1

I was able to do a SSO(Single sign on) on click of external link from the code below. SSO works but username/password is seen on url. https://example.org/index.php?userLogin=user1&userPassword=pass123

                  <h:outputLink styleClass="ui-menuitem-link ui-corner-all"
                    value="https://example.org/index.php">

                    <h:outputText value="Ext Tool" />
                    <h:outputText styleClass="ui-icon ui-icon-suitcase"
                        style="float:left" rendered="#{userBean.in}" />
                    <f:param name="userLogin" value="#{userBean.user.eUser}" />
                    <f:param name="userPassword" value="#{userBean.user.ePass}" />
                </h:outputLink>

I also used tried as below...

                    <h:commandLink action="#{userBean.eSubmit()}">
                    <h:outputText value="Ext Tool" />
                    <f:param name="userLogin" value="#{userBean.user.eUser}" />
                    <f:param name="userPassword" value="#{userBean.user.ePass}" />
                </h:commandLink>

In the bean.. My coding is like this

    public void eSubmit() throws IOException{
    FacesContext fc = FacesContext.getCurrentInstance();
    fc.getExternalContext().redirect("https://example.org/index.php?userLogin=" + user.getUser() + "&userPassword=" + user.getPass());
}

Even for the above code with commandLink - UserName and password are visible in the URL. Please guide me to hide password in the URL.

Am new to JSF so please help me understand...

Dan Klos
  • 13
  • 2

1 Answers1

2

A redirect instructs the client to create a new GET request on the specified URL. That's why you see it being reflected in browser's address bar.

As to performing a POST to an external site, you don't necessarily need JSF here. You're not interested in updating JSF model nor invoking a JSF action. Just use a plain HTML POST form.

<form method="post" action="https://example.org/index.php">
    <input type="hidden" name="userLogin" value="#{userBean.user.eUser}" />
    <input type="hidden" name="userPassword" value="#{userBean.user.ePass}" />
    <input type="submit" value="Ext Tool" />
</form>

If necessary, throw in some CSS to make the submit button look like a link, or some JS to let a link submit that form.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • Thanks BalusC. I understand that JSF is not needed here. But button doesn't look good on my page. It looks and behaves different from the other menu links. Is there any other solution through which I can do both SSO and Post request..through commanLink. Please help me.. – Dan Klos Jun 16 '15 at 13:29
  • Perhaps you overlooked or misunderstood the last paragraph in the answer? – BalusC Jun 16 '15 at 13:32
  • Thanks BalusC. I added some styling and now it looks exactly like link. Even SSO is not disturbed. – Dan Klos Jun 17 '15 at 16:53