[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1210) Page freeze after login
by Mariusz Smykula (JIRA)
Page freeze after login
-----------------------
Key: JBSEAM-1210
URL: http://jira.jboss.com/jira/browse/JBSEAM-1210
Project: JBoss Seam
Issue Type: Feature Request
Components: ICE Faces Integration
Affects Versions: 1.2.1.GA
Environment: ICEFaces 1.5.3, Seam 1.2.1, JBoss 4.0.5,
Reporter: Mariusz Smykula
Assigned To: Gregory Dick
Login page freeze after submit login information. After some time there is Network Connection Interrupted message. Page refresh is required.
Log from console:
17:13:32,140 ERROR [ExceptionFilter] uncaught exception
javax.faces.FacesException: Error calling action method of component with id userform:login
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:74)
at javax.faces.component.UICommand.broadcast(UICommand.java:106)
at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:94)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:168)
at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(LifecycleImpl.java:343)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:86)
at com.icesoft.faces.webapp.xmlhttp.BlockingServlet.renderCycle(BlockingServlet.java:456)
at com.icesoft.faces.webapp.xmlhttp.BlockingServlet.receiveUpdates(BlockingServlet.java:444)
at com.icesoft.faces.webapp.xmlhttp.BlockingServlet.executeRequest(BlockingServlet.java:324)
at com.icesoft.faces.webapp.xmlhttp.BlockingServlet.service(BlockingServlet.java:186)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:63)
at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:60)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:57)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:79)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.SeamFilter.doFilter(SeamFilter.java:84)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.faces.el.EvaluationException: /login.jspx @47,24 action="#{identity.login}": java.lang.UnsupportedOperationException
at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:73)
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:63)
... 42 more
Caused by: java.lang.UnsupportedOperationException
at com.icesoft.faces.context.BridgeExternalContext.getRequestCookieMap(BridgeExternalContext.java:503)
at org.jboss.seam.core.Selector.getCookie(Selector.java:61)
at org.jboss.seam.core.Selector.clearCookieValue(Selector.java:78)
at org.jboss.seam.security.Identity.postAuthenticate(Identity.java:282)
at org.jboss.seam.security.RuleBasedIdentity.postAuthenticate(RuleBasedIdentity.java:70)
at org.jboss.seam.security.Identity.authenticate(Identity.java:248)
at org.jboss.seam.security.Identity.authenticate(Identity.java:240)
at org.jboss.seam.security.Identity.login(Identity.java:170)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.el.parser.AstValue.invoke(AstValue.java:174)
at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:286)
at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:69)
... 43 more
17:13:32,156 ERROR [DebugPageHandler] redirecting to debug page
java.lang.UnsupportedOperationException
at com.icesoft.faces.context.BridgeExternalContext.getRequestCookieMap(BridgeExternalContext.java:503)
at org.jboss.seam.core.Selector.getCookie(Selector.java:61)
at org.jboss.seam.core.Selector.clearCookieValue(Selector.java:78)
at org.jboss.seam.security.Identity.postAuthenticate(Identity.java:282)
at org.jboss.seam.security.RuleBasedIdentity.postAuthenticate(RuleBasedIdentity.java:70)
at org.jboss.seam.security.Identity.authenticate(Identity.java:248)
at org.jboss.seam.security.Identity.authenticate(Identity.java:240)
at org.jboss.seam.security.Identity.login(Identity.java:170)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.el.parser.AstValue.invoke(AstValue.java:174)
at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:286)
at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:69)
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:63)
at javax.faces.component.UICommand.broadcast(UICommand.java:106)
at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:94)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:168)
at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(LifecycleImpl.java:343)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:86)
at com.icesoft.faces.webapp.xmlhttp.BlockingServlet.renderCycle(BlockingServlet.java:456)
at com.icesoft.faces.webapp.xmlhttp.BlockingServlet.receiveUpdates(BlockingServlet.java:444)
at com.icesoft.faces.webapp.xmlhttp.BlockingServlet.executeRequest(BlockingServlet.java:324)
at com.icesoft.faces.webapp.xmlhttp.BlockingServlet.service(BlockingServlet.java:186)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:63)
at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:60)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:57)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:79)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.SeamFilter.doFilter(SeamFilter.java:84)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Unknown Source)
17:13:32,171 ERROR [[Blocking Servlet]] Servlet.service() for servlet Blocking Servlet threw exception
java.lang.IllegalArgumentException: Stack must not be null
at org.jboss.seam.core.ConversationEntry.<init>(ConversationEntry.java:40)
at org.jboss.seam.core.ConversationEntries.createConversationEntry(ConversationEntries.java:50)
at org.jboss.seam.core.Manager.createConversationEntry(Manager.java:685)
at org.jboss.seam.core.Manager.beforeRedirect(Manager.java:834)
at org.jboss.seam.core.Manager.beforeRedirect(Manager.java:852)
at org.jboss.seam.exceptions.DebugPageHandler.handle(DebugPageHandler.java:24)
at org.jboss.seam.core.Exceptions.handle(Exceptions.java:79)
at org.jboss.seam.web.ExceptionFilter.endWebRequestAfterException(ExceptionFilter.java:91)
at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:73)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:79)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.SeamFilter.doFilter(SeamFilter.java:84)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Unknown Source)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
14 years, 7 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3086) Allow unproxied components in components.xml
by Luke Maurer (JIRA)
Allow unproxied components in components.xml
--------------------------------------------
Key: JBSEAM-3086
URL: http://jira.jboss.com/jira/browse/JBSEAM-3086
Project: Seam
Issue Type: Feature Request
Components: Core
Reporter: Luke Maurer
It would be very convenient to be able to define a "component" in components.xml without actually having it be wrapped in a proxy, in cases where I just want to have an object put into application context and have a few setters called on it, but don't need any interceptors installed.
