Back Button Protection by Prevention instead of an Error

ADF web applications that do data inserts/updates/deletes are vulnerable to browser Back and Refresh functions. The risk is that you are seeing data on the page that is not consistent with the state of the application server that handles the transaction. The user might think he is performing one type of transaction, while the middle tier actually performs another one.

That's why ADF has a feature called row currency validation for data bound input forms. If the iterator's current row no longer matches what the user has edited, a validation error will appear at the top of the web page. The validation error provides feedback to the user that the page is no longer valid for editing, and prevents the user from unintentionally modifying the wrong object.

JHeadstart 10.1.2 has a different type of back/refresh protection, involving a hidden page timestamp on every page. When the page is submitted, JHeadstart checks if the timestamp is the same as the last one issued, otherwise an error is shown.

In our project we noticed that end users ran into this back/refresh error a lot, without them realizing why. So we figured that it would be better to prevent them from (accidentally) invoking the browser back/refresh function, by disabling certain browser functionality. We did this in two ways:

  1. Open the application in a popup window that does not have the browser toolbars (so the users cannot click the back or refresh button)
  2. Use Javascript to trap function keys that invoke the browser back and refresh functions
Here is how to disable the browser back and refresh button (tested with Internet Explorer 6) in a JHeadstart 10.1.3 application.
  • Download the zip file with sources for disabling browser back/refresh.
  • Extract the javascript library disable_back_button.js into your
    ViewController project's public_html/common subfolder.
  • Make sure this javascript library is loaded on every page by extracting pageConfig.jspx from the zip and letting
    it overwrite the existing public_html/common/regions/pageConfig.jspx.
    Note 1: if you did not put disable_back_button.js into the "common" subfolder, you need to edit the contents of pageConfig.jspx.
    Note 2: to prevent future upgrades of JHeadstart from overwriting this
    file, you should actually copy/rename it and use the Generator Templates to
    ensure that your customized region is used.
  • Extract the index.html into your ViewController project's web root (public_html).
  • Edit index.html so that it shows your application name in the title and visible body text, and change "faces/pages/EmployeesTable.jspx" to the first page of your own application.
  • Use index.html to start up the application (is used by default if you don't specify anything after the application's context root in the url, for example: http://host:port/myapplication).
When running index.html, you will see a page telling you that the application is started in another window. If you allow popups for the appserver site, the application itself will open in a new browser window without toolbars. If you press F5 (refresh) or Backspace (back), there is no effect.

If you want to build this functionality into a JHeadstart 10.1.2 UIX application, the steps are similar except for the pageConfig part. Instead, put the following line into your standardPageLayout.uit file, just above or below other <script> entries:
<script source="${requestContextPath}/common/disable_back_button.js"/>

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Java EE Consultants - JHeadstart, ADF, JSF

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today