How to get form data via "POST"?

14

Is there any way I can receive data coming from an external form using method="post" on my jsf page?

I can already do this when data travels via GET .

<f:metadata>
    <f:viewParam name="dados" value="#{testeMB.dadoExterno}"/>
</f:metadata>

I tried to redirect via jQuery adding the variables to the HEADER so (according to the @uaiHebert tip):

$.ajax({
type: 'POST',
url: "http://www.dominio.com.br:8888/sistema/home.jsf",
headers: {
    "login": "user",
    "senha": "1234",
}

But the error occurs:

  

XMLHttpRequest can not load link .

     

The request was redirected to ' link ', which is disallowed for cross-origin requests that require preflight.

    
asked by anonymous 08.01.2014 / 13:56

2 answers

3

About accessing data received via POST, you can use the @ManagedProperty :

public class ManagedBean {
    @ManagedProperty("#{param.usuario}")
    private String usuario;

    @ManagedProperty("#{param.senha}")
    private String senha;

    // getters & setters aqui
}

It should work for parameters either via POST or via GET.

On the issue of doing Ajax via jQuery, this will be a bit tricky in your case because POST requests to JSF (JSF postbacks) pages use very singular ways of assembling requests, due to the control of viewstate . In general, it is easier to use the JSF's own AJAX engine, either using f: ajax or other components, or using the #.

See also:

08.01.2014 / 21:25
2

TL; DR

This is not a JSF or Java bug, but an internet security issue when attempting to make Ajax to another domain.

Solutions include changing the destination server to allow Ajax, using your server as a kind of intermediary to authenticate to the destination server, or dynamically creating an HTML form on your page and making a submit to it.

The reason for the error

The error in the question says that the request ( request ) was not allowed because it was for a different domain ( cross-origin in>). When you attempt to do an Ajax to another domain, the browser will by default deny this call for security reasons.

On the other hand, there is an exception to this rule, in case the other server returns specific headers such as Access-Control-Allow-Origin and Access-Control-Allow-Credentials , which can authorize certain actions. Basically, before running Ajax, the browser pre-browses for those headers. See the operation in the following diagram:

This article explains the issue very well.

Solution # 1 - Allow requests from another domain

The first solution is to change the destination server to allow the necessary actions. This is explained in the article mentioned in the previous topic.

However, in your case it seems to be neither feasible nor possible, as this would have to be done on "any site" (see comment).

Solution # 2 - Create an intermediate service

It could be an Ajax request to its own server, which would be fully allowed by security rules, and then your server would make a request to the other site to authenticate and return the results to your page.

Think of a Servlet that functions as a proxy or intermediary:

  • It receives the Ajax POST request
  • Make a POST connection with the same data on the target site
  • Get the site response
  • Returns the same response for Ajax
  • Solution # 3 - Use a hidden form

    One last alternative would be to dynamically create a hidden form where:

    • The action is the page of the other site that checks the login
    • The login values go in hidden
    • The target is a iframe also hidden, so as not to interfere with the local page

    This answer in StackOverflow slightly develops this technique. It will only take a little more work to capture the submit return from within the form.

        
    09.01.2014 / 13:11