I am very new to jsf coming from strust2 just for two days!
As struts automatically bind the request parameters to actions, there was a mechanism to help you control this specially when you used ModelDriven approch. There you could implement the acceptableParameterName method to take control what should be set automatically by struts and what shall not.
Any way, now we are in JSF and I wonder what shall be done here!
I try below simple page
<h:form>
<h:inputText id="name" value="#{helloBean.name1}"></h:inputText>
<h:commandButton value="Welcome Me">
<f:ajax execute="name" render="output" />
</h:commandButton>
<h2><h:outputText id="output" value="#{helloBean.name2}" /></h2>
</h:form>
The bean is:
@ManagedBean
@SessionScoped
public class HelloBean2 implements Serializable {
private static final long serialVersionUID = 1L;
private String name1;
private String name2;
public String getName1() {
return name1;
}
public void setName1(String name1) {
this.name1 = name1;
}
public String getName2() {
return name2;
}
public void setName2(String name2) {
this.name2 = name2;
}
}
I try to tamper the gereated html which was:
<input id="j_idt41:name" name="j_idt41:name" value="" type="text">
to
<input id="j_idt41:name" name="j_idt41:name2" value="" type="text">
But no luck and the name2 is not set by JSF
My question is:
Does this means that the JSF know which parameters I try to get from user and automatically prevent others? For example JSF will set name1 if I have inputText with name name1 ?!
If not, how should I avoid JSF automatically bind not wanted parameters?
Please consider that my real problem is that I want to use the a bean with lots of parameters and only some of them should be set in each view ( some sort of wizard )
I see In JSF, What is the best way to prevent Form tampering? but I think my problem is different!
