated

    there is no such thing as a hidden parameter. Any parameter you do not see is one posted through a POST request, which tends to boil down to a form submission. You can make it slightly less visible by for example using an Ajax call to do the request to the reportserver and fetch the content; then you'd have to examine the site's javascript logic to figure out what parameters it is sending which gives you more opportunity to hide it far away in a .js file and obfuscate it.

     

    Another technique used is to actually encode or encrypt the parameter list so it is not readable anymore, but then the reportserver would have to be able to decode/decrypt it again.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points