validation - Force JSF to process, validate and update readonly/disabled input components anyway

Question

I am creating a calculator where a user can do the various operations by clicking on virtual numpad. Now I want to restrict the user to only select the various characters by clicking on the buttons and s/he should not be able to enter the values using keyboard. I tried using readonly="true" but it is neither validating the input nor setting the values in the bean when we click on any button.

Do we have any such restrictions available in jsf?

Answer 1

That's the effect of JSF's safeguard against tampered/attacked requests wherein the hacker attempts to circumvent the readonly (and disabled) attribute by manipulating the HTML DOM and/or the HTTP request.

Instead of

<x:inputXxx ... readonly="true">

use

<x:inputXxx ... readonly="#{facesContext.currentPhaseId.ordinal eq 6}">

or

<x:inputXxx ... readonly="#{not facesContext.postback or facesContext.renderResponse}">

This makes sure that readonly is only effective during render response phase and not during all other JSF phases. So, when JSF is about to decode the input component during the apply request values phase, it will consider readonly="false" this way.

See also:

• other uses of #{facesContext.currentPhaseId.ordinal}