9/5/2023 0 Comments Jsf with icefaces![]() I suspect that ICEFaces has something built in to deal with this but I can't find any information about it. The h:commandButton has an image attribute. Instead I just replaced the ace:pushButton element with standard JSF h:commandButton component. ![]() I guess, I could have styled the button in CSS. In my case, the image would display next to the button. ![]() The example they gave was also going through the blockingServlet. I had a similar issue but with ICEFaces 4. The client is also concerned that input parameters are not properly validated providing a entry point for XSS. I have implemented the no-cache headers but that's not exactly solid security. Spring Web Flow 2.5 requires JSF 2.2 or higher. Web Flow also provides a Spring Security tag library for use in JSF environments, see Section 13.9, Using the Spring Security Facelets Tag Library for more details. Work through a basic ICEfaces tutorial that transforms a standard JSF application into. How can I set up something similar for this? I don't really understand how icefaces deals with the information stored on a form and how I can ensure that this info is not stored by the browser. Spring Web Flow provides a JSF integration that lets you use the JSF UI Component Model with Spring Web Flow controllers. ICEfaces is a registered trademark of ICEsoft Technologies, Inc. I discovered that the POST request the client's security team were complaining about were ajax calls to the BlockingServlet. Initially I set up a phaseListener to deal with this but the only requests that came through were GETs. In order to avoid browsers caching sensitive information, the client's security guidlines require that POST requests do not return 200 response. I have 2 security concerns that my client has come up with and I am stuck. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |