Removing parameters from request when redirecting in commerce is an interesting problem and this is not something that needs to be implemented in regular flows.
In the scenario when you have logonId and logonPassword passed into form post, removing logonId/logonPassword from request properties in perform execute or creating a new request property and setting in command context does not fix the issue.
responseProp.put(ECConstants.EC_VIEWTASKNAME,ECConstants.EC_GENERIC_REDIRECTVIEW);
responseProp.put(ECConstants.EC_REDIRECTURL,"RedirectViewSample");
setResponseProperties(responseProp);
Solution: OverRide setViewInputProperties and remove the properties from request to the redirect view.
public void setViewInputProperties(TypedProperty reqProperties){
reqProperties.remove("logonId");
reqProperties.remove("logonPassword");
this.viewReqProperties = reqProperties;
}
You can also place extra parameters that will clear out parameters on a redirect. Example:
ReplyDelete/Logon?logonId=foo&logonPassword=bar&logonId*=&logonPassword*=
This will erase logonId & password from the redirect response. This can also be accomplished with:
/Logon?logonId=foo&logonPassword=bar&logon*=
Also, if you are going to alter the ViewInputProperties it should be done inside of the getViewInputProperties() method as this is called during the merging of the request properties prior to the redirect. Therefore if the command has altered the input properties (although unlikely) it will fix the results.
Reference:
http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.commerce.developer.doc/concepts/csdprogrammingguide06.htm