How to navigate in JSF? How to make URL reflect current page (and not previous one)

by

Indeed, JSF as being a form based application targeted MVC framework submits the POST form to the very same URL as where the page with the <h:form> is been requested form. You can confirm it by looking at the <form action> URL of the generated HTML output. This is in web development terms characterized as postback. A navigation on a postback does by default not cause a new request to the new URL, but instead loads the target page as content of the response. This is indeed confusing when you merely want page-to-page navigation.

Generally, the right approach as to navigation/redirection depends on the business requirements and the idempotence (read: “bookmarkability”) of the request (note: for concrete code examples, see the “See also” links below).

  • If the request is idempotent, just use a GET form/link instead of POST form (i.e. use <a>, <form>, <h:link> or <h:button> instead of <h:form> and <h:commandXxx>).
    For example, page-to-page navigation, Google-like search form, etc.

  • If the request is non-idempotent, just show results conditionally in the same view (i.e. return null or void from action method and make use of e.g. <h:message(s)> and/or rendered).
    For example, in-page data entry/edit, multi-step wizard, modal dialog, confirmation form, etc.

  • If the request is non-idempotent, but the target page is idempotent, just send a redirect after POST (i.e. return outcome with ?faces-redirect=true from action method, or manually invoke ExternalContext#redirect(), or put <redirect/> in legacy XML navigation case).
    For example, showing list of all data after successful editing, redirect after login, etc.

Note that pure page-to-page navigation is usually idempotent and this is where many JSF starters fail by abusing command links/buttons for that and then complain afterwards that URLs don’t change. Also note that navigation cases are very rarely used in real world applications which are developed with respect to SEO/UX and this is where many JSF tutorials fail by letting the readers believe otherwise.

Also note that using POST is absolutely not “more secure” than GET because the request parameters aren’t immediately visible in URL. They are still visible in HTTP request body and still manipulatable. So there’s absolutely no reason to prefer POST for idempotent requests for the sake of “security”. The real security is in using HTTPS instead of HTTP and checking in business service methods if currently logged-in user is allowed to query entity X, or to manipulate entity X, etc. A decent security framework offers annotations for this.

See also:

More Related Contents:

  1. What URL to use to link / navigate to other JSF pages
  2. Retaining GET request query string parameters on JSF form submit
  3. How to show faces message in the redirected page
  4. Redirect to external URL in JSF
  5. Unable to find matching navigation case with from-view-id ‘/pages/index.xhtml’
  6. Adding faces message to redirected page using ExternalContext.redirect()
  7. JSF 2 Global exception handling, navigation to error page not happening
  8. JSF redirect to other page
  9. Understanding PrimeFaces process/update and JSF f:ajax execute/render attributes
  10. How to include another XHTML in XHTML using JSF 2.0 Facelets?
  11. Sometimes I see JSF URL is *.jsf, sometimes *.xhtml and sometimes /faces/*. Why?
  12. Performing user authentication in Java EE / JSF using j_security_check
  13. h:commandButton/h:commandLink does not work on first click, works only on second click
  14. Spawning threads in a JSF managed bean for scheduled tasks using a timer
  15. How to inject @EJB, @PersistenceContext, @Inject, @Autowired, etc in @FacesConverter?
  16. Internationalization in JSF, when to use message-bundle and resource-bundle?
  17. Pass an object between @ViewScoped beans without using GET params
  18. Make multiple dependent / cascading selection components in JSF
  19. What is the use of faces-config.xml in JSF 2?
  20. Avoiding duplicate ids when reusing facelets compositions in the same naming container
  21. How to implement a dynamic list with a JSF 2.0 Composite Component?
  22. java.lang.ClassNotFoundException : com.sun.faces.config.ConfigureListener
  23. URL hash is persisting between redirects
  24. Why was “immediate” attribute added to the EditableValueHolders?
  25. Fileupload and PrettyFaces and JSF 2.2 [duplicate]
  26. How to set -Dorg.apache.el.parser.COERCE_TO_ZERO=false programmatically
  27. How to concatenate Strings in EL expression?
  28. java.lang.IllegalStateException at com.sun.faces.context.FacesContextImpl.assertNotReleased
  29. JSF: Mojarra vs. OmniFaces @ViewScoped: @PreDestroy called but bean can’t be garbage collected
  30. Why use a JSF ExceptionHandlerFactory instead of redirection?

Leave a Comment