TurboManage

David Chandler's Journal of Java Web and Mobile Development

  • David M. Chandler


    Web app developer since 1994 and former Developer Advocate with Google now residing in Colorado. Besides tech, I enjoy landscape photography and share my work at ColoradoPhoto.gallery.

  • Subscribe

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 242 other followers

  • Sleepless Nights…

    October 2006
    S M T W T F S
    « Sep   Dec »
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  
  • Blog Stats

    • 848,973 hits

Hacking JSF Requiredness Checking

Posted by David Chandler on October 14, 2006

MyFaces committer Matthias Weßendorf and I spent a few minutes this afternoon at ApacheCon confirming what I suspected about validation of required values in JSF. Normally, if you leave a required field empty, it will show up as an empty string and JSF will properly check for requiredness. But if, for a given required field, you remove the name-value pair from the POST altogether using a man-in-the-middle tool (MITM), JSF will not detect the missing required field.  This is also an issue in the Sun RI and in fact results from unclear, if not conflicting, requirements in the JSF spec as detailed at the JIRA link below.

This issue is being tracked on the MyFaces JIRA https://issues.apache.org/jira/browse/MYFACES-1467, where you can also obtain the patch I’ve submitted.

/dmc

Sorry, the comment form is closed at this time.

 
%d bloggers like this: