Prevent Manual URL
Hi,
I am using JDeveloper 11.1.1.2 with ADF BC and ADF Faces.
I have an unbounded task flow with several views including a welcome page. Currently, a user can manually enter a URL to take them to any one of the views. I would now like to redirect the user to the welcome page if he/she tries to do this.
The following post from 2007 describes how this can be accomplished by checking for a GET in a ServletFilter: Re: Faces - Preventing user from entering URL manually However, when I try to do this, I find that the commandLinks within my application are also using the GET method.
I was under the impression that commandLinks were supposed to do a POST. Is there any other way to tell if a URL was typed manually?
Here's the web.xml and filter code that I was using to test...
web.xml:
<filter>
<filter-name>UrlFilter</filter-name>
<filter-class>app.uiview.filters.UrlFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlFilter</filter-name>
<url-pattern>/faces/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
doFilter Method in UrlFilter.java:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
System.out.println("\n***Method: " + ((HttpServletRequest)request).getMethod());
chain.doFilter(request, response);
Thanks,
Brad
Amir/Brad,
Actually I was thinking about the possibility of using referer in a servlet filter as well (haven't had time to test this out). You could very well write a servlet filter that would look for a GET request with no referer and redirecting that to a home page. You may also have to be aware of template GET requests too. Another possibility would be (in your filter) to redirect GET requests for any of your specific JSP(x) resources except for the "home page" one - you could possibly even make this resilient against changes in your app by reading the unbounded task flow to determine all of the "safe" resources (that would allow GET requests) and unsafe ones (where you would redirect). If a GET request came in through the servlet filter for a resource that wasn't in the unbounded task flow (such as would be the case for a template), you would just pass it through.
John
Similar Messages
-
Prevent manual entry in user defined value
Is it possible to prevent manual entry in user defined value (Formatted search)?
ThanksHi
I don't think there is any out of the box solution .
It is possible if formatted search automatically populates your data but I think in your case ,user is selecting the list of special codes you have provided .
May be it can be done by SDK . Try posting in SDK forum .
Hope this helps
Bishal -
Preventing Manual Sleep in Tiger
I maintain a couple of Intel iMacs running 10.4.11 that run some launchd tasks at a certain time every night. If the tasks run successfully, the machines shut themselves down later in the night. If the tasks encounter a problem, the scheduled shutdown is aborted.
Despite gentle "encouragement", the standard users that run the machines occasionally put the machines to sleep manually. I can set the machines to wake up at a certain time...but, because of a bug in launchd on 10.4.11 the time spent asleep is ADDED to the scheduled time of the task. For example, if I schedule a task to run at 1am -- and the machine has been asleep for 4 hours --- the task won't run until 5am at the earliest. Considering that these machines might be asleep for days at a time, manual sleep can cause some real problems. This bug also mangles the scheduled shutdown.
Is there a way I can prevent users from manually putting their machines to sleep? Is there a safe way to disable the Sleep menu?
Thanks.Limnos wrote:
Maybe something here, but I would make sure you had a good backup first...
http://hints.macworld.com/article.php?story=20050422121335362
This hint suggests editing the menu interface files in /System. In my own testing, it seems to work ok...still, I am nervous about pushing this out to a half-dozen aged machines.
also related things here. Maybe Applescript could be used as a reminder?
http://hints.macworld.com/article.php?story=20091104040449752
Some kind've automated reminder...? It's a possibility...but they've already shown a willingness to disregard reminders...! -
How to prevent manual input to automated cells?
I have many cells that get their values from a result in another table. By clicking on the cell and typing, the lookup formula is overridden. Is there a way to lock out manual input to a cell that automatically gets its value from somewhere else?
BTW, Numbers is SO much nicer to use than Excel. Bravo to Apple!This is kind of what I did. What I have done is take the Numbers template for a personal budget and modified it so as to learn the ins and outs of the program and to have something useful at the end. Some of the expenses are created by entering a list of expenses by month that is then collected in another table to add up the entire budget. I don't want the wife to be able to enter into those cells that look up their info on another table. Even though a "$0" shows to let her know that it gets info elsewhere, it can be clicked on and data entered directly. It also wipes out the formula/function that was there in the first place. That pretty much wrecks the table at that point. It would be nice to be able to lock those cells out for direct entry.
