webtier@glassfish.java.net

Re: [webtier] [JSF] intializing inputSecret field with a bean value

From: <lincolnbaxter_at_gmail.com>
Date: Wed, 14 Oct 2009 13:18:03 +0000

Browser, sorry. And I would probably think hard about showing a users password in plain text. Big security risk.
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Pascal Maugeri <pascal.maugeri_at_gmail.com>
Date: Wed, 14 Oct 2009 15:03:29
To: <webtier_at_glassfish.dev.java.net>
Subject: Re: [webtier] [JSF] intializing inputSecret field with a bean value
Thanks for your answer. So I will make use of a "clear text" input field for
the password when one edits a user profile.

Thanks for your answer.
Pascal

PS: what is a "belware issue" ? I've never heard this before

On Wed, Oct 14, 2009 at 2:53 PM, <lincolnbaxter_at_gmail.com> wrote:

> This is a belware issue. Browsers do not allow re-populating the password
> input type. Same with file upload boxes.
>
> Otherwise you could easily hack peoples computers.
>
> -Lincoln
> http://ocpsoft.com
>
> Sent from my Verizon Wireless BlackBerry
> ------------------------------
> *From: * Pascal Maugeri <pascal.maugeri_at_gmail.com>
> *Date: *Wed, 14 Oct 2009 13:09:00 +0200
> *To: *<webtier_at_glassfish.dev.java.net>
> *Subject: *[webtier] [JSF] intializing inputSecret field with a bean value
>
> Hi
>
> (Let me know if the following is not appropriate to this mailing-list).
>
> I don't manage to have an inputSecret field initialized with a bean value.
>
> For instance the following does work (the field shows the existing
> password):
>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>
> [...]
>
> <h:inputText value="#{userBean.password}" required="true" >
> <f:validator validatorId="UserPasswordValidator"/>
> </h:inputText>
>
> but replacing inputText with inputSecret, the field is not initialized with
> the bean attribute value:
>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>
> [...]
>
> <h:inputSecret value="#{userBean.password}" required="true"
> >
> <f:validator validatorId="UserPasswordValidator"/>
> </h:inputSecret>
>
> Is there any limitation with inputSecret field that prevents an
> initialization ?
>
> Regards,
> Pascal
>

© Oracle | By contributing to this project, you are agreeing to the terms of use described here.