I'm looking to find how a website written in JSF does a POST request, because in the future I'm looking to do those requests programatically.
I'm trying to find a way - I kind of did, I get a 200 OK (no error) but the data is not saved in the server. (I don't know why)
Here's how the form on the page looks:
https://pastebin.com/rXnQyu4W - sorry, my post was too big
and here's how I do the POST request via postman. Headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: ro-RO,ro;q=0.8,en-US;q=0.6,en-GB;q=0.4,en;q=0.2
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Faces-Request: partial/ajax
X-Requested-With: XMLHttpRequest
Content-Length: 363
Origin: https://website
DNT: 1
Connection: keep-alive
Referer: https://website/frontOffice/faces/pages/index.xhtml
Cookie: JSESSIONID=deleted_for_security_reasons
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
and the raw text body set to postman as a body:
javax.faces.partial.ajax=true&javax.faces.source=formCheltuialaBuget%3AbugetButConfirma&javax.faces.partial.execute=formCheltuialaBuget&javax.faces.partial.render=bugetFormTree+formCheltuialaBuget%3AmsgBugetCreate+messages+bugetFormTreeComptProiect&formCheltuialaBuget%3AbugetButConfirma=formCheltuialaBuget%3AbugetButConfirma&formCheltuialaBuget=formCheltuialaBuget&formCheltuialaBuget%3Adenumire=test&formCheltuialaBuget%3Acat=21&formCheltuialaBuget%3Asubcat=70&formCheltuialaBuget%3Atip=1&formCheltuialaBuget%3Aachizitie=--Selecta%C8%9Bi--&formCheltuialaBuget%3Aum=buc&formCheltuialaBuget%3Acantitate=1&formCheltuialaBuget%3ApretUnitar_input=500.00&formCheltuialaBuget%3ApretUnitar_hinput=500&formCheltuialaBuget%3Aj_idt1168_input=19.00&formCheltuialaBuget%3Aj_idt1168_hinput=19&formCheltuialaBuget%3Aj_idt1184_input=500.00&formCheltuialaBuget%3Aj_idt1184_hinput=500&formCheltuialaBuget%3AradioTVA=false&formCheltuialaBuget%3Aj_idt1203=ppp&formCheltuialaBuget%3Aj_idt1219_input=10.00&formCheltuialaBuget%3Aj_idt1219_hinput=10&formCheltuialaBuget%3Aj_idt1242=false&javax.faces.ViewState=deleted_for_security_reasons
I have no idea how JSF works so I don't really know why would data not be saved. I have a few ideas though:
1) there is some CSRF token added to the request that doesn't appear in my network tab, when doing a
request, on Firefox (the headers that I'm using are from a POST request that did what I wanted, the
body too)
2) somehow, the final POST request can be influenced by other POSTs. I saw that when completing a
form, three more posts reqs are fired. One when I open up the form, and two when two specific fields
are updated and validation occurs behind the scenes.
If I remove the render part from the body, here's how I get as a response in Postman:
<?xml version='1.0' encoding='UTF-8'?>
<partial-response id="j_id1">
<changes>
<eval>
<![CDATA[PrimeFaces.ajax.Utils.loadStylesheets(['/frontOffice/faces/javax.faces.resource/animate.min.css?ln=css','/frontOffice/faces/javax.faces.resource/clock/clock.css?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/components.css?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/css/bsf.css?ln=bsf','/frontOffice/faces/javax.faces.resource/css/core.css?ln=bsf','/frontOffice/faces/javax.faces.resource/css/navbar.css?ln=bsf','/frontOffice/faces/javax.faces.resource/css/wells.css?ln=bsf','/frontOffice/faces/javax.faces.resource/fileupload/fileupload.css?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/font-awesome-animation.min.css?ln=css','/frontOffice/faces/javax.faces.resource/font-awesome/4.3.0/css/font-awesome-jsf.css?ln=webjars','/frontOffice/faces/javax.faces.resource/inputnumber/inputnumber.css?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/jsfcrud.css?ln=css','/frontOffice/faces/javax.faces.resource/mfe-adon.min.css?ln=css','/frontOffice/faces/javax.faces.resource/mfe.min.css?ln=css','/frontOffice/faces/javax.faces.resource/tooltip/tooltip.css?ln=primefaces-extensions&v=6.0.0','/frontOffice/faces/javax.faces.resource/watermark/watermark.css?ln=primefaces&v=6.0']);PrimeFaces.ajax.Utils.loadScripts(['/frontOffice/faces/javax.faces.resource/jquery/jquery.js?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/jquery/jquery-plugins.js?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/core.js?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/components.js?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/clock/clock.js?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/idlemonitor/idlemonitor.js?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/watermark/watermark.js?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/primefaces-extensions.js?ln=primefaces-extensions&v=6.0.0','/frontOffice/faces/javax.faces.resource/tooltip/tooltip.js?ln=primefaces-extensions&v=6.0.0','/frontOffice/faces/javax.faces.resource/inputnumber/inputnumber.js?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/fileupload/fileupload.js?ln=primefaces&v=6.0','/frontOffice/faces/javax.faces.resource/js/tooltip.js?ln=bsf']);]]>
</eval>
<update id="j_id1:javax.faces.ViewState:0">
<![CDATA[deleted_for_security_reasons-here was a code, which was the ViewState of the request I think]]>
</update>
</changes>
</partial-response>
Unfortunately, you can't test it yourself because the website is private, so you can't do an account yourself to test.
I don't know how this website is written, because it has many POSTs (weird, to me) and they all point to the same link (the one from the action attribute).
What can be missing from my request that would not save the data into the server?