For a use case, see http://www.jasypt.org/hibernate3.html (the "Providing the encryptor to Hibernate" section) - instructions are given for a convenient way to configure the library using Spring, even though the classes in question (StandardPBEStringEncryptor and HibernatePBEStringEncryptor) were not written as Spring beans. The equivalent code in Seam components.xml does not work, since Seam attempts to proxy the objects, and the classes are final (Javassist throws a CannotCompileException). Since none of the functionality offered by proxies is required, in principle the only requirement to make this work would be a way to turn off proxying. (Presumably Spring does so automatically here.)
Naturally, there is a perfectly good workaround, which would be to use a @Factory or @Unwrap method on a Seam component and include setter methods to do the configuration. But this is a lot of tedious glue code, and I find the idea of directly configuring the objects in components.xml to be much more elegant.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
14 years, 9 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2450) OWASP / New Session after Login
by ahus1 (JIRA)
OWASP / New Session after Login
-------------------------------
Key: JBSEAM-2450
URL: http://jira.jboss.com/jira/browse/JBSEAM-2450
Project: JBoss Seam
Issue Type: Feature Request
Affects Versions: 2.0.0.GA
Environment: Linux 2.6, jetty 6.1.5, java 6
Reporter: ahus1
Hello,
OWASP has compiled a "top 10" vulnerablilities for web applications.
One suggestion against session hijacking was the following: Start a new HTTP-Session after a successful login:
"Consider regenerating a new session upon successful authentication or privilege level change."
http://www.owasp.org/index.php/Top_10_2007-A7
Therefore there should be a (configurable?) switch to choose "continue with new session ID after successful log on"
I have thought of invalidating the current HTTP session, creating a new one and copying all elements from the old session to the new session in my Authenticator. But Seam 2.0.0 doesn't allow this: When I use the lowlevel functions this is blocked by IllegalStateException("Please end the HttpSession via Seam.invalidateSession()") in Lifecyle. When I use Seam.invalidateSession(), the session is only destroyed at the end of the request and I am unable to copy any objects in my Authenticator as the new session doesn't exist yet.
The workaround I have come up with is a filter, that destroys the complete session before the log in.
This is not very elegant, but it works for me as I don't have i.e. a shoping basket that I'd like to preserve.
A "nice" implementation in seam shouldn't have this limitation.
shane.bryzak(a)jboss.com asked for this ticket to be assigned to her.
The Java Class:
Code:
/**
* This filter enforces a new session whenever there is a POST, should be mapped
* to the URL of the login page in your web.xml
* @author Alexander Schwartz 2007
*/
public class NewSessionFilter implements Filter {
private Log log = LogFactory.getLog(NewSessionFilter.class);
private String url;
public void destroy() {
// empty.
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
if (httpRequest.getMethod().equals("POST")
&& httpRequest.getSession() != null
&& !httpRequest.getSession().isNew()
&& httpRequest.getRequestURI().endsWith(url)) {
httpRequest.getSession().invalidate();
httpRequest.getSession(true);
log.info("new Session:" + httpRequest.getSession().getId());
}
}
chain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
url = filterConfig.getInitParameter("url");
if (url == null) {
throw new ServletException(
"please specify parameter 'url' with login URL");
}
}
}
The web.xml:
Code:
<filter>
<display-name>NewSessionFilter</display-name>
<filter-name>NewSessionFilter</filter-name>
<filter-class>
NewSessionFilter
</filter-class>
<init-param>
<param-name>url</param-name>
<param-value>/iss/login.jsf</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>NewSessionFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/iss/login.jsf</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
14 years, 9 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3493) The EntityHome should not preserve the value of its instance property after entering a nested transaction when having the @PerNestedConversation annotation
by Francisco Jose Peredo Noguez (JIRA)
The EntityHome should not preserve the value of its instance property after entering a nested transaction when having the @PerNestedConversation annotation
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Key: JBSEAM-3493
URL: https://jira.jboss.org/jira/browse/JBSEAM-3493
Project: Seam
Issue Type: Bug
Components: Core
Affects Versions: 2.0.2.SP1
Reporter: Francisco Jose Peredo Noguez
I have a reflective 1-n associations like
Person childof Person.
I would like to create a child from the PersonEdit.xhtml created by seam-gen then adapted by hands...
When I put @PerNestedConversation annotation to my PersonHome the behavior seems to be ok: Each conversation has it's own instance of PersonHome BUT: all of those instances is wired to the same instance of Person (the Entity)...
I've tried to trace modifications on the "instance" field of Home but it's never setted so it should stay to null and then call my createInstance() overrided method....but this never happen because (as I said) Person instance is the same as the parent conversation one....
Did I miss something?
Or is this a limitation of the CRUD framework?
nowhere on the code the field "instance" is setted so I believe this is due to javassist proxying that my eclipse debugger can't see...
If this feature isn't working how would you implement my "Create child" button to create a new Person has a child of the current conversation "personHome.instance" ?...
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
14 years, 9 months