![]() I suspect that ICEFaces has something built in to deal with this but I can't find any information about it. The example they gave was also going through the blockingServlet. The client is also concerned that input parameters are not properly validated providing a entry point for XSS. I have implemented the no-cache headers but that's not exactly solid security. How can I set up something similar for this? I don't really understand how icefaces deals with the information stored on a form and how I can ensure that this info is not stored by the browser. I discovered that the POST request the client's security team were complaining about were ajax calls to the BlockingServlet. Initially I set up a phaseListener to deal with this but the only requests that came through were GETs. While View scope is a welcome addition for managing the lifecycle of beans, the behavior of View scope may not be intuitive in certain scenarios. ICEfaces includes new annotations for adjusting the behavior of View-scoped beans. You can select from several JSF implementations. ICEfaces extends the JSF framework to assist in resource management. You will need to pick a JSF implementation to use. The ACE components are shown properly, but if I cli. Open the PDF guide and step through the Eclipse setup (hint: if you’ve downloaded the files, be sure to select local content when doing the Eclipse install not the archive). In Mavens pom.xml I have added the ICEfaces and ICEfaces-ACE dependencies. ![]() ![]() In order to avoid browsers caching sensitive information, the client's security guidlines require that POST requests do not return 200 response. I created a project in Maven with WildFly, Java 8 and ICEfaces 4.0.0. ![]() I have 2 security concerns that my client has come up with and I am stuck. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |