[
https://issues.apache.org/jira/browse/MYFACES-4033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15159836#comment-15159836
]
Leonardo Uribe commented on MYFACES-4033:
-----------------------------------------
There is one case when a forward is done. The class
org.apache.myfaces.view.jsp.JspViewDeclarationLanguage has a call (on
buildView(...)) to externalContext.dispatch(...) which calls
requestDispatcher.forward(...).
I think if facelets only is enabled, it is safe to assume a "forward" leads to
a new view. In MyFaces Core there is no server-side url rewrites, but the
client window could force a client-side url rewrite.
JSF was done to be container-agnostic, even if it is somewhat tied to servlet
technology. I do not like the idea of check the incoming request url, but if it
is justified it is ok to include it.
> Weird behavior with form authencation / forward / restore view
> --------------------------------------------------------------
>
> Key: MYFACES-4033
> URL: https://issues.apache.org/jira/browse/MYFACES-4033
> Project: MyFaces Core
> Issue Type: Bug
> Reporter: Thomas Andraschko
> Assignee: Leonardo Uribe
>
> Following case:
> 1) visit login.xhtml
> with
> <h:form onclick="this.action='j_security_check';">
> <p:inputText id="j_username" />
> <p:password id="j_password" />
> <p:commandButton id="submit" value="Login" ajax="false"/>
> </h:form>
> 2) submit (non-ajax post) with invalid user
> 3) tomcat forwards to the loginError.xhtml
> 4) MyFaces tries to restore the view with the ViewState from login.xhtml
> 5) ViewExpired occurs
> IMO MyFaces should not restore the view after a forward ->
> if (post && forward) {
> -> new view
> }
> else {
> -> restore
> }
> It also works fine in Mojarra.
> [~lu4242] How would you fix it?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