-
Preventing manual price condition maintenance in Purchase Order
Hi Guys
'I am seeking to add code somewhere either in the Purchase Order program or in pricing which will only allow some users to manually overwrite the automatic price. I am not sure however where to put the code (1) in a PO BADI (2) In a pricing requirement or (3) A.N. other suggestions. I am also unsure as to whether I should grey out the price field as default and open it for manual entries for certain Vendor account groups OR to re-run pricing when users try to manually change the price.
Kind Regards
BrettHi,
You may use the standard condition type JEXC (Manual Excise) in MM pricing procedure. Maintain JEXC as statistical condition and maintain subtotal as 5 against JEXC in M/08.
Now, go to OBQ3 and maintain calculation type as 355 against JMOP.
Now system will copy the JEXC value from MM pricing to JMOP in tax procedure.
Note: 1. Tax code should be assigned to company code.
2. JMOP condition type should be maintained correctly in "classify condition type" configuration.
Test the scenario and revert back.
Regards,
AKPT -
Preventing manual entry in delivery document.
Hi ,
Is there any solution regarding how the manual entry can be stopped in delivery document?
Thanks & regards,
Rupam.Hi Rupam,
If you solved the problem, close your thread.
Thanks,
Gordon -
How can I prevent the url display from sometimes being overwritten by button icons?
The address in the url bar is sometimes overwritten by a line of button icons, which can overlap onto buttons beside the url display.
Please see a typical display here:
http://preview.tinyurl.com/k3ayssw
This, I am happy to say, does not happen with every website I visit, but it happens often enough to be a real nuisance.
Here is a list of *some* of the webpages where I have encountered this phenomenon:
http://preview.tinyurl.com/ov7pcrs
http://preview.tinyurl.com/omeov9u
http://preview.tinyurl.com/yrtpxf (all Wikipedia pages)
http://preview.tinyurl.com/ppp8vog (all tv-series.me pages)
http://preview.tinyurl.com/pm5q2se
http://preview.tinyurl.com/ygfsd68
Sure hope that there is an easy solution. I reverted to the Classic Display to work around it, only to find that it didn't solve the problem.
Cheers, TonyHello,
That is not normal behaviour and is caused by one of your add-ons. Just to be sure, '''try Firefox Safe Mode''' to see if the problem goes away. [[Troubleshoot Firefox issues using Safe Mode|Firefox Safe Mode]] is a troubleshooting mode that turns off some settings, disables most add-ons (extensions and themes).
If Firefox is open, you can restart in Firefox Safe Mode from the Help menu:
*Click the menu button [[Image:New Fx Menu]], click Help [[Image:Help-29]] and select ''Restart with Add-ons Disabled''.
If Firefox is not running, you can start Firefox in Safe Mode as follows:
* On Windows: Hold the '''Shift''' key when you open the Firefox desktop or Start menu shortcut.
When the Firefox Safe Mode window appears, select "Start in Safe Mode".<br>
[[Image:Safe Mode Fx 15 - Win]]
'''''If the issue is not present in Firefox Safe Mode''''', your problem is probably caused by an extension, and you need to figure out which one. Please follow the [[Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems]] article to find the cause.
''To exit Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.''
Since it will be a hassle to find out which one of your many extensions is the culprit, follow the note in this section of the article: https://support.mozilla.org/en-US/kb/troubleshoot-extensions-themes-to-fix-problems#w_test-for-faulty-extensions
When you figure out what's causing your issues, please let us know. It might help others with the same problem. -
Preventing remote url file reads in Flash
We have a Flash application provided by a vendor. It reads its parameters from an xml file on our web server's file system. However, it can also be spoofed to read its parameters from an xml file sitting on another domain's web server. At first we thought crossdomain.xml might be able to fix this, but we've researched it and understand the purpose of crossdomain.xml. It won't solve this issue.
Are there any ways of enforcing that a Flash application reads its input file only from the same server where the Flash application was served? Or is the recommendation just to initialize variables within the Flash app, not relying on an external file.
Thanks for your help with this.Yes, the idea is that someone would force my swf to read an off-site xml input file, which would initialize some variables in my file. It was a defect detected by Whitehat, so I'm pretty sure it's plausible.
-
Preventing URL Copy & Paste in OAF
Hi Team,
I want to prevent the URL Copy & Paste scenario in OAF.
I mean USER1 logged in & visited some pages, Example: Page1. then USER1 copied the URL when he/she is in Page1.
then Did logout.
Then USER2 logged in & then Pasted the URL, which was copied above, then Page1 is getting opened, But we Don't want this type of behaviour.
This kind of Behaviour voilates the Security.
Any Ideas to achieve this.
Thanks in Advance.
Regards,
Naren.Hi Naren,
Yes we have a SecurityMode property at pageLayout level, but by default it should be standard then the system will take care of the security
like user->Responsibility->Menu->Function(which is associated with the page).
If you set to SelfSecured, the developer's responsibility to grant the function, menu to the user...etc.
Check your page's SecurityMode, I am sure it will be standard.
And USER1 and USER2 are accessing the page via same responsibility?
Can you try assigning to the page to diff responsibility and give access to the page using diff responsibility and try the copy paste URL
Thanks,
With regards,
Kali.
OSSi. -
Dear expert,
We want to clear of some the GR/IR that has differences, because there will be no subsequent delivery or invoices for this purchasea order.
I run the following steps:
1. Run MR11 : System automatically create a posting that will result in zero balance GR/IR for the purchase order and line item.
Eg: Before I run the MR11:
GR/IR credit balance : -1000 (from goods receipt) PO: 8000005002 Line Item: 10
GR/IR debit balance : 950 (from invoice) PO: 8000005002 Line Item: 10
Since there will be no further invoice for the remaining qty, we need to manually clear the above GR/IR.
I run MR11: system post the following:
Dr Purchase PRice Variance : 50
CR GR/IR : -50 PO: 8000005002 Line Item: 10
Now the GR/IR balance for the PO: 8000005002 Line Item: 10 is net off to zero.
However the status of this GR/IR is still open.
2. Because the status is still open, I run the F.13 automatic clearing. However system didn't clear the above PO: 8000005002 Line Item: 10 GR/IR.
Is there any misssing steps or configuration? How to enable the clearing of GR/IR for above cases?
Thank you very much in advance for your kind assisstanceHi Rama, Thks for the reply
I test the F-03 to manually clear the GR/IR, but system prevents manual clearing of GR/IR. Here is the error message: "GR/IR clearing account cannot be manually cleared"
kind rgds,
Dahlia Tan -
After upgrading Firefox to version 14.0.1 i noticed when i typed in my company's website address that firefox went to the https:// version of the site when it never did that before.
Example, if you type in amazon.com in the URL bar, you briefly see that firefox turns the url to https://www.amazon.com before being auto directed to the normal www.amazon.com site.
My website did not have a secure index page and people were getting a server generated message until I found this issue out.
Is there a setting in Firefox to prevent the URL bar from selecting a secure connection first? This behavior does not occur in the most recent versions of I.E. or Chrome browsers on a desktop.
Any help would be greatly apprecaitedI've now been forced to tell my users NOT to use FF because of it's BUG.
-
How to Block Manual Entries in STO Outbound VL02N
Hi Fyi's,
I Have a Requirement i have to block putting manual entries in Outbound Delivery Document. It should allow PGI for line items with reference STO Order only.
Here in outbound delivery with reference to STO we are doing PGI, But in some cases endusers trying to add 1 or more line items directly in outbound delivery without document reference. for this system should not allow manual entries in outbound delivery.
Guys can you please give me step by step solution so that it would so helpfull to me.
Saravanan.S
Edited by: S.Saravanan on Nov 27, 2009 5:39 AMGo to 0VLK, select your delivery type and click on "details". you will find a field for "item requirement". for LF, the standard entry is 202... change this to 101. what this does is to prevent manual entries without reference to a sales order."
thanks
G. Lakshmipathi -
Adding field comments manually (in help)
We have many forms on which help is not associated with their comments in Oracle database (like some forms have when generated through wizzard).
How to retrieve those values after form is designed?
THX<br>Scott,
<br>I know this and how to implement help manually.
<br>But I'd like to know if there is some procedure to automatically add comments from database after form is created (to prevent manual editing!)
<br>THX!
<br>P.S.
<br>This procedue is used when forms are creating through Wizzard and then all fields has help! -
Content-Length header not changed after url-rewrite... yields cut page.
We use iPlanet6 ,service pack 4. The pages that return from the servlets are
changed by the Application Server. The Application Server adds
GXHC_GX_jst=901a10a6662d6164& to the all the URLs (which increase the
page's size). The problem is that Application Server does not change the
Content-Length header in the servlet response. This yields cut pages in the
browser (IExplorer5).
If we don't add the Content-Length header it works fine. (I.e., The pages
are not cut.) Our problem is that we work with mobile devices that must have
the Content-Length header to work properly.
Q: Do you know if there is a patch that fix the problem?
Q: Is it possible to configure the Application Server to prevent this
url-rewrite?
Regards,
AviramHi guys,
I would like to do url rewriting on our CF app but am worried I'll break something if I try and do it myself - is there anyone who would be interested in a bit of consultancy to help us achieve this?
I want to turn http://www.allchichesterjobs.com/search-results.cfm?sector=21&q=part-time-jobs
into http://www.allchichesterjobs.com/part-time-jobs
I've tried this using IIS and URL Rewrite, when I browsed to http://www.allchichesterjobs.com/search-results.cfm?sector=21&q=part-time-jobs
my browser was redirected to http://www.allchichesterjobs.com/part-time-jobs ok - but then I got a 404 error
I'm wondering if I can pay someone to remote view my screen while we talk on skype and tell me what to do?
Hope it's ok to post this sort of request on here
Thanks very much indeed.
Nick -
URL Rewriting Session ID Length in iPlanet Application Server
Hi there,
Does anyone know what the maximum length of the session ID value is when
using URL rewriting/encoding for session tracking (i.e.: ";jessionid=1234"
appended to the end of the URL) with iPlanet Application Server 6.0's
servlet container (or any previous versions)?
Does the length vary or is it fixed? And does WebSphere encode server or
failover information into the ID? WebLogic for instance, encodes the
primary and secondary failover servers into the ID when running in a
cluster)?
And finally, is there any way to restrict or specify the maximum length of
the session ID?
I ask this due to a limitation with some WAP clients & gateways which
prevents the URL from exceeding 128 characters.
Any info on this issue from iPlanet staff or anyone else is much
appreciated.
<background-info>
Please see the following links if you'd like some additional background:
http://e-docs.bea.com/wls/docs60/////wap/wapdev.html#1024984
under the heading "Session Tracking" at the bottom
http://groups.google.com/groups?hl=en&safe=off&th=eb7f38aa5086972e,13&seekm=
8gaki8%247d5%241%40newsgroups.bea.com#p
</background-info>
Regards,
Sasha HaghaniSasha Haghani wrote:
Hi there,
Does anyone know what the maximum length of the session ID value is when
using URL rewriting/encoding for session tracking (i.e.: ";jessionid=1234"
appended to the end of the URL) with iPlanet Application Server 6.0's
servlet container (or any previous versions)?
I'm fairly certain that it is fixed. 18 for the attibute, 16 for the value, plus
1 for the equals. (Plus 1 for the ? if it didn't already exist.)
So 35 or 36 depending on how you count it. Someone needs to verify this and
check my counting though.
>
Does the length vary or is it fixed? And does WebSphere encode server or
failover information into the ID? WebLogic for instance, encodes the
primary and secondary failover servers into the ID when running in a
cluster)?I don't know what WebSphere does. iAS does not encode failover information in
the ID. Because of the way session is propogated, no server information needs to
be embedded in the id.
>
And finally, is there any way to restrict or specify the maximum length of
the session ID?No.
Maybe you are looking for
-
Wifi on Surface Pro - installed with ndiswrapper but not working
Hi there guys. I have installed Arch on a Surface Pro and most things work well. The biggest problem so far is wifi - it comes with a 88w8797 Marvell Avastar chipset. I managed to find the drivers and used ndiswrapper to install them. $ ndiswrapper -
-
Vendor Stock On A Particular Date
Hi, How can we see the Vendor Stock on a Particular Date. For example, today is 04.08.2007, and actually we want to see the Stock of a Vendor as on 31.03.2007. Regards.
-
Weather not shown in Notification center in iOS 7
I recently upgrade to iOS 7 on my iPhone 5 and noticed upon restoring the OS and setting up as a new iPhone there is text weather and tomorrow summary in the notification center. But as soon as I restored the phone backup there's no text weather betw
-
Well, I have an iPod Nano and it's not turning on. When I try to connect it, since I have to charge it. It won't work. It always turns off and on.
-
Need help with export PDF options
I want to go into edit job options and set everything for the highest possible quality exported PDF. Can someone please tell me how to set these options for the highest quality? Many thanks.