I’m new with JSF and I would like to understand why page redirect and

Question

0

Asked: June 18, 20262026-06-18T08:10:21+00:00 2026-06-18T08:10:21+00:00

I’m new with JSF and I would like to understand why page redirect and

0

I’m new with JSF and I would like to understand why page redirect and page forward do not produce the same security render.

I have a JSF button which calls backing method :

<h:form>
    <!-- content... -->
    <p:commandButton action="#{login.play}" ... />
</h:form>

Login managed bean

public String play() {
   ...
   //forward implementation
   return "play";
}

public String play() {
   ...
   //redirect implementation
   return "play?faces-redirect=true";
}

My page play.xhtml is secured. Only roles admin or user can access it but with my first play method, the security constraint is not enabled, I can access. Why is it different?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-18T08:10:22+00:00

Security is performed on a per-request basis. A forward reuses the response of the current request for a different view. A redirect creates a brand new request whose response is used for the different view. You can easily see this by looking at the request URL in browser’s address bar. In case of a forward it remains unchanged.

On an unrelated note, navigation by POST is poor practice. You should either conditionally display results in the same page, or navigate by GET using either a normal link or by a redirect after POST.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m new with JSF and I would like to understand why page redirect and

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply