Seam SVN: r10281 - in trunk: ui/src/main/java/org/jboss/seam/ui/component and 1 other directories.
by seam-commits@lists.jboss.org
Author: dan.j.allen
Date: 2009-04-03 00:18:49 -0400 (Fri, 03 Apr 2009)
New Revision: 10281
Modified:
trunk/doc/Seam_Reference_Guide/en-US/Controls.xml
trunk/ui/src/main/java/org/jboss/seam/ui/component/UIToken.java
trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java
Log:
add allowMultiplePosts attribute
Modified: trunk/doc/Seam_Reference_Guide/en-US/Controls.xml
===================================================================
--- trunk/doc/Seam_Reference_Guide/en-US/Controls.xml 2009-04-03 03:22:11 UTC (rev 10280)
+++ trunk/doc/Seam_Reference_Guide/en-US/Controls.xml 2009-04-03 04:18:49 UTC (rev 10281)
@@ -881,7 +881,19 @@
that a JavaScript check should be inserted into the page
to verify that cookies are enabled in the browser. If
cookies are not enabled, present a notice to the user that
- form posts will not work.
+ form posts will not work. (default: false)
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>allowMultiplePosts</literal> — indicates
+ whether to allow the same form to be submitted multiple
+ times with the same signature (as long as the view does
+ not change). This is a common need if the form is perform
+ Ajax calls but not rerendering itself or, at the very
+ least, the UIToken component. The preferred approach is to
+ have the UIToken component rerendered on any Ajax call
+ where the UIToken component would be processed.
(default: false)
</para>
</listitem>
Modified: trunk/ui/src/main/java/org/jboss/seam/ui/component/UIToken.java
===================================================================
--- trunk/ui/src/main/java/org/jboss/seam/ui/component/UIToken.java 2009-04-03 03:22:11 UTC (rev 10280)
+++ trunk/ui/src/main/java/org/jboss/seam/ui/component/UIToken.java 2009-04-03 04:18:49 UTC (rev 10281)
@@ -72,7 +72,7 @@
* Indicates whether the session id should be included in the form signature,
* hence binding the token to the session. This value can be set to false
* if the "build before restore" mode of Facelets is activated (the
- * default in JSF 2.0).
+ * default in JSF 2.0). The default value is false.
*/
public abstract boolean isRequireSession();
@@ -82,11 +82,24 @@
* Indicates whether a JavaScript check should be inserted into the page to
* verify that cookies are enabled in the browser. If cookies are not
* enabled, present a notice to the user that form posts will not work.
+ * The default value is false.
*/
public abstract boolean isEnableCookieNotice();
public abstract void setEnableCookieNotice(boolean state);
+
+ /**
+ * Indicates whether to allow the same form to be submitted multiple times
+ * with the same signature (as long as the view does not change). This is a
+ * common need if the form is perform Ajax calls but not rerendering itself
+ * or, at the very least, the UIToken component. The preferred approach is to
+ * have the UIToken component rerendered on any Ajax call where the UIToken
+ * component would be processed. The default value is false.
+ */
+ public abstract boolean isAllowMultiplePosts();
+ public abstract void setAllowMultiplePosts(boolean allow);
+
/**
* Return the selector that controls the unique browser identifier cookie.
*/
Modified: trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java
===================================================================
--- trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java 2009-04-03 03:22:11 UTC (rev 10280)
+++ trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java 2009-04-03 04:18:49 UTC (rev 10281)
@@ -89,7 +89,7 @@
throw new UnauthorizedCommandException(viewId, "No form signature provided");
}
- if (!requestedViewSig.equals(generateViewSignature(context, form, token.isRequireSession(), clientToken)))
+ if (!requestedViewSig.equals(generateViewSignature(context, form, !token.isAllowMultiplePosts(), token.isRequireSession(), clientToken)))
{
throw new UnauthorizedCommandException(viewId, "Form signature invalid");
}
@@ -115,7 +115,7 @@
writer.startElement(HTML.INPUT_ELEM, component);
writer.writeAttribute(HTML.TYPE_ATTR, HTML.INPUT_TYPE_HIDDEN, HTML.TYPE_ATTR);
writer.writeAttribute(HTML.NAME_ATTR, FORM_SIGNATURE_PARAM, HTML.NAME_ATTR);
- writer.writeAttribute(HTML.VALUE_ATTR, generateViewSignature(context, form, token.isRequireSession(), token.getClientUidSelector().getClientUid()), HTML.VALUE_ATTR);
+ writer.writeAttribute(HTML.VALUE_ATTR, generateViewSignature(context, form, !token.isAllowMultiplePosts(), token.isRequireSession(), token.getClientUidSelector().getClientUid()), HTML.VALUE_ATTR);
writer.endElement(HTML.INPUT_ELEM);
}
@@ -136,9 +136,13 @@
}
}
- private String generateViewSignature(FacesContext context, UIForm form, boolean useSessionId, String saltPhrase)
+ private String generateViewSignature(FacesContext context, UIForm form, boolean useRenderStamp, boolean useSessionId, String saltPhrase)
{
- String rawViewSignature = context.getExternalContext().getRequestContextPath() + "," + context.getViewRoot().getViewId() + "," + form.getClientId(context) + "," + form.getAttributes().get(RENDER_STAMP_ATTR);
+ String rawViewSignature = context.getExternalContext().getRequestContextPath() + "," + context.getViewRoot().getViewId() + "," + form.getClientId(context);
+ if (useRenderStamp)
+ {
+ rawViewSignature += "," + form.getAttributes().get(RENDER_STAMP_ATTR);
+ }
if (useSessionId)
{
rawViewSignature += "," + ((HttpSession) context.getExternalContext().getSession(true)).getId();
15 years, 10 months
Seam SVN: r10280 - trunk/ui/src/main/java/org/jboss/seam/ui/renderkit.
by seam-commits@lists.jboss.org
Author: dan.j.allen
Date: 2009-04-02 23:22:11 -0400 (Thu, 02 Apr 2009)
New Revision: 10280
Modified:
trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java
Log:
cleanup imports
Modified: trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java
===================================================================
--- trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java 2009-04-02 22:52:19 UTC (rev 10279)
+++ trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java 2009-04-03 03:22:11 UTC (rev 10280)
@@ -10,7 +10,6 @@
import javax.faces.context.ResponseWriter;
import javax.servlet.http.HttpSession;
-import org.jboss.seam.ui.ClientUidSelector;
import org.jboss.seam.ui.UnauthorizedCommandException;
import org.jboss.seam.ui.component.UIToken;
import org.jboss.seam.ui.util.HTML;
15 years, 10 months
Seam SVN: r10279 - in trunk: ui/src/main/java/org/jboss/seam/ui and 2 other directories.
by seam-commits@lists.jboss.org
Author: dan.j.allen
Date: 2009-04-02 18:52:19 -0400 (Thu, 02 Apr 2009)
New Revision: 10279
Added:
trunk/ui/src/main/java/org/jboss/seam/ui/ClientUidSelector.java
trunk/ui/src/main/java/org/jboss/seam/ui/UnauthorizedCommandException.java
trunk/ui/src/main/java/org/jboss/seam/ui/component/UIToken.java
trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java
Modified:
trunk/doc/Seam_Reference_Guide/en-US/Controls.xml
Log:
JBSEAM-4007
Modified: trunk/doc/Seam_Reference_Guide/en-US/Controls.xml
===================================================================
--- trunk/doc/Seam_Reference_Guide/en-US/Controls.xml 2009-04-02 21:22:40 UTC (rev 10278)
+++ trunk/doc/Seam_Reference_Guide/en-US/Controls.xml 2009-04-02 22:52:19 UTC (rev 10279)
@@ -850,7 +850,48 @@
</section>
<section>
- <title>Dropdowns</title>
+ <title>Form support</title>
+
+ <section>
+ <title><literal><s:token></literal></title>
+
+ <para><emphasis>Description</emphasis></para>
+ <para>
+ Produces a random token that is inserted into a hidden form field
+ to help to secure JSF form posts against cross-site request
+ forgery (XSRF) attacks. Note that the browser must have cookies
+ enabled to submit forms that include this component.
+ </para>
+
+ <para><emphasis>Attributes</emphasis></para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <literal>requireSession</literal> — indicates
+ whether the session id should be included in the form
+ signature, hence binding the token to the session. This
+ value can be set to false if the "build before restore"
+ mode of Facelets is activated (the default in JSF 2.0).
+ (default: false)
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>enableCookieNotice</literal> — indicates
+ that a JavaScript check should be inserted into the page
+ to verify that cookies are enabled in the browser. If
+ cookies are not enabled, present a notice to the user that
+ form posts will not work.
+ (default: false)
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para><emphasis>Usage</emphasis></para>
+ <programlisting role="XHTML"><![CDATA[<h:form>
+ <s:token enableCookieNotice="true" requireSession="false"/>
+ ...
+</h:form>]]></programlisting>
+ </section>
<section>
<title><literal><s:enumItem></literal></title>
@@ -958,65 +999,6 @@
<s:selectItems value="#{ages}" var="age" label="#{age}" />
</h:selectOneMenu>]]></programlisting>
</section>
-
- </section>
-
- <section>
- <title>Other</title>
-
- <section>
- <title><literal><s:cache></literal></title>
-
- <para><emphasis>Description</emphasis></para>
- <para>
- Cache the rendered page fragment using JBoss Cache. Note that
- <literal><s:cache></literal> actually uses the instance
- of JBoss Cache managed by the built-in
- <literal>pojoCache</literal> component.
- </para>
- <para><emphasis>Attributes</emphasis></para>
- <itemizedlist>
- <listitem>
- <para>
- <literal>key</literal> — the key to cache rendered
- content, often a value expression. For example, if we were
- caching a page fragment that displays a document, we might
- use <literal>key="Document-#{document.id}"</literal>.
- </para>
- </listitem>
- <listitem>
- <para>
- <literal>enabled</literal> — a value expression that
- determines if the cache should be used.
- </para>
- </listitem>
- <listitem>
- <para>
- <literal>region</literal> — a JBoss Cache node to use
- (different nodes can have different expiry policies).
- </para>
- </listitem>
- </itemizedlist>
-
- <para><emphasis>Usage</emphasis></para>
- <programlisting role="XHTML"><![CDATA[<s:cache key="entry-#{blogEntry.id}" region="pageFragments">
- <div class="blogEntry">
- <h3>#{blogEntry.title}</h3>
- <div>
- <s:formattedText value="#{blogEntry.body}"/>
- </div>
- <p>
- [Posted on 
- <h:outputText value="#{blogEntry.date}">
- <f:convertDateTime timezone="#{blog.timeZone}" locale="#{blog.locale}"
- type="both"/>
- </h:outputText>]
- </p>
- </div>
-</s:cache>]]></programlisting>
-
- </section>
-
<section>
<title><literal><s:fileUpload></literal></title>
@@ -1131,7 +1113,66 @@
contentType="#{register.pictureContentType}" />]]></programlisting>
</section>
+
+ </section>
+
+ <section>
+ <title>Other</title>
+
+ <section>
+ <title><literal><s:cache></literal></title>
+ <para><emphasis>Description</emphasis></para>
+ <para>
+ Cache the rendered page fragment using JBoss Cache. Note that
+ <literal><s:cache></literal> actually uses the instance
+ of JBoss Cache managed by the built-in
+ <literal>pojoCache</literal> component.
+ </para>
+ <para><emphasis>Attributes</emphasis></para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <literal>key</literal> — the key to cache rendered
+ content, often a value expression. For example, if we were
+ caching a page fragment that displays a document, we might
+ use <literal>key="Document-#{document.id}"</literal>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>enabled</literal> — a value expression that
+ determines if the cache should be used.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>region</literal> — a JBoss Cache node to use
+ (different nodes can have different expiry policies).
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <para><emphasis>Usage</emphasis></para>
+ <programlisting role="XHTML"><![CDATA[<s:cache key="entry-#{blogEntry.id}" region="pageFragments">
+ <div class="blogEntry">
+ <h3>#{blogEntry.title}</h3>
+ <div>
+ <s:formattedText value="#{blogEntry.body}"/>
+ </div>
+ <p>
+ [Posted on 
+ <h:outputText value="#{blogEntry.date}">
+ <f:convertDateTime timezone="#{blog.timeZone}" locale="#{blog.locale}"
+ type="both"/>
+ </h:outputText>]
+ </p>
+ </div>
+</s:cache>]]></programlisting>
+
+ </section>
+
+
<section>
<title><literal><s:resource></literal></title>
Added: trunk/ui/src/main/java/org/jboss/seam/ui/ClientUidSelector.java
===================================================================
--- trunk/ui/src/main/java/org/jboss/seam/ui/ClientUidSelector.java (rev 0)
+++ trunk/ui/src/main/java/org/jboss/seam/ui/ClientUidSelector.java 2009-04-02 22:52:19 UTC (rev 10279)
@@ -0,0 +1,58 @@
+package org.jboss.seam.ui;
+
+import javax.faces.context.FacesContext;
+
+import org.jboss.seam.annotations.Create;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.faces.Selector;
+import org.jboss.seam.util.RandomStringUtils;
+
+/**
+ * <p>A selector which manages the cookie that gives the browser a
+ * unique identifier. This value is shared only between the browser
+ * and the server, thus allowing the server to determine if two
+ * distinct requests were made by the same source.</p>
+ *
+ * <p>The identifier is stored in a cookie named <code>javax.faces.ClientToken</code>.</p>
+ *
+ * @author Dan Allen
+ */
+@Name("org.jboss.seam.ui.clientUidSelector")
+public class ClientUidSelector extends Selector
+{
+ private String clientUid;
+
+ @Create
+ public void onCreate()
+ {
+ setCookiePath(FacesContext.getCurrentInstance().getExternalContext().getRequestContextPath());
+ setCookieMaxAge(-1);
+ setCookieEnabled(true);
+ clientUid = getCookieValue();
+ }
+
+ public void seed()
+ {
+ if (!isSet()) {
+ clientUid = RandomStringUtils.randomAscii(50);
+ setCookieValueIfEnabled(clientUid);
+ }
+ }
+
+ public boolean isSet()
+ {
+ return clientUid != null;
+ }
+
+ public String getClientUid()
+ {
+ return clientUid;
+ }
+
+ @Override
+ protected String getCookieName()
+ {
+ return "javax.faces.ClientToken";
+ }
+
+}
Added: trunk/ui/src/main/java/org/jboss/seam/ui/UnauthorizedCommandException.java
===================================================================
--- trunk/ui/src/main/java/org/jboss/seam/ui/UnauthorizedCommandException.java (rev 0)
+++ trunk/ui/src/main/java/org/jboss/seam/ui/UnauthorizedCommandException.java 2009-04-02 22:52:19 UTC (rev 10279)
@@ -0,0 +1,50 @@
+package org.jboss.seam.ui;
+
+import javax.faces.FacesException;
+
+/**
+ * An exception is thrown when the authenticity of a JSF command (i.e., form post)
+ * that relies on a UIToken cannot be verified.
+ *
+ * @author Dan Allen
+ */
+public class UnauthorizedCommandException extends FacesException
+{
+ private String viewId;
+
+ /**
+ * <p>Construct a new exception with no detail message or root cause.</p>
+ */
+ public UnauthorizedCommandException() {
+ super();
+ }
+
+ /**
+ * <p>Construct a new exception with a detail message and the view ID</p>
+ */
+ public UnauthorizedCommandException(String viewId, String message) {
+ super(message);
+ this.viewId = viewId;
+ }
+
+ /**
+ * <p>Returns the view ID to which the authorized command was directed.</p>
+ */
+ public String getViewId()
+ {
+ return viewId;
+ }
+
+ /**
+ * <p>Returns the detail message explaining the reason for the denial.
+ * Includes the view ID if specified.</p>
+ */
+ @Override
+ public String getMessage()
+ {
+ if (viewId != null) {
+ return "viewId: " + viewId + " - " + super.getMessage();
+ }
+ return super.getMessage();
+ }
+}
Added: trunk/ui/src/main/java/org/jboss/seam/ui/component/UIToken.java
===================================================================
--- trunk/ui/src/main/java/org/jboss/seam/ui/component/UIToken.java (rev 0)
+++ trunk/ui/src/main/java/org/jboss/seam/ui/component/UIToken.java 2009-04-02 22:52:19 UTC (rev 10279)
@@ -0,0 +1,110 @@
+package org.jboss.seam.ui.component;
+
+import javax.faces.component.UIForm;
+import javax.faces.component.UIOutput;
+
+import org.jboss.seam.Component;
+import org.jboss.seam.ui.ClientUidSelector;
+import org.jboss.seam.ui.UnauthorizedCommandException;
+
+/**
+ * <p>
+ * <strong>UIToken</strong> is a UIComponent that produces a random token that
+ * is inserted into a hidden form field to help to secure JSF form posts against
+ * cross-site request forgery (XSRF) attacks. This is an adaptation of the
+ * recommendation called Keyed‐Hashing for Message Authentication that is
+ * referenced in the Cross Site Reference Forgery by Jesse Burns
+ * (http://www.isecpartners.com/files/XSRF_Paper_0.pdf)
+ * </p>
+ *
+ * <p>
+ * When placed inside a form, this component will first assign a unique
+ * identifier to the browser using a cookie that lives until the end of the
+ * browser session. This is roughly the browser's private key. Then a unique
+ * token is generated using various pieces of information that comprise the
+ * form's signature. The token may or may not be bound to the session id, as
+ * indicated by the value of the requireSession attribute. The token value is
+ * stored in the hidden form field named javax.faces.FormSignature.
+ * </p>
+ *
+ * <p>
+ * There is an assumption when using this component that the browser supports
+ * cookies. Cookies are the only universally available persistent mechanism that
+ * can give the browser an identifiable signature. It's important to know that
+ * the browser submitting the form is the same browser that is requesting the
+ * form.
+ * </p>
+ *
+ * <p>
+ * During the decode process, the token is generated using the same algorithm
+ * that was used during rendering and compared with the value of the request
+ * parameter javax.faces.FormSignature. If the same token value can be produced,
+ * then the form submission is permitted. Otherwise, an
+ * {@link UnauthorizedCommandException} is thrown indicating the reason for the
+ * failure.
+ * </p>
+ *
+ * <p>
+ * The UIToken can be combined with client-side state saving or the
+ * "build before restore" strategy to unbind a POST from the session that
+ * created the view without sacrificing security. However, it's still the most
+ * secure to require the view state to be present in the session (JSF 1.2
+ * server-side state saving).
+ * </p>
+ *
+ * <p>
+ * Please note that this solution isn't a complete panacea. If your site is
+ * vulnerable to XSS or the connection to wire-tapping, then the unique browser
+ * identifier can be revealed and a request forged.
+ * </p>
+ *
+ * @author Dan Allen
+ */
+public abstract class UIToken extends UIOutput
+{
+ @SuppressWarnings("unused")
+ private static final String COMPONENT_TYPE = "org.jboss.seam.ui.Token";
+
+ @SuppressWarnings("unused")
+ private static final String COMPONENT_FAMILY = "org.jboss.seam.ui.Token";
+
+ /**
+ * Indicates whether the session id should be included in the form signature,
+ * hence binding the token to the session. This value can be set to false
+ * if the "build before restore" mode of Facelets is activated (the
+ * default in JSF 2.0).
+ */
+ public abstract boolean isRequireSession();
+
+ public abstract void setRequireSession(boolean required);
+
+ /**
+ * Indicates whether a JavaScript check should be inserted into the page to
+ * verify that cookies are enabled in the browser. If cookies are not
+ * enabled, present a notice to the user that form posts will not work.
+ */
+ public abstract boolean isEnableCookieNotice();
+
+ public abstract void setEnableCookieNotice(boolean state);
+
+ /**
+ * Return the selector that controls the unique browser identifier cookie.
+ */
+ public ClientUidSelector getClientUidSelector() {
+ return (ClientUidSelector) Component.getInstance(ClientUidSelector.class);
+ }
+
+ public String getClientUid() {
+ return getClientUidSelector().getClientUid();
+ }
+
+ public UIForm getParentForm() {
+ while (getParent() != null) {
+ if (getParent() instanceof UIForm) {
+ return (UIForm) getParent();
+ }
+ }
+
+ return null;
+ }
+}
Added: trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java
===================================================================
--- trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java (rev 0)
+++ trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java 2009-04-02 22:52:19 UTC (rev 10279)
@@ -0,0 +1,165 @@
+package org.jboss.seam.ui.renderkit;
+
+import java.io.IOException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import javax.faces.component.UIComponent;
+import javax.faces.component.UIForm;
+import javax.faces.context.FacesContext;
+import javax.faces.context.ResponseWriter;
+import javax.servlet.http.HttpSession;
+
+import org.jboss.seam.ui.ClientUidSelector;
+import org.jboss.seam.ui.UnauthorizedCommandException;
+import org.jboss.seam.ui.component.UIToken;
+import org.jboss.seam.ui.util.HTML;
+import org.jboss.seam.ui.util.cdk.RendererBase;
+import org.jboss.seam.util.Base64;
+import org.jboss.seam.util.RandomStringUtils;
+
+/**
+ * <p>
+ * The <strong>TokenRendererBase</strong> renders the form's signature as a
+ * hidden form field for the UIToken component.
+ * </p>
+ *
+ * <p>
+ * The form signature is calculated as follows:
+ * </p>
+ *
+ * <pre>
+ * sha1(signature = contextPath + viewId + "," + formClientId + random alphanum, salt = clientUid)
+ * </pre>
+ *
+ * <p>
+ * The developer can also choose to incorporate the session id into this hash to
+ * generate a more secure token (at the cost of binding it to the session) by
+ * setting the requireSession attribute to true. Then the calculation becomes:
+ * </p>
+ *
+ * <pre>
+ * sha1(signature = contextPath + viewId + "," + formClientId + "," + random alphanum + sessionId, salt = clientUid)
+ * </pre>
+ *
+ * <p>The decode method performs the following steps:</p>
+ * <ol>
+ * <li>check if this is a postback, otherwise skip the check</li>
+ * <li>check that this form was the one that was submitted, otherwise skip the check</li>
+ * <li>get the unique client identifier (from cookie), otherwise throw an exception that the browser must have unique identifier</li>
+ * <li>get the javax.faces.FormSignature request parameter, otherwise throw an exception that the form signature is missing</li>
+ * <li>generate the hash as before and verify that it equals the value of the javax.faces.FormSignature request parameter, otherwise throw an exception</li>
+ * </ol>
+ *
+ * <p>If all of that passes, we are okay to process the form (advance to validate phase as decode() is called in apply request values).</p>
+ *
+ * @author Dan Allen
+ * @see UnauthorizedCommandException
+ */
+public class TokenRendererBase extends RendererBase
+{
+ public static final String FORM_SIGNATURE_PARAM = "javax.faces.FormSignature";
+
+ public static final String RENDER_STAMP_ATTR = "javax.faces.RenderStamp";
+
+ private static final String COOKIE_CHECK_SCRIPT_KEY = "org.jboss.seam.ui.COOKIE_CHECK_SCRIPT";
+
+ @Override
+ protected Class getComponentClass()
+ {
+ return UIToken.class;
+ }
+
+ @Override
+ protected void doDecode(FacesContext context, UIComponent component)
+ {
+ UIToken token = (UIToken) component;
+ UIForm form = token.getParentForm();
+ if (context.getRenderKit().getResponseStateManager().isPostback(context) && form.isSubmitted())
+ {
+ String clientToken = token.getClientUid();
+ String viewId = context.getViewRoot().getViewId();
+ if (clientToken == null)
+ {
+ throw new UnauthorizedCommandException(viewId, "No client identifier provided");
+ }
+
+ String requestedViewSig = context.getExternalContext().getRequestParameterMap().get(FORM_SIGNATURE_PARAM);
+ if (requestedViewSig == null)
+ {
+ throw new UnauthorizedCommandException(viewId, "No form signature provided");
+ }
+
+ if (!requestedViewSig.equals(generateViewSignature(context, form, token.isRequireSession(), clientToken)))
+ {
+ throw new UnauthorizedCommandException(viewId, "Form signature invalid");
+ }
+
+ form.getAttributes().remove(RENDER_STAMP_ATTR);
+ }
+ }
+
+ @Override
+ protected void doEncodeBegin(ResponseWriter writer, FacesContext context, UIComponent component) throws IOException
+ {
+ UIToken token = (UIToken) component;
+ UIForm form = token.getParentForm();
+ if (form == null)
+ {
+ throw new IllegalStateException("UIToken must be inside a UIForm.");
+ }
+
+ writeCookieCheckScript(context, writer, token);
+
+ token.getClientUidSelector().seed();
+ form.getAttributes().put(RENDER_STAMP_ATTR, RandomStringUtils.randomAlphanumeric(50));
+ writer.startElement(HTML.INPUT_ELEM, component);
+ writer.writeAttribute(HTML.TYPE_ATTR, HTML.INPUT_TYPE_HIDDEN, HTML.TYPE_ATTR);
+ writer.writeAttribute(HTML.NAME_ATTR, FORM_SIGNATURE_PARAM, HTML.NAME_ATTR);
+ writer.writeAttribute(HTML.VALUE_ATTR, generateViewSignature(context, form, token.isRequireSession(), token.getClientUidSelector().getClientUid()), HTML.VALUE_ATTR);
+ writer.endElement(HTML.INPUT_ELEM);
+ }
+
+ /**
+ * If the client has not already delivered us a cookie and the cookie notice is enabled, write out JavaScript that will show the user
+ * an alert if cookies are not enabled.
+ */
+ private void writeCookieCheckScript(FacesContext context, ResponseWriter writer, UIToken token) throws IOException
+ {
+ if (!token.getClientUidSelector().isSet() && token.isEnableCookieNotice() && !context.getExternalContext().getRequestMap().containsKey(COOKIE_CHECK_SCRIPT_KEY)) {
+ writer.startElement(HTML.SCRIPT_ELEM, token);
+ writer.writeAttribute(HTML.TYPE_ATTR, "text/javascript", HTML.TYPE_ATTR);
+ writer.write("if (!document.cookie) {" +
+ " alert('This website uses a security measure that requires cookies to be enabled in your browser. Since you have cookies disabled, you will not be permitted to submit a form.');" +
+ " }");
+ writer.endElement(HTML.SCRIPT_ELEM);
+ context.getExternalContext().getRequestMap().put(COOKIE_CHECK_SCRIPT_KEY, true);
+ }
+ }
+
+ private String generateViewSignature(FacesContext context, UIForm form, boolean useSessionId, String saltPhrase)
+ {
+ String rawViewSignature = context.getExternalContext().getRequestContextPath() + "," + context.getViewRoot().getViewId() + "," + form.getClientId(context) + "," + form.getAttributes().get(RENDER_STAMP_ATTR);
+ if (useSessionId)
+ {
+ rawViewSignature += "," + ((HttpSession) context.getExternalContext().getSession(true)).getId();
+ }
+ try
+ {
+ MessageDigest digest = MessageDigest.getInstance("SHA-1");
+ digest.update(saltPhrase.getBytes());
+ byte[] salt = digest.digest();
+ digest.reset();
+ digest.update(rawViewSignature.getBytes());
+ digest.update(salt);
+ byte[] raw = digest.digest();
+ return Base64.encodeBytes(raw);
+ }
+ catch (NoSuchAlgorithmException ex)
+ {
+ ex.printStackTrace();
+ return null;
+ }
+ }
+
+}
15 years, 10 months
Seam SVN: r10278 - trunk/src/remoting/org/jboss/seam/remoting.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2009-04-02 17:22:40 -0400 (Thu, 02 Apr 2009)
New Revision: 10278
Modified:
trunk/src/remoting/org/jboss/seam/remoting/Remoting.java
Log:
JBSEAM-4075
Modified: trunk/src/remoting/org/jboss/seam/remoting/Remoting.java
===================================================================
--- trunk/src/remoting/org/jboss/seam/remoting/Remoting.java 2009-04-02 20:06:40 UTC (rev 10277)
+++ trunk/src/remoting/org/jboss/seam/remoting/Remoting.java 2009-04-02 21:22:40 UTC (rev 10278)
@@ -167,21 +167,29 @@
{
InputStream in = this.getClass().getClassLoader().getResourceAsStream(
"org/jboss/seam/remoting/" + resourceName);
-
- if (in != null)
+ try
{
- response.setContentType("text/javascript");
-
- byte[] buffer = new byte[1024];
- int read = in.read(buffer);
- while (read != -1)
+ if (in != null)
{
- response.getOutputStream().write(buffer, 0, read);
- read = in.read(buffer);
+ response.setContentType("text/javascript");
+
+ byte[] buffer = new byte[1024];
+ int read = in.read(buffer);
+ while (read != -1)
+ {
+ response.getOutputStream().write(buffer, 0, read);
+ read = in.read(buffer);
+ }
}
+ else
+ {
+ log.error(String.format("Resource [%s] not found.", resourceName));
+ }
}
- else
- log.error(String.format("Resource [%s] not found.", resourceName));
+ finally
+ {
+ if (in != null) in.close();
+ }
}
}
15 years, 10 months
Seam SVN: r10277 - in trunk/seam-gen: view and 1 other directory.
by seam-commits@lists.jboss.org
Author: dan.j.allen
Date: 2009-04-02 16:06:40 -0400 (Thu, 02 Apr 2009)
New Revision: 10277
Modified:
trunk/seam-gen/icefaces/view/edit.page.xml.ftl
trunk/seam-gen/view/edit.page.xml.ftl
Log:
explicitly check outcome value of CRUD operation before navigating
Modified: trunk/seam-gen/icefaces/view/edit.page.xml.ftl
===================================================================
--- trunk/seam-gen/icefaces/view/edit.page.xml.ftl 2009-04-02 18:01:34 UTC (rev 10276)
+++ trunk/seam-gen/icefaces/view/edit.page.xml.ftl 2009-04-02 20:06:40 UTC (rev 10277)
@@ -37,21 +37,21 @@
</#if>
<navigation from-action="${'#'}{${homeName}.persist}">
- <rule>
+ <rule if-outcome="persisted">
<end-conversation/>
<redirect view-id="/${pageName}.xhtml"/>
</rule>
</navigation>
<navigation from-action="${'#'}{${homeName}.update}">
- <rule>
+ <rule if-outcome="updated">
<end-conversation/>
<redirect view-id="/${pageName}.xhtml"/>
</rule>
</navigation>
<navigation from-action="${'#'}{${homeName}.remove}">
- <rule>
+ <rule if-outcome="removed">
<end-conversation/>
<redirect view-id="/${masterPageName}.xhtml"/>
</rule>
Modified: trunk/seam-gen/view/edit.page.xml.ftl
===================================================================
--- trunk/seam-gen/view/edit.page.xml.ftl 2009-04-02 18:01:34 UTC (rev 10276)
+++ trunk/seam-gen/view/edit.page.xml.ftl 2009-04-02 20:06:40 UTC (rev 10277)
@@ -30,21 +30,21 @@
</#if>
<navigation from-action="${'#'}{${homeName}.persist}">
- <rule>
+ <rule if-outcome="persisted">
<end-conversation/>
<redirect view-id="/${pageName}.xhtml"/>
</rule>
</navigation>
<navigation from-action="${'#'}{${homeName}.update}">
- <rule>
+ <rule if-outcome="updated">
<end-conversation/>
<redirect view-id="/${pageName}.xhtml"/>
</rule>
</navigation>
<navigation from-action="${'#'}{${homeName}.remove}">
- <rule>
+ <rule if-outcome="removed">
<end-conversation/>
<redirect view-id="/${masterPageName}.xhtml"/>
</rule>
15 years, 10 months
Seam SVN: r10276 - trunk/src/debug/com/sun/facelets.
by seam-commits@lists.jboss.org
Author: norman.richards(a)jboss.com
Date: 2009-04-02 14:01:34 -0400 (Thu, 02 Apr 2009)
New Revision: 10276
Modified:
trunk/src/debug/com/sun/facelets/StateWriterControl.java
Log:
JBSEAM-4070
Modified: trunk/src/debug/com/sun/facelets/StateWriterControl.java
===================================================================
--- trunk/src/debug/com/sun/facelets/StateWriterControl.java 2009-04-02 16:29:36 UTC (rev 10275)
+++ trunk/src/debug/com/sun/facelets/StateWriterControl.java 2009-04-02 18:01:34 UTC (rev 10276)
@@ -1,6 +1,7 @@
package com.sun.facelets;
import java.io.Writer;
+import java.lang.reflect.*;
import javax.faces.context.ResponseWriter;
@@ -11,26 +12,80 @@
* since we are not calling Facelets in the normal way (and hence it is not
* completely initialized).
*/
-public class StateWriterControl
-{
- public static void initialize(Writer writer)
- {
- new StateWriter(writer, 1024);
- }
-
- public static ResponseWriter createClone(ResponseWriter writer) {
- return writer.cloneWithWriter(StateWriter.getCurrentInstance());
- }
-
- public static boolean isStateWritten() {
- return StateWriter.getCurrentInstance().isStateWritten();
- }
-
- public static String getAndResetBuffer() {
- return StateWriter.getCurrentInstance().getAndResetBuffer();
- }
-
- public static void release() {
- StateWriter.getCurrentInstance().release();
- }
+public class StateWriterControl {
+ final static String STATEWRITER_CLASS_NAME = "com.sun.facelets.StateWriter";
+
+ static Class getStateWriter() {
+ try {
+ return Class.forName(STATEWRITER_CLASS_NAME);
+ } catch (Exception e) {
+ throw new RuntimeException("Could not load class com.sun.facelets.StateWriter using reflection", e);
+ }
+ }
+
+ public static void initialize(Writer writer) {
+ try {
+ Class sw = getStateWriter();
+ Constructor constructor = sw.getConstructor(Writer.class, int.class);
+ constructor.setAccessible(true);
+ constructor.newInstance(writer, 1024);
+ } catch (Exception e) {
+ throw new RuntimeException("Could not initilise com.sun.facelets.StateWriter using reflection", e);
+ }
+ }
+
+ public static ResponseWriter createClone(ResponseWriter writer) {
+ try {
+ Class sw = getStateWriter();
+ Method meth = sw.getMethod("getCurrentInstance");
+ meth.setAccessible(true);
+ Writer w = (Writer) meth.invoke(null);
+ return writer.cloneWithWriter(w);
+ } catch (Exception e) {
+ throw new RuntimeException("Could not create clone of com.sun.facelets.StateWriter using reflection", e);
+ }
+ }
+
+ public static boolean isStateWritten() {
+ try {
+ Class sw = getStateWriter();
+ Method meth = sw.getMethod("getCurrentInstance");
+ meth.setAccessible(true);
+ Object o = meth.invoke(null);
+ Method instMeth = sw.getMethod("isStateWritten");
+ instMeth.setAccessible(true);
+ return (Boolean) instMeth.invoke(o);
+ } catch (Exception e) {
+ throw new RuntimeException("Could not call isStateWritten on com.sun.facelets.StateWriter using reflection", e);
+ }
+ }
+
+ public static String getAndResetBuffer() {
+ try {
+ Class sw = getStateWriter();
+ Method meth = sw.getMethod("getCurrentInstance");
+ meth.setAccessible(true);
+ Object o = meth.invoke(null);
+ Method instMeth = sw.getMethod("getAndResetBuffer");
+ instMeth.setAccessible(true);
+ return (String) instMeth.invoke(o);
+ } catch (Exception e) {
+ throw new RuntimeException("Could not call getAndResetBuffer on com.sun.facelets.StateWriter using reflection", e);
+ }
+ }
+
+ public static void release() {
+ try {
+ Class sw = getStateWriter();
+ Method meth = sw.getMethod("getCurrentInstance");
+ meth.setAccessible(true);
+ Object o = meth.invoke(null);
+ Method instMeth = sw.getMethod("release");
+ instMeth.setAccessible(true);
+ instMeth.invoke(o);
+ } catch (Exception e) {
+ throw new RuntimeException("Could not call release on com.sun.facelets.StateWriter using reflection",e);
+ }
+ }
+
}
15 years, 10 months
Seam SVN: r10275 - trunk/src/main/org/jboss/seam/international.
by seam-commits@lists.jboss.org
Author: dan.j.allen
Date: 2009-04-02 12:29:36 -0400 (Thu, 02 Apr 2009)
New Revision: 10275
Modified:
trunk/src/main/org/jboss/seam/international/TimeZoneWrapper.java
trunk/src/main/org/jboss/seam/international/TimeZones.java
Log:
JBSEAM-3089 correct package name
Modified: trunk/src/main/org/jboss/seam/international/TimeZoneWrapper.java
===================================================================
--- trunk/src/main/org/jboss/seam/international/TimeZoneWrapper.java 2009-04-02 12:10:40 UTC (rev 10274)
+++ trunk/src/main/org/jboss/seam/international/TimeZoneWrapper.java 2009-04-02 16:29:36 UTC (rev 10275)
@@ -1,4 +1,4 @@
-package com.jboss.seam.international;
+package org.jboss.seam.international;
import java.util.Date;
import java.util.TimeZone;
Modified: trunk/src/main/org/jboss/seam/international/TimeZones.java
===================================================================
--- trunk/src/main/org/jboss/seam/international/TimeZones.java 2009-04-02 12:10:40 UTC (rev 10274)
+++ trunk/src/main/org/jboss/seam/international/TimeZones.java 2009-04-02 16:29:36 UTC (rev 10275)
@@ -1,4 +1,4 @@
-package com.jboss.seam.international;
+package org.jboss.seam.international;
import java.util.ArrayList;
import java.util.Collections;
15 years, 10 months
Seam SVN: r10274 - in trunk: examples and 11 other directories.
by seam-commits@lists.jboss.org
Author: manaRH
Date: 2009-04-02 08:10:40 -0400 (Thu, 02 Apr 2009)
New Revision: 10274
Modified:
trunk/build/root.pom.xml
trunk/examples/build.xml
trunk/examples/drools/resources/numberguess.drl
trunk/seam-gen/build-scripts/deployed-jars-ear.list
trunk/seam-gen/build-scripts/deployed-jars-war.list
trunk/seam-gen/icefaces/build-scripts/deployed-jars-ear.list
trunk/seam-gen/icefaces/build-scripts/deployed-jars-war.list
trunk/seam-gen/icefaces/ide-project-files/eclipse/.classpath
trunk/seam-gen/icefaces/ide-project-files/idea/module.iml
trunk/seam-gen/ide-project-files/eclipse/.classpath
trunk/seam-gen/ide-project-files/idea/module.iml
trunk/seam-gen/ide-project-files/netbeans/project.xml
trunk/seam-gen/ivy/ivy.xml
trunk/src/main/org/jboss/seam/drools/RuleBase.java
trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
Log:
rolling back changes for JBSEAM-4011 for 2.1.2 release
Modified: trunk/build/root.pom.xml
===================================================================
--- trunk/build/root.pom.xml 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/build/root.pom.xml 2009-04-02 12:10:40 UTC (rev 10274)
@@ -33,20 +33,14 @@
<id>snapshots.jboss.org</id>
<name>JBoss Snapshot Repository</name>
<url>http://snapshots.jboss.org/maven2</url>
- </repository>
- <!-- <repository>
- <snapshots />
- <id>maven_repo</id>
- <name>Apache Maven Repository</name>
- <url>http://repo1.maven.org/maven2</url>
- </repository> -->
+ </repository>
</repositories>
<!-- Externalize some version numbers here -->
<properties>
<version.richfaces>3.3.0.GA</version.richfaces>
<version.wicket>1.3-SNAPSHOT</version.wicket>
- <version.drools>5.0.0.CR1</version.drools>
+ <version.drools>4.0.4</version.drools>
</properties>
<dependencyManagement>
Modified: trunk/examples/build.xml
===================================================================
--- trunk/examples/build.xml 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/examples/build.xml 2009-04-02 12:10:40 UTC (rev 10274)
@@ -315,10 +315,9 @@
<include name="antlr-runtime.jar" if="drools.lib" />
<include name="core.jar" if="drools.lib" />
<include name="janino.jar" if="drools.lib" />
- <include name="mvel2.jar" if="drools.lib" />
+ <include name="mvel14.jar" if="drools.lib" />
<include name="drools-core.jar" if="drools.lib" />
<include name="drools-compiler.jar" if="drools.lib" />
- <include name="drools-api.jar" if="drools.lib" />
</fileset>
<!-- Dependencies for using Spring with Cglib -->
Modified: trunk/examples/drools/resources/numberguess.drl
===================================================================
--- trunk/examples/drools/resources/numberguess.drl 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/examples/drools/resources/numberguess.drl 2009-04-02 12:10:40 UTC (rev 10274)
@@ -3,7 +3,7 @@
import org.jboss.seam.drools.Decision
global Decision decision
-global Integer randomNumber
+global int randomNumber
global Game game
rule High
Modified: trunk/seam-gen/build-scripts/deployed-jars-ear.list
===================================================================
--- trunk/seam-gen/build-scripts/deployed-jars-ear.list 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/seam-gen/build-scripts/deployed-jars-ear.list 2009-04-02 12:10:40 UTC (rev 10274)
@@ -1,12 +1,11 @@
antlr-runtime.jar
core.jar
-drools-api.jar
drools-compiler.jar
drools-core.jar
groovy-all.jar
janino.jar
jboss-el.jar
jbpm-jpdl.jar
-mvel2.jar
+mvel14.jar
richfaces-api.jar
jboss-seam-remoting.jar
Modified: trunk/seam-gen/build-scripts/deployed-jars-war.list
===================================================================
--- trunk/seam-gen/build-scripts/deployed-jars-war.list 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/seam-gen/build-scripts/deployed-jars-war.list 2009-04-02 12:10:40 UTC (rev 10274)
@@ -2,7 +2,6 @@
commons-beanutils.jar
commons-digester.jar
core.jar
-drools-api.jar
drools-compiler.jar
drools-core.jar
janino.jar
@@ -12,7 +11,7 @@
jbpm-jpdl.jar
jsf-facelets.jar
jxl.jar
-mvel2.jar
+mvel14.jar
richfaces-api.jar
richfaces-impl.jar
richfaces-ui.jar
Modified: trunk/seam-gen/icefaces/build-scripts/deployed-jars-ear.list
===================================================================
--- trunk/seam-gen/icefaces/build-scripts/deployed-jars-ear.list 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/seam-gen/icefaces/build-scripts/deployed-jars-ear.list 2009-04-02 12:10:40 UTC (rev 10274)
@@ -3,7 +3,6 @@
commons-digester.jar
commons-fileupload.jar
core.jar
-drools-api.jar
drools-compiler.jar
drools-core.jar
groovy-all.jar
@@ -13,4 +12,4 @@
janino.jar
jboss-el.jar
jbpm-jpdl.jar
-mvel2.jar
+mvel14.jar
Modified: trunk/seam-gen/icefaces/build-scripts/deployed-jars-war.list
===================================================================
--- trunk/seam-gen/icefaces/build-scripts/deployed-jars-war.list 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/seam-gen/icefaces/build-scripts/deployed-jars-war.list 2009-04-02 12:10:40 UTC (rev 10274)
@@ -4,7 +4,6 @@
commons-digester.jar
commons-fileupload.jar
core.jar
-drools-api.jar
drools-compiler.jar
drools-core.jar
icefaces.jar
@@ -15,4 +14,4 @@
jboss-seam.jar
jboss-seam-*.jar
jbpm-jpdl.jar
-mvel2.jar
+mvel14.jar
Modified: trunk/seam-gen/icefaces/ide-project-files/eclipse/.classpath
===================================================================
--- trunk/seam-gen/icefaces/ide-project-files/eclipse/.classpath 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/seam-gen/icefaces/ide-project-files/eclipse/.classpath 2009-04-02 12:10:40 UTC (rev 10274)
@@ -24,8 +24,7 @@
<classpathentry kind="lib" path="lib/testng.jar"/>
<classpathentry kind="lib" path="lib/jboss-el.jar"/>
<classpathentry kind="lib" path="lib/el-api.jar"/>
- <classpathentry kind="lib" path="lib/mvel2.jar"/>
- <classpathentry kind="lib" path="lib/drools-api.jar"/>
+ <classpathentry kind="lib" path="lib/mvel14.jar"/>
<classpathentry kind="lib" path="lib/drools-core.jar"/>
<classpathentry kind="lib" path="lib/drools-compiler.jar"/>
<classpathentry kind="lib" path="lib/janino.jar"/>
Modified: trunk/seam-gen/icefaces/ide-project-files/idea/module.iml
===================================================================
--- trunk/seam-gen/icefaces/ide-project-files/idea/module.iml 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/seam-gen/icefaces/ide-project-files/idea/module.iml 2009-04-02 12:10:40 UTC (rev 10274)
@@ -241,7 +241,7 @@
<orderEntry type="module-library">
<library>
<CLASSES>
- <root url="jar://$MODULE_DIR$/lib/mvel2.jar!/" />
+ <root url="jar://$MODULE_DIR$/lib/mvel14.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
@@ -250,15 +250,6 @@
<orderEntry type="module-library">
<library>
<CLASSES>
- <root url="jar://$MODULE_DIR$/lib/drools-api.jar!/" />
- </CLASSES>
- <JAVADOC />
- <SOURCES />
- </library>
- </orderEntry>
- <orderEntry type="module-library">
- <library>
- <CLASSES>
<root url="jar://$MODULE_DIR$/lib/drools-core.jar!/" />
</CLASSES>
<JAVADOC />
Modified: trunk/seam-gen/ide-project-files/eclipse/.classpath
===================================================================
--- trunk/seam-gen/ide-project-files/eclipse/.classpath 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/seam-gen/ide-project-files/eclipse/.classpath 2009-04-02 12:10:40 UTC (rev 10274)
@@ -23,8 +23,7 @@
<classpathentry kind="lib" path="lib/testng.jar"/>
<classpathentry kind="lib" path="lib/jboss-el.jar"/>
<classpathentry kind="lib" path="lib/el-api.jar"/>
- <classpathentry kind="lib" path="lib/mvel2.jar"/>
- <classpathentry kind="lib" path="lib/drools-api.jar"/>
+ <classpathentry kind="lib" path="lib/mvel14.jar"/>
<classpathentry kind="lib" path="lib/drools-core.jar"/>
<classpathentry kind="lib" path="lib/drools-compiler.jar"/>
<classpathentry kind="lib" path="lib/janino.jar"/>
Modified: trunk/seam-gen/ide-project-files/idea/module.iml
===================================================================
--- trunk/seam-gen/ide-project-files/idea/module.iml 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/seam-gen/ide-project-files/idea/module.iml 2009-04-02 12:10:40 UTC (rev 10274)
@@ -236,7 +236,7 @@
<orderEntry type="module-library">
<library>
<CLASSES>
- <root url="jar://$MODULE_DIR$/lib/mvel2.jar!/" />
+ <root url="jar://$MODULE_DIR$/lib/mvel14.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
@@ -245,15 +245,6 @@
<orderEntry type="module-library">
<library>
<CLASSES>
- <root url="jar://$MODULE_DIR$/lib/drools-api.jar!/" />
- </CLASSES>
- <JAVADOC />
- <SOURCES />
- </library>
- </orderEntry>
- <orderEntry type="module-library">
- <library>
- <CLASSES>
<root url="jar://$MODULE_DIR$/lib/drools-core.jar!/" />
</CLASSES>
<JAVADOC />
Modified: trunk/seam-gen/ide-project-files/netbeans/project.xml
===================================================================
--- trunk/seam-gen/ide-project-files/netbeans/project.xml 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/seam-gen/ide-project-files/netbeans/project.xml 2009-04-02 12:10:40 UTC (rev 10274)
@@ -96,18 +96,18 @@
<java-data xmlns="http://www.netbeans.org/ns/freeform-project-java/2">
<compilation-unit>
<package-root>src/main</package-root>
- <classpath mode="compile">lib/hibernate-validator.jar:lib/hibernate.jar:lib/hibernate-annotations.jar:lib/hibernate-commons-annotations.jar:lib/hibernate-entitymanager.jar:lib/jboss-seam.jar:lib/jboss-seam-debug.jar:lib/jboss-cache.jar:lib/jbpm-jpdl.jar:lib/antlr.jar:lib/jgroups.jar:lib/jsf-facelets.jar:lib/jstl.jar:lib/jsf-api.jar:lib/servlet-api.jar:lib/jboss-el.jar:lib/el-api.jar:lib/mvel2.jar:lib/drools-api.jar:lib/drools-core.jar:lib/drools-compiler.jar:lib/janino.jar:lib/antlr-runtime.jar:lib/mail.jar:lib/persistence-api.jar:lib/ejb-api.jar:lib/jsr250-api.jar:lib/jta.jar:lib/core.jar:lib/jboss-embedded-api.jar:lib/hibernate-search.jar:lib/richfaces-api.jar:lib/richfaces-ui.jar:lib/@driverJar@:lib/lucene-core.jar</classpath>
+ <classpath mode="compile">lib/hibernate-validator.jar:lib/hibernate.jar:lib/hibernate-annotations.jar:lib/hibernate-commons-annotations.jar:lib/hibernate-entitymanager.jar:lib/jboss-seam.jar:lib/jboss-seam-debug.jar:lib/jboss-cache.jar:lib/jbpm-jpdl.jar:lib/antlr.jar:lib/jgroups.jar:lib/jsf-facelets.jar:lib/jstl.jar:lib/jsf-api.jar:lib/servlet-api.jar:lib/jboss-el.jar:lib/el-api.jar:lib/mvel14.jar:lib/drools-core.jar:lib/drools-compiler.jar:lib/janino.jar:lib/antlr-runtime.jar:lib/mail.jar:lib/persistence-api.jar:lib/ejb-api.jar:lib/jsr250-api.jar:lib/jta.jar:lib/core.jar:lib/jboss-embedded-api.jar:lib/hibernate-search.jar:lib/richfaces-api.jar:lib/richfaces-ui.jar:lib/@driverJar@:lib/lucene-core.jar</classpath>
