myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Marinschek" <>
Subject RESTful JSF
Date Tue, 04 Apr 2006 04:03:01 GMT
Now that the old discussion has settled, I'd like to relive it a little bit.

If you remember, we discussed that writing out parameters and managed
bean states could be done easily with adding an attribute to
commandLink (bookmarkable=true), and also add this attribute to
saveState (well, there have been other propositions as well, but this
is what generally seemed doable).

The discussion ran then wild on how we would reapply this state to the
component tree or the backing beans.

The biggest problem in this was security - we couldn't just reapply
the state without knowing if this state was even allowed to be

There have been two suggestions to solve this problem:

1) configure centrally in your faces-config.xml which state may be reapplied
2) client side encryption

the problem with client side encryption is that

a) the state on client-side might be quite ugly
b) you'll not be able to change the encryption key on the server
anymore, if you want your pages to remain bookmarkable

together with Thomas, we've discussed about a third solution:

3) create a new component, which takes the values out of the request,
and reapplies them either to another component, or the managed bean.
It could look much like the aliasBean today.

this component would get rid of the necessary configuration (in fact,
it might be much nicer to let a component in the page decide on which
will be reapplied or not of the request saved state), plus you'd have
inherent security: only the state that is explicitly configured will
be reapplied.




P.S.: In case there was such an approach in the original discussion
and I overlooked it, please excuse me and tell me so ;)


Your JSF powerhouse -
JSF Consulting, Development and
Courses in English and German

Professional Support for Apache MyFaces

View raw message