October 2008 - seam-issues - Jboss List Archives

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2645) Promote forum thread to FAQ

by Gavin King (JIRA)

Promote forum thread to FAQ --------------------------- Key: JBSEAM-2645 URL: http://jira.jboss.com/jira/browse/JBSEAM-2645 Project: JBoss Seam Issue Type: Feature Request Components: Wiki Reporter: Gavin King Assigned To: Christian Bauer Easily promote a forum thread into the FAQ browser -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 9 months

4
9
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3086) Allow unproxied components in components.xml

by Luke Maurer (JIRA)

Allow unproxied components in components.xml -------------------------------------------- Key: JBSEAM-3086 URL: http://jira.jboss.com/jira/browse/JBSEAM-3086 Project: Seam Issue Type: Feature Request Components: Core Reporter: Luke Maurer It would be very convenient to be able to define a "component" in components.xml without actually having it be wrapped in a proxy, in cases where I just want to have an object put into application context and have a few setters called on it, but don't need any interceptors installed. For a use case, see http://www.jasypt.org/hibernate3.html (the "Providing the encryptor to Hibernate" section) - instructions are given for a convenient way to configure the library using Spring, even though the classes in question (StandardPBEStringEncryptor and HibernatePBEStringEncryptor) were not written as Spring beans. The equivalent code in Seam components.xml does not work, since Seam attempts to proxy the objects, and the classes are final (Javassist throws a CannotCompileException). Since none of the functionality offered by proxies is required, in principle the only requirement to make this work would be a way to turn off proxying. (Presumably Spring does so automatically here.) Naturally, there is a perfectly good workaround, which would be to use a @Factory or @Unwrap method on a Seam component and include setter methods to do the configuration. But this is a lot of tedious glue code, and I find the idea of directly configuring the objects in components.xml to be much more elegant. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 9 months

3
4
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2450) OWASP / New Session after Login

by ahus1 (JIRA)

OWASP / New Session after Login ------------------------------- Key: JBSEAM-2450 URL: http://jira.jboss.com/jira/browse/JBSEAM-2450 Project: JBoss Seam Issue Type: Feature Request Affects Versions: 2.0.0.GA Environment: Linux 2.6, jetty 6.1.5, java 6 Reporter: ahus1 Hello, OWASP has compiled a "top 10" vulnerablilities for web applications. One suggestion against session hijacking was the following: Start a new HTTP-Session after a successful login: "Consider regenerating a new session upon successful authentication or privilege level change." http://www.owasp.org/index.php/Top_10_2007-A7 Therefore there should be a (configurable?) switch to choose "continue with new session ID after successful log on" I have thought of invalidating the current HTTP session, creating a new one and copying all elements from the old session to the new session in my Authenticator. But Seam 2.0.0 doesn't allow this: When I use the lowlevel functions this is blocked by IllegalStateException("Please end the HttpSession via Seam.invalidateSession()") in Lifecyle. When I use Seam.invalidateSession(), the session is only destroyed at the end of the request and I am unable to copy any objects in my Authenticator as the new session doesn't exist yet. The workaround I have come up with is a filter, that destroys the complete session before the log in. This is not very elegant, but it works for me as I don't have i.e. a shoping basket that I'd like to preserve. A "nice" implementation in seam shouldn't have this limitation. shane.bryzak(a)jboss.com asked for this ticket to be assigned to her. The Java Class: Code: /** * This filter enforces a new session whenever there is a POST, should be mapped * to the URL of the login page in your web.xml * @author Alexander Schwartz 2007 */ public class NewSessionFilter implements Filter { private Log log = LogFactory.getLog(NewSessionFilter.class); private String url; public void destroy() { // empty. } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (request instanceof HttpServletRequest) { HttpServletRequest httpRequest = (HttpServletRequest) request; if (httpRequest.getMethod().equals("POST") && httpRequest.getSession() != null && !httpRequest.getSession().isNew() && httpRequest.getRequestURI().endsWith(url)) { httpRequest.getSession().invalidate(); httpRequest.getSession(true); log.info("new Session:" + httpRequest.getSession().getId()); } } chain.doFilter(request, response); } public void init(FilterConfig filterConfig) throws ServletException { url = filterConfig.getInitParameter("url"); if (url == null) { throw new ServletException( "please specify parameter 'url' with login URL"); } } } The web.xml: Code: <filter> <display-name>NewSessionFilter</display-name> <filter-name>NewSessionFilter</filter-name> <filter-class> NewSessionFilter </filter-class> <init-param> <param-name>url</param-name> <param-value>/iss/login.jsf</param-value> </init-param> </filter> <filter-mapping> <filter-name>NewSessionFilter</filter-name> <servlet-name>Faces Servlet</servlet-name> <url-pattern>/iss/login.jsf</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 9 months

11
16
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1683) s:fileUpload with required attribute

by Jonas Erma (JIRA)

s:fileUpload with required attribute ------------------------------------ Key: JBSEAM-1683 URL: http://jira.jboss.com/jira/browse/JBSEAM-1683 Project: JBoss Seam Issue Type: Feature Request Components: JSF Affects Versions: 2.0.0.BETA1 Reporter: Jonas Erma Fix For: 2.0.0.CR1 Is it possible to introduce a required attribute into the s:fileUpload tag? That way, I wouldn't need to check in my action methods if the file is null. tazman -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 9 months

5
4
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3493) The EntityHome should not preserve the value of its instance property after entering a nested transaction when having the @PerNestedConversation annotation

by Francisco Jose Peredo Noguez (JIRA)

The EntityHome should not preserve the value of its instance property after entering a nested transaction when having the @PerNestedConversation annotation ----------------------------------------------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3493 URL: https://jira.jboss.org/jira/browse/JBSEAM-3493 Project: Seam Issue Type: Bug Components: Core Affects Versions: 2.0.2.SP1 Reporter: Francisco Jose Peredo Noguez I have a reflective 1-n associations like Person childof Person. I would like to create a child from the PersonEdit.xhtml created by seam-gen then adapted by hands... When I put @PerNestedConversation annotation to my PersonHome the behavior seems to be ok: Each conversation has it's own instance of PersonHome BUT: all of those instances is wired to the same instance of Person (the Entity)... I've tried to trace modifications on the "instance" field of Home but it's never setted so it should stay to null and then call my createInstance() overrided method....but this never happen because (as I said) Person instance is the same as the parent conversation one.... Did I miss something? Or is this a limitation of the CRUD framework? nowhere on the code the field "instance" is setted so I believe this is due to javassist proxying that my eclipse debugger can't see... If this feature isn't working how would you implement my "Create child" button to create a new Person has a child of the current conversation "personHome.instance" ?... -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 9 months

3
11
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3391) Use Credentials and RememberMe in code and EL expressions in examples, seam-gen and src

by Luis Tama (JIRA)

Use Credentials and RememberMe in code and EL expressions in examples, seam-gen and src --------------------------------------------------------------------------------------- Key: JBSEAM-3391 URL: https://jira.jboss.org/jira/browse/JBSEAM-3391 Project: Seam Issue Type: Task Components: Examples, Tools Affects Versions: 2.1.0.BETA1 Reporter: Luis Tama As of SEAM 2.1.0, the Identity component has been updated and the getters and setters for the properties username, password and rememberMe have been deprecated. So now we should use Credentials and RememberMe components. There are still many references to those getters/setters/properties in source code and in EL expressions in /examples, /seam-gen (including templates), and in /src, that lead to use of deprecated code. They should be updated. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 9 months

4
5
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3054) use outbound urlrewriting in seambay example

by Dan Allen (JIRA)

use outbound urlrewriting in seambay example -------------------------------------------- Key: JBSEAM-3054 URL: http://jira.jboss.com/jira/browse/JBSEAM-3054 Project: Seam Issue Type: Feature Request Components: Examples Affects Versions: 2.1.0.A1, 2.0.2.SP1 Reporter: Dan Allen Assigned To: Dan Allen Fix For: 2.0.x, 2.1.0.BETA1 Let's show off outbound urlrewriting in the seambay example. The current hard-coded RESTful URLs look so labor intensive. Plus, it all stops working if you turn off urlrewriting. By pushing it all into the urlrewrite engine, it works either way. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 9 months

4
7
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2240) refactor for easier extensibility of seam identity: seam identiy interface + seam identity base impl

by koen handekyn (JIRA)

refactor for easier extensibility of seam identity: seam identiy interface + seam identity base impl ---------------------------------------------------------------------------------------------------- Key: JBSEAM-2240 URL: http://jira.jboss.com/jira/browse/JBSEAM-2240 Project: JBoss Seam Issue Type: Feature Request Components: Core Affects Versions: 2.0.0.GA Reporter: koen handekyn Priority: Optional to allow easier extensibility of the seam identity class it would be useful to have a clear seam identity interface with complementary base impl from (package org.jboss.seam.security) use case: i'm trying to define my own seam identiy that contains as an extra parameter domain (login@domain/password). to have a complete implementation (which also saves the domain into a cookie) i'm stuck as 1. i don't know have an interface that I should satisfy if I wanted to make an implementation from scratch 2. extending from seam idenity has some issues : i missing some protected accessors to some private members (that maybe could be protected?) alternatively my question would be solved if i could have extension points within initFromCookie and at "setCookieValueIfEnabled( getUsername() ); from method postAuthenticate()" such that i could combine and split login and domain when saving/reading the cookie. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 9 months

3
5
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2095) Multiple DataSources in same EAR, hib2ddl and import.sql run on all

by Ian Darwin (JIRA)

Multiple DataSources in same EAR, hib2ddl and import.sql run on all ------------------------------------------------------------------- Key: JBSEAM-2095 URL: http://jira.jboss.com/jira/browse/JBSEAM-2095 Project: JBoss Seam Issue Type: Feature Request Components: Core Affects Versions: 2.0.0.CR1 Environment: EAR deployment, POJO beans setup by Seam-Gen. OS not relevant; tried JDK1.6 and 1.7EA. DB is PostgreSQL 8. Reporter: Ian Darwin When using multiple DataSources in an EJB3 EAR, as suggested by Gavin the the URL referenced below, using Hibernate as the underlying persistence, it appears that the "schema export" and the /import.sql get applied to both. It would be nice if there could be a more fine-grained mechanism for associating import.sql and hbm2ddl with particular entities. I have two Datasources, call them "all" and "bugs" (the idea being that the bugs database will be shared by all developers and should be permanent, whereas the "all" database should be dropped and recreated/imported each tim). 16:07:55,345 INFO [SchemaExport] Running hbm2ddl schema export 16:07:55,345 INFO [SchemaExport] exporting generated schema to database 16:07:55,504 INFO [SchemaExport] Executing import script: /import.sql 16:07:55,568 INFO [SchemaExport] schema export complete ... 16:07:55,710 INFO [SchemaExport] Running hbm2ddl schema export 16:07:55,711 INFO [SchemaExport] exporting generated schema to database 16:07:55,857 INFO [SchemaExport] Executing import script: /import.sql 16:07:55,911 INFO [SchemaExport] schema export complete It would be most convenient if one could specify more precisely which entities go in which Schema. I have added the @PersistenceContext annotation on the BugsHome class' EntityManager: @PersistenceUnit(name="tcpseambug") @In EntityManager bugEntityManager; public EntityManager getEntityManager() { return bugEntityManager; } Note that if I disable the hbm2ddl export on the "bugs" database, then schema setup quits when one of the tables in the "all" database shows up missing. N.B. Will be happy to write up a complete example for the Reference Manual once this is working :-), as there are several related questions on the Forums. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 10 months

4
11
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2050) reorganize modules

by Dan Allen (JIRA)

reorganize modules ------------------ Key: JBSEAM-2050 URL: http://jira.jboss.com/jira/browse/JBSEAM-2050 Project: JBoss Seam Issue Type: Feature Request Components: Tools Affects Versions: 2.0.0.CR1 Reporter: Dan Allen Fix For: 2.0.x I would like to make "modules" a first order directory (renamed from "src") and also organize tests so they are per-module. This will encourage per-module tests and also prevent circular dependencies (because the folders are treated as modules and not one big lump of source code). The ui module also once again finds itself adjacent to the other modules. jboss-seam/ examples/ <-- showing this just as a reference point modules/ core/ main/java test/java ui/ main/java test/java (continue for debug, ioc, gen, pdf, mail, remoting) Although Eclipse doesn't know the first think about multi-modules, this will be idea for setting up a module-aware IDE like IntelliJ IDEA (and to some degree, NetBeans). -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 11 months

4
11
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

seam-issues October 2008