I have a simple webapplication in which user can create other users with roles, what i want for security purposes is that after user(Admin Role) created another user it goes to welcome page and when user presses back button in a web browser, User can see all the values inside input text box i want to reset input text box's values when user press back OR the previous page expires when user presses back button
Thanks.
You need to turn browser's autocomplete off. That's done using autocomplete attribute in your form inputs:
<h:form>
<h:inputText value="#{auth.username}" required="true" autocomplete="off" />
<h:inputSecret value="#{auth.password}" required="true" autocomplete="off" />
<h:commandButton value="Login" action="#{auth.login}" />
<h:messages />
</h:form>
Have a look at this.
First of all you should use filters for security. In your filters, you can set headers of your response. this will be handle your security issues. a simple implementation will be like that :
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebFilter(urlPatterns = {"yourUrlThatWillbeProtected"})
//you should also put dispatcherTypes in webFilter
public class PageFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
//do some filtering , take user, check user, etc.
HttpServletResponse res = (HttpServletResponse) response;
// security of closed pages
res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
res.setHeader("Pragma", "no-cache"); // HTTP 1.0.
res.setDateHeader("Expires", 0); // Proxies.
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}
