How to navigate in JSF? How to make URL reflect current page (and not previous one)

Indeed, JSF as being a form based application targeted MVC framework submits the POST form to the very same URL as where the page with the <h:form> is been requested form. You can confirm it by looking at the <form action> URL of the generated HTML output. This is in web development terms characterized as postback. A navigation on a postback does by default not cause a new request to the new URL, but instead loads the target page as content of the response. This is indeed confusing when you merely want page-to-page navigation.

Generally, the right approach as to navigation/redirection depends on the business requirements and the idempotence (read: “bookmarkability”) of the request (note: for concrete code examples, see the “See also” links below).

  • If the request is idempotent, just use a GET form/link instead of POST form (i.e. use <a>, <form>, <h:link> or <h:button> instead of <h:form> and <h:commandXxx>).
    For example, page-to-page navigation, Google-like search form, etc.

  • If the request is non-idempotent, just show results conditionally in the same view (i.e. return null or void from action method and make use of e.g. <h:message(s)> and/or rendered).
    For example, in-page data entry/edit, multi-step wizard, modal dialog, confirmation form, etc.

  • If the request is non-idempotent, but the target page is idempotent, just send a redirect after POST (i.e. return outcome with ?faces-redirect=true from action method, or manually invoke ExternalContext#redirect(), or put <redirect/> in legacy XML navigation case).
    For example, showing list of all data after successful editing, redirect after login, etc.

Note that pure page-to-page navigation is usually idempotent and this is where many JSF starters fail by abusing command links/buttons for that and then complain afterwards that URLs don’t change. Also note that navigation cases are very rarely used in real world applications which are developed with respect to SEO/UX and this is where many JSF tutorials fail by letting the readers believe otherwise.

Also note that using POST is absolutely not “more secure” than GET because the request parameters aren’t immediately visible in URL. They are still visible in HTTP request body and still manipulatable. So there’s absolutely no reason to prefer POST for idempotent requests for the sake of “security”. The real security is in using HTTPS instead of HTTP and checking in business service methods if currently logged-in user is allowed to query entity X, or to manipulate entity X, etc. A decent security framework offers annotations for this.

See also:

  • What is the difference between redirect and navigation/forward and when to use what?
  • JSF implicit vs. explicit navigation
  • What URL to use to link / navigate to other JSF pages
  • Bookmarkability via View Parameters feature
  • What can <f:metadata>, <f:viewParam> and <f:viewAction> be used for?
  • When should I use h:outputLink instead of h:commandLink?
  • Creating master-detail pages for entities, how to link them and which bean scope to choose
  • Retaining GET request query string parameters on JSF form submit
  • Pass an object between @ViewScoped beans without using GET params

Leave a Comment