Reply To: Block Direct Browser Url Access in a Page

Splash Forums Rewrite Users Block Direct Browser Url Access in a Page Reply To: Block Direct Browser Url Access in a Page


I don’t think that it is possible to do what you want.

If you click a commandButton and return “pretty:panel”, the server will respond with a redirect to the client. This tells the client “Hey, please request /panel with a GET request”. The browser will then do this and request /panel. But this is a standard GET request. If the user manually requests the page, it will also be a GET request. So there is no easy way to distinguish the two.

If you really want something like this, you will have to implement something manually. You could for example generate some random number in your action method and include this in the redirect URL. You will have to replace pretty:panel with /panel.xhtml?faces-redirect=true&randomNumber=234234234 (which is basically the same thing but includes the additional parameter). The panel page could then verify if the random parameter correct. You could for example store it in the session for this check.

However, I’m not sure if all this is worth the effort. But that is just my personal opinion. Basically I think that all URLs should work independently. That’s one of the main goals of PrettyFaces. 🙂