At first glance I dont think it is possible since JSF uses http post.
Cagatay
On 5/5/06, Dave Brondsema <
[EMAIL PROTECTED]> wrote:
Is it secure to limit access to a backing bean action simply by using
the 'rendered' attribute to control when it is displayed? Or is it
possible for a malicious user to construct a URL that still invokes the
backing bean method, even when the commandButton for it is not rendered
for that user?
Thanks,
--
Dave Brondsema
Software Developer
Cornerstone University
