https://stackoverflow.com/questions/13606741
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou have several alternatives:
- Verify access to the secured resource in your SQL statements
- The indirect object hash map is a terrifically simple construct that is literally 10 lines of code. Just re-implement, and be careful of your source of randomness
- Change your taglibraries to do what ASP.net does, which is to validate checkboxes, radio groups, selects etc that have constrained input, have the same value as one of the potential inputs that was sent out (i.e. if you have "1", "2", and "3", that the parameter is one of those three values. JSF 2 and Rich Faces still don't bring you up to ASP.NET 2.0 levels of basic software engineering.
- Using s:validateForm from Faces integration to perform programmatic inspection.
Honestly, I think (2) is the best alternative as I know bringing in ESAPI for J2EE requires stubbing out quiet a bit for a few lines of code. Why it needs a custom filebaseauthenticator to do DOR mapping is beyond me. I aimed for looser coupling in ESAPI for PHP, but it's been a while for me hacking on ESAPI for J2EE.
