On Wed, Jun 9, 2010 at 11:06 AM, Lincoln Baxter, III < [email protected]> wrote:
> Yeah - Just saw that this morning. I'd like to see a way to implement this > for ALL pages, not requiring a custom tag. I believe this could be done > easily using the PreRenderViewEvent to add a hidden form field to store the > token in all outbound forms, then use a phase-listener after Restore_View, > comparing the request parameter to the restored component value. Very > similar to the <s:token> component, but as a global solution that could be > enabled/disabled via XML config. > Global solution is good. In fact, it's even more secure since it solves the "doh, I forgot to add the tag" security hole ;) -Dan -- Dan Allen Senior Software Engineer, Red Hat | Author of Seam in Action Registered Linux User #231597 http://mojavelinux.com http://mojavelinux.com/seaminaction http://www.google.com/profiles/dan.j.allen
_______________________________________________ seam-dev mailing list [email protected] https://lists.jboss.org/mailman/listinfo/seam-dev