<source-level>1.5</source-level>
</compilation-unit>
<compilation-unit>
<package-root>src/hot</package-root>
- <classpath mode="compile">lib/hibernate-validator.jar:lib/hibernate.jar:lib/hibernate-annotations.jar:lib/hibernate-commons-annotations.jar:lib/hibernate-entitymanager.jar:lib/jboss-seam.jar:lib/jboss-seam-debug.jar:lib/jboss-cache.jar:lib/jbpm-jpdl.jar:lib/antlr.jar:lib/jgroups.jar:lib/jsf-facelets.jar:lib/jstl.jar:lib/jsf-api.jar:lib/servlet-api.jar:lib/jboss-el.jar:lib/el-api.jar:lib/mvel2.jar:lib/drools-api.jar:lib/drools-core.jar:lib/drools-compiler.jar:lib/janino.jar:lib/antlr-runtime.jar:lib/mail.jar:lib/persistence-api.jar:lib/ejb-api.jar:lib/jsr250-api.jar:lib/jta.jar:lib/core.jar:lib/jboss-embedded-api.jar:lib/hibernate-search.jar:lib/richfaces-api.jar:lib/richfaces-ui.jar:lib/@driverJar@:lib/lucene-core.jar</classpath>
+ <classpath mode="compile">lib/hibernate-validator.jar:lib/hibernate.jar:lib/hibernate-annotations.jar:lib/hibernate-commons-annotations.jar:lib/hibernate-entitymanager.jar:lib/jboss-seam.jar:lib/jboss-seam-debug.jar:lib/jboss-cache.jar:lib/jbpm-jpdl.jar:lib/antlr.jar:lib/jgroups.jar:lib/jsf-facelets.jar:lib/jstl.jar:lib/jsf-api.jar:lib/servlet-api.jar:lib/jboss-el.jar:lib/el-api.jar:lib/mvel14.jar:lib/drools-core.jar:lib/drools-compiler.jar:lib/janino.jar:lib/antlr-runtime.jar:lib/mail.jar:lib/persistence-api.jar:lib/ejb-api.jar:lib/jsr250-api.jar:lib/jta.jar:lib/core.jar:lib/jboss-embedded-api.jar:lib/hibernate-search.jar:lib/richfaces-api.jar:lib/richfaces-ui.jar:lib/@driverJar@:lib/lucene-core.jar</classpath>
<source-level>1.5</source-level>
</compilation-unit>
<compilation-unit>
<package-root>src/test</package-root>
<unit-tests/>
- <classpath mode="compile">bootstrap:lib/hibernate-validator.jar:lib/hibernate.jar:lib/hibernate-annotations.jar:lib/hibernate-commons-annotations.jar:lib/hibernate-entitymanager.jar:lib/jboss-seam.jar:lib/jboss-seam-debug.jar:lib/jboss-cache.jar:lib/jbpm-jpdl.jar:lib/antlr.jar:lib/jgroups.jar:lib/jsf-facelets.jar:lib/jstl.jar:lib/jsf-api.jar:lib/servlet-api.jar:lib/testng.jar:lib/jboss-el.jar:lib/el-api.jar:lib/mvel2.jar:lib/drools-api.jar:lib/drools-core.jar:lib/drools-compiler.jar:lib/janino.jar:lib/antlr-runtime.jar:lib/mail.jar:lib/persistence-api.jar:lib/ejb-api.jar:lib/jsr250-api.jar:lib/jta.jar:lib/core.jar:lib/jboss-embedded-api.jar:lib/hibernate-search.jar:lib/richfaces-api.jar:lib/@driverJar@:lib/lucene-core.jar</classpath>
+ <classpath mode="compile">bootstrap:lib/hibernate-validator.jar:lib/hibernate.jar:lib/hibernate-annotations.jar:lib/hibernate-commons-annotations.jar:lib/hibernate-entitymanager.jar:lib/jboss-seam.jar:lib/jboss-seam-debug.jar:lib/jboss-cache.jar:lib/jbpm-jpdl.jar:lib/antlr.jar:lib/jgroups.jar:lib/jsf-facelets.jar:lib/jstl.jar:lib/jsf-api.jar:lib/servlet-api.jar:lib/testng.jar:lib/jboss-el.jar:lib/el-api.jar:lib/mvel14.jar:lib/drools-core.jar:lib/drools-compiler.jar:lib/janino.jar:lib/antlr-runtime.jar:lib/mail.jar:lib/persistence-api.jar:lib/ejb-api.jar:lib/jsr250-api.jar:lib/jta.jar:lib/core.jar:lib/jboss-embedded-api.jar:lib/hibernate-search.jar:lib/richfaces-api.jar:lib/@driverJar@:lib/lucene-core.jar</classpath>
<source-level>1.5</source-level>
</compilation-unit>
</java-data>
Modified: trunk/seam-gen/ivy/ivy.xml
===================================================================
--- trunk/seam-gen/ivy/ivy.xml 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/seam-gen/ivy/ivy.xml 2009-04-02 12:10:40 UTC (rev 10274)
@@ -47,16 +47,13 @@
<dependency org="net.sourceforge.jexcelapi" name="jxl" rev="2.6.8-seam">
<artifact name="jxl" type="jar"/>
</dependency>
- <dependency org="org.antlr" name="antlr-runtime" rev="3.1.1">
+ <dependency org="org.antlr" name="antlr-runtime" rev="3.0">
<artifact name="antlr-runtime" type="jar"/>
</dependency>
- <dependency org="org.drools" name="drools-api" rev="5.0.0.CR1">
- <artifact name="drools-api" type="jar"/>
- </dependency>
- <dependency org="org.drools" name="drools-compiler" rev="5.0.0.CR1">
+ <dependency org="org.drools" name="drools-compiler" rev="4.0.4">
<artifact name="drools-compiler" type="jar"/>
</dependency>
- <dependency org="org.drools" name="drools-core" rev="5.0.0.CR1">
+ <dependency org="org.drools" name="drools-core" rev="4.0.4">
<artifact name="drools-core" type="jar"/>
</dependency>
<dependency org="org.eclipse.jdt" name="core" rev="3.2.3.v_686_R32x">
@@ -114,8 +111,8 @@
<dependency org="org.jbpm" name="jbpm-jpdl" rev="3.2.2">
<artifact name="jbpm-jpdl" type="jar"/>
</dependency>
- <dependency org="org.mvel" name="mvel2" rev="2.0.8pre1">
- <artifact name="mvel2" type="jar"/>
+ <dependency org="org.mvel" name="mvel14" rev="1.2.21">
+ <artifact name="mvel14" type="jar"/>
</dependency>
<dependency org="org.richfaces.framework" name="richfaces-api" rev="${richfaces.version}">
<artifact name="richfaces-api" type="jar"/>
Modified: trunk/src/main/org/jboss/seam/drools/RuleBase.java
===================================================================
--- trunk/src/main/org/jboss/seam/drools/RuleBase.java 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/src/main/org/jboss/seam/drools/RuleBase.java 2009-04-02 12:10:40 UTC (rev 10274)
@@ -8,7 +8,7 @@
import org.drools.compiler.DroolsError;
import org.drools.compiler.PackageBuilder;
import org.drools.compiler.PackageBuilderConfiguration;
-import org.drools.compiler.RuleBuildError;
+import org.drools.compiler.RuleError;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Create;
import org.jboss.seam.annotations.Scope;
@@ -68,9 +68,9 @@
log.error("errors parsing rules in: " + ruleFile);
for ( DroolsError error: builder.getErrors().getErrors() )
{
- if (error instanceof RuleBuildError)
+ if (error instanceof RuleError)
{
- RuleBuildError ruleError = (RuleBuildError) error;
+ RuleError ruleError = (RuleError) error;
log.error( ruleError.getMessage() + " (" + ruleFile + ':' + ruleError.getLine() + ')' );
}
else
Modified: trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2009-04-02 11:22:34 UTC (rev 10273)
+++ trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2009-04-02 12:10:40 UTC (rev 10274)
@@ -15,7 +15,7 @@
import org.drools.FactHandle;
import org.drools.RuleBase;
import org.drools.StatefulSession;
-import org.drools.ClassObjectFilter;
+import org.drools.base.ClassObjectFilter;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.Seam;
@@ -232,7 +232,7 @@
Principal role = (Principal) e.nextElement();
boolean found = false;
- Iterator<Role> iter = (Iterator<Role>) getSecurityContext().iterateObjects(new ClassObjectFilter(Role.class));
+ Iterator<Role> iter = getSecurityContext().iterateObjects(new ClassObjectFilter(Role.class));
while (iter.hasNext())
{
Role r = iter.next();
@@ -252,7 +252,7 @@
}
}
- Iterator<Role> iter = (Iterator<Role>) getSecurityContext().iterateObjects(new ClassObjectFilter(Role.class));
+ Iterator<Role> iter = getSecurityContext().iterateObjects(new ClassObjectFilter(Role.class));
while (iter.hasNext())
{
Role r = iter.next();
15 years, 10 months
Seam SVN: r10273 - branches/enterprise/JBPAPP_4_3_FP01/examples/booking/resources/WEB-INF.
