myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leonardo Uribe (JIRA)" <>
Subject [jira] [Commented] (MYFACES-4033) Weird behavior with form authencation / forward / restore view
Date Mon, 22 Feb 2016 23:41:18 GMT


Leonardo Uribe commented on MYFACES-4033:

I have checked the documentation related to isPostback and I don't see anything wrong. The
spec (section 2.2.1) says this

"... Get that RenderKit’s ResponseStateManager and call its isPostback() method, passing
the current FacesContext. If the current request is an attempt by the servlet container to
display a servlet error page, do not interpret the request as a postback, even if it is indeed
a postback. ..."

That logic is on RestoreViewExecutor. The javadoc says this:

"... The implementation if this method for the Standard HTML RenderKit must consult the ExternalContext's
requestParameterMap and return true if and only if there is a key equal to the value of the
symbolic constant VIEW_STATE_PARAM. ..."

The implementation in MyFaces does what the spec says.

If the request is an error request sent by the container, "javax.servlet.error.message" request
param should be set. 

The HTTP method is never used by JSF spec, because in JSF 1.1/1.2 it was not possible to grab
it (servlet 2.4/2.5).

If Mojarra does something special, it is not written in the spec.

> Weird behavior with form authencation / forward / restore view
> --------------------------------------------------------------
>                 Key: MYFACES-4033
>                 URL:
>             Project: MyFaces Core
>          Issue Type: Bug
>            Reporter: Thomas Andraschko
>            Assignee: Leonardo Uribe
> Following case:
> 1) visit login.xhtml
>     with 
>     <h:form onclick="this.action='j_security_check';">
>          <p:inputText id="j_username" />
>          <p:password id="j_password" />
>          <p:commandButton id="submit" value="Login" ajax="false"/>
>     </h:form>
> 2) submit (non-ajax post) with invalid user
> 3) tomcat forwards to the loginError.xhtml
> 4) MyFaces tries to restore the view with the ViewState from login.xhtml
> 5) ViewExpired occurs
> IMO MyFaces should not restore the view after a forward ->
> if (post && forward) {
>    -> new view
> }
> else {
>    -> restore
> }
> It also works fine in Mojarra.
> [~lu4242] How would you fix it?

This message was sent by Atlassian JIRA

View raw message