>>> [EMAIL PROTECTED] 06/16/05 09:00PM wrote (10 times!): > I have discovered that the problem I am having is caused by postbacks to the > same JSP amd all other navigation seems to be working correctly. I'll > probably have to come up with some other method of protecting the pages as > there are far too many postbacks in my app ( or any typical JSF app). > Perhaps a filter or some simple javascript.
It is trivial to write a filter to prevent people bookmarking/hyperlinking into pages in your application - the filter just needs to call session.isNew(), and if it is a new session, send a redirect to the front page instead of continuing down the filter chain. The front page should also invalidate the session to ensure access continues to be denied except through the route you want. Relying on javascript being enabled on the client does not sound like a good basis for security! Jon _________________________________________________________________ Dr JW Harley Senior Technologist E-lab, IT Services Department, University of Warwick, Coventry UK <[EMAIL PROTECTED]> www.warwick.ac.uk/staff/J.W.Harley/