by seam-commits@lists.jboss.org
Author: manaRH
Date: 2009-04-02 07:22:34 -0400 (Thu, 02 Apr 2009)
New Revision: 10273
Modified:
branches/enterprise/JBPAPP_4_3_FP01/examples/booking/resources/WEB-INF/pages.xml
Log:
JBPAPP-1455
Modified: branches/enterprise/JBPAPP_4_3_FP01/examples/booking/resources/WEB-INF/pages.xml
===================================================================
--- branches/enterprise/JBPAPP_4_3_FP01/examples/booking/resources/WEB-INF/pages.xml 2009-04-02 06:10:18 UTC (rev 10272)
+++ branches/enterprise/JBPAPP_4_3_FP01/examples/booking/resources/WEB-INF/pages.xml 2009-04-02 11:22:34 UTC (rev 10273)
@@ -33,7 +33,7 @@
login-required="true">
<navigation>
- <rule if="#{changePassword.changed}">
+ <rule if="#{identity.loggedIn and changePassword.changed}">
<redirect view-id="/main.xhtml"/>
</rule>
</navigation>
15 years, 10 months
Seam SVN: r10272 - in trunk/src/main/org/jboss/seam: transaction and 1 other directory.
by seam-commits@lists.jboss.org
Author: dan.j.allen
Date: 2009-04-02 02:10:18 -0400 (Thu, 02 Apr 2009)
New Revision: 10272
Added:
trunk/src/main/org/jboss/seam/transaction/FacesTransactionEvents.java
Modified:
trunk/src/main/org/jboss/seam/jsf/SeamPhaseListener.java
trunk/src/main/org/jboss/seam/transaction/Transaction.java
Log:
JBSEAM-3116
Modified: trunk/src/main/org/jboss/seam/jsf/SeamPhaseListener.java
===================================================================
--- trunk/src/main/org/jboss/seam/jsf/SeamPhaseListener.java 2009-04-02 05:27:41 UTC (rev 10271)
+++ trunk/src/main/org/jboss/seam/jsf/SeamPhaseListener.java 2009-04-02 06:10:18 UTC (rev 10272)
@@ -11,6 +11,7 @@
import static javax.faces.event.PhaseId.PROCESS_VALIDATIONS;
import static javax.faces.event.PhaseId.RENDER_RESPONSE;
import static javax.faces.event.PhaseId.RESTORE_VIEW;
+import static org.jboss.seam.transaction.Transaction.TRANSACTION_FAILED;
import java.lang.reflect.Method;
import java.util.Map;
@@ -43,6 +44,7 @@
import org.jboss.seam.pageflow.Pageflow;
import org.jboss.seam.persistence.PersistenceContexts;
import org.jboss.seam.transaction.Transaction;
+import org.jboss.seam.transaction.UserTransaction;
import org.jboss.seam.util.Reflections;
import org.jboss.seam.web.ServletContexts;
@@ -361,7 +363,7 @@
{
if ( Init.instance().isTransactionManagementEnabled() )
{
- addTransactionFailedMessage();
+ raiseTransactionFailedEvent();
}
}
@@ -436,19 +438,16 @@
}
/**
- * Add a faces message when Seam-managed transactions fail.
+ * Raise an event so that an observer may add a faces message when Seam-managed transactions fail.
*/
- protected void addTransactionFailedMessage()
+ protected void raiseTransactionFailedEvent()
{
try
{
- if ( Transaction.instance().isRolledBackOrMarkedRollback() )
+ UserTransaction tx = Transaction.instance();
+ if ( tx.isRolledBackOrMarkedRollback() )
{
- FacesMessages.instance().addFromResourceBundleOrDefault(
- StatusMessage.Severity.WARN,
- "org.jboss.seam.TransactionFailed",
- "Transaction failed"
- );
+ if (Events.exists()) Events.instance().raiseEvent(TRANSACTION_FAILED, tx.getStatus());
}
}
catch (Exception e) {} //swallow silently, not important
Added: trunk/src/main/org/jboss/seam/transaction/FacesTransactionEvents.java
===================================================================
--- trunk/src/main/org/jboss/seam/transaction/FacesTransactionEvents.java (rev 0)
+++ trunk/src/main/org/jboss/seam/transaction/FacesTransactionEvents.java 2009-04-02 06:10:18 UTC (rev 10272)
@@ -0,0 +1,66 @@
+package org.jboss.seam.transaction;
+
+import static org.jboss.seam.ScopeType.APPLICATION;
+import static org.jboss.seam.annotations.Install.BUILT_IN;
+
+import org.jboss.seam.annotations.Install;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Observer;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.Startup;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.international.StatusMessages;
+import org.jboss.seam.international.StatusMessage.Severity;
+
+/**
+ * Produces StatusMessages for JSF in response of certain transaction events.
+ * These events can be observed by support classes for other UI frameworks
+ * to produce similar messages.
+ *
+ * @author Dan Allen
+ */
+@Name("org.jboss.seam.transaction.facesTransactionEvents")
+@Scope(APPLICATION)
+@Install(precedence = BUILT_IN, classDependencies = "javax.faces.context.FacesContext")
+@BypassInterceptors
+@Startup
+public class FacesTransactionEvents
+{
+ private boolean transactionFailedMessageEnabled = true;
+
+ @Observer(Transaction.TRANSACTION_FAILED)
+ public void addTransactionFailedMessage(int status)
+ {
+ if (transactionFailedMessageEnabled) {
+ StatusMessages.instance().addFromResourceBundleOrDefault(
+ getTransactionFailedMessageSeverity(),
+ getTransactionFailedMessageKey(),
+ getTransactionFailedMessage());
+ }
+ }
+
+ public String getTransactionFailedMessage()
+ {
+ return "Transaction failed";
+ }
+
+ public Severity getTransactionFailedMessageSeverity()
+ {
+ return Severity.WARN;
+ }
+
+ public String getTransactionFailedMessageKey()
+ {
+ return "org.jboss.seam.TransactionFailed";
+ }
+
+ public boolean isTransactionFailedMessageEnabled()
+ {
+ return transactionFailedMessageEnabled;
+ }
+
+ public void setTransactionFailedMessageEnabled(boolean enabled)
+ {
+ this.transactionFailedMessageEnabled = enabled;
+ }
+}
Modified: trunk/src/main/org/jboss/seam/transaction/Transaction.java
===================================================================
--- trunk/src/main/org/jboss/seam/transaction/Transaction.java 2009-04-02 05:27:41 UTC (rev 10271)
+++ trunk/src/main/org/jboss/seam/transaction/Transaction.java 2009-04-02 06:10:18 UTC (rev 10272)
@@ -31,6 +31,9 @@
@BypassInterceptors
public class Transaction
{
+ // Event keys
+ public static final String TRANSACTION_FAILED = "org.jboss.seam.transaction.transactionFailed";
+
public static UserTransaction instance()
{
return (UserTransaction) Component.getInstance(Transaction.class, ScopeType.EVENT);
15 years, 10 months