How to obtain form data via "POST"?

Asked

Viewed 1,611 times

14

Is there any way to receive data from an external form using the method="post" on my jsf page?

I can already do that when the data traffic via GET.

<f:metadata>
    <f:viewParam name="dados" value="#{testeMB.dadoExterno}"/>
</f:metadata>

I tried to redirect via jQuery adding the variables to the HEADER so (according to the @uaiHebert tip):

$.ajax({
type: 'POST',
url: "http://www.dominio.com.br:8888/sistema/home.jsf",
headers: {
    "login": "user",
    "senha": "1234",
}

But the error occurs:

Xmlhttprequest cannot load http://www.dominio.com.br:8888/system/home.jsf.

The request was redirected to 'http://www.dominio.com.br:8888/system/login.jsf;jsessionid=B29848B037ABA032CDD9B358842F929B? windowId=D67', which is disallowed for cross-origin requests that require preflight.

java html jsf post

  • Sorry, but what is the reason for the post specifically?

  • I happen to have a login page, but one of the requirements I have is that the login can be done through a form located on any site. How will be traffic login and password, need to be via post.

  • I already made my login screen receive the data via get and log in automatically... now I need to receive it via post for security (otherwise the data will be exposed in the URL)

  • You couldn’t pass the values in the header then?

  • Pass header? What do you mean? It wouldn’t be the same as sending via GET. Ex: http://dominio.com.br/servico.jsf?var1=1&var2=x... ?

  • When the form triggers the login call, you can use javascript/jquery/angular or add the header to the request. It is not the same as sending via GET because a HEADER does not go in the URL.

  • I’m gonna take a test...

  • @uaiHebert could not, see the error that presents.

  • 1

    Really, I ate fly in this. If I’m not mistaken, by ajax, you can’t redirect calls to other domains. -___-''

  • What I can think of then is you have a redirect to the site and the login be done on the site.

  • Well... today I have these two alternatives: Direct to the login page of the system or trigger the login via external site with the variables in the URL, via GET. But these forms are always questioned.

  • I found Omnifaces (showcase.omnifaces.org/Components/viewParam) that can read attributes via POST, but apparently Omnifaces conflicts with the Openwebbeans (CDI) that I use.

  • Passing via post you add a pseudo protection because the data will not be visible, for example, in the address bar and in the history, but an Attack "man in the Middle" can reveal the data if you are not using an encrypted connection (SSL or TLS for example). @uaiHebert you mean an http header? certainly not the appropriate way.

  • 2

    On the second error, you will hardly get the browser to allow an HTTP cross-domain request. See for example: http://developer.chrome.com/extensions/xhr.html and http://en.wikipedia.org/wiki/Same_origin_policy

  • As @Diegocnascimento said, your program is not related to JSF or Java, but rather to security restrictions on nevagadores that do not allow you to do Ajax for other domains via javascript.

Show 10 more comments

2 answers

3

On how to access received data via POST, you can use the annotation @ManagedProperty:

public class ManagedBean {
    @ManagedProperty("#{param.usuario}")
    private String usuario;

    @ManagedProperty("#{param.senha}")
    private String senha;

    // getters & setters aqui
}

Should work for parameters either via POST or via GET.

On the issue of doing Ajax via jQuery, this will be somewhat complicated in your case because the POST requests for JSF pages (JSF postbacks) use very unique ways to assemble requests, due to the control of viewstate. In general, it is easier to use the JSF’s own AJAX engine, either using f:ajax or other components or by using the functions of jsf.js.

See also:

2

TL;DR

This is not a JSF or Java error, but a matter of internet security when trying to do Ajax for another domain.

Solutions include changing the target server to allow Ajax, using your server as a sort of intermediary to authenticate on the target server, or dynamically creating an HTML form on your page and doing an Submit on it.

The reason for the error

The error presented in the question says that the request (request) was not allowed (disallowed) for being for a different domain (cross-origin). When you try to make an Ajax for another domain, the default browser will deny this call for security reasons.

On the other hand, there is an exception to this rule, in case the other server returns specific headers like Access-Control-Allow-Origin and Access-Control-Allow-Credentials, which may authorise certain actions. Basically, before running Ajax, the browser makes a pre-check (pre-flight) looking for these headers. See how it works in the following diagram:

inserir a descrição da imagem aqui

This article explains very well the question.

Solution #1 - Allow requests for another domain

The first solution is to change the target server to allow the necessary actions. This is explained in the article mentioned in the previous topic.

However, in your case it seems neither feasible nor possible, since this would have to be done on "any site" (see comment).

Solution #2 - Create an Intermediary Service

It could be an Ajax request to your own server, which would be completely allowed by the security rules, and then your server would make a request to the other site to authenticate and return the results to your page.

Think of a Servlet that works as a proxy or intermediary:

  1. It receives the POST request from Ajax
  2. Make a POST connection with the same data on the target site
  3. Get the answer from the site
  4. Returns the same answer to Ajax

Solution #3 - Using a hidden form

One last alternative would be to dynamically create a hidden form where:

  • The action is the page of the other site that checks the login
  • Login values go in fields hidden
  • The target is a iframe also hidden, so as not to interfere with the local page

This answer in Stackoverflow develops this technique a little bit. It will only take a little more work to capture the return of Submit from within the form.

Browser other questions tagged java html jsf post

You are not signed in. Login or sign up in order to post.