Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.2
    • Fix Version/s: 2.0
    • Component/s: Uncategorized
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: Sun

    • Issuezilla Id:
      26
    • Status Whiteboard:
      Hide

      EGTop5 effort_hard

      Show
      EGTop5 effort_hard

      Description

      the "j_security_check" feature of some J2EE containers is a quick and easy way
      to provide role-based authentication to a web application. It would be nice if
      we cloud allow our existing <h:form> <h:inputText> <h:inputSecret> components to
      support this via some kind of flag.

        Activity

        Hide
        pmuir added a comment -

        Though JSF does need to do something about XSRF. A common approach to help
        prevent XSRF attacks is to provide a unique, secret token with any request which
        modifies state on the server.

        JSF does currently have such a token (the javax.faces.ViewState), but the spec
        does not require this to be a strong identifier.

        Show
        pmuir added a comment - Though JSF does need to do something about XSRF. A common approach to help prevent XSRF attacks is to provide a unique, secret token with any request which modifies state on the server. JSF does currently have such a token (the javax.faces.ViewState), but the spec does not require this to be a strong identifier.
        Hide
        Ed Burns added a comment -

        The whole "Umbrella issue" thing didn't work out as planned. Changing summary back to be specific.

        Show
        Ed Burns added a comment - The whole "Umbrella issue" thing didn't work out as planned. Changing summary back to be specific.
        Hide
        Ed Burns added a comment -

        I agree with Pete. Let's close it.

        Show
        Ed Burns added a comment - I agree with Pete. Let's close it.
        Hide
        Ed Burns added a comment -

        Prepare to delete "spec" subcomponent.

        Show
        Ed Burns added a comment - Prepare to delete "spec" subcomponent.
        Hide
        Manfred Riem added a comment -

        Closing resolved issue out

        Show
        Manfred Riem added a comment - Closing resolved issue out

          People

          • Assignee:
            Ed Burns
            Reporter:
            Ed Burns
          • Votes:
            3 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: