JSF 2.0 Sending hidden parameters programatically - ExternalContext -

i have following code on submit of command button on jsp page

externalcontext externalcontext = facescontext.getcurrentinstance().getexternalcontext();     try {         externalcontext.redirect("http://reportsserver.com/reports/rwservlet?server=server001&oracle_shutdown=yes&paramform=no&report=testrepr.rdf&desformat=pdf&desname=testrep.rdf.pdf&destype=cache&userid=scott/tiger@test&param1=7002&faces-redirect=true");     } catch (ioexception e) {         // todo auto-generated catch block         e.printstacktrace();     } 

the xhtml code is

<h:commandbutton value="submit" action="#{helloworldbean.submitaction}"></h:commandbutton> 

i need send parameters after rwservlet? hidden parameters. these values not come form field on page. part of properties file on disk. not them displayed user when loading next webpage or on next web page.

please let me know if there way mark specific parameters in externalcontext.redirect() hidden programatically

that's not possible.

it seems fail understand how http in general works (get, post, redirect, etc). redirect instructs client fire request on given url. however, in order "hide" parameters request url, need send them in request body post request does. it's not possible redirect post request without enduser intervention.

you could send 307 redirect (the externalcontext#redirect() performs default 302), re-send submitted post request parameters while seem want add new request parameters. not going work. if managed desired parameters in original post request e.g. js/ajax, enduser still browser-builtin security dialogue asking confirmation re-send submitted data different domain. may confusing enduser (if enduser never saw such warning before, choose abort).

you could act proxy , programmatically handle http requests using e.g. urlconnection or apache httpcomponents client, url in browser's address bar remains unchanged on domain. may confusing enduser (if concerns e.g. online payment, suspiciously phishing attempt; antivirus programs may fall on it).

see also:

• change request url point different web server in servlet filter

please note sending parameters in post request body doesn't hide them enduser, s/he can still see in browser's http traffic monitor; not visible anymore in browser's address bar url.