[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3565) Remoting interface generation problem
by Andy Siu (JIRA)
Remoting interface generation problem
-------------------------------------
Key: JBSEAM-3565
URL: https://jira.jboss.org/jira/browse/JBSEAM-3565
Project: Seam
Issue Type: Bug
Components: Remoting
Reporter: Andy Siu
Assignee: Shane Bryzak
There is a problem about the caching mechanism of generating remote interface for ajax call.
at
public void generateComponentInterface(Set<Component> components, OutputStream out, Set<Type> types)
The generated interface is cached in interfaceCache. However, when passing more than one component at the same time, there may be problem.
E.g.
seam/resource/remoting/interface.js?A&B
where both A and B contain a type C
A->C will be cached with the name A
but only B will be cached with the name B (C will be skipped as it is already generated in A)
when another page only calls seam/resource/remoting/interface.js?B
C will be missed as the cached B does not contains C
I've make a workaround by passing a new HashSet<Type>() into appendComponentSource everytime
appendComponentSource(bOut, c, new HashSet<Type>());
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 3 months
[JBoss JIRA] Created: (SEAMFACES-26) Implement global protection against XSRF attacks via incremental token-based form fields
by Lincoln Baxter III (JIRA)
Implement global protection against XSRF attacks via incremental token-based form fields
----------------------------------------------------------------------------------------
Key: SEAMFACES-26
URL: https://jira.jboss.org/browse/SEAMFACES-26
Project: Seam Faces
Issue Type: Feature Request
Components: Security
Reporter: Lincoln Baxter III
Fix For: 3.0.0.Alpha4
I'd like to see a way to implement this for ALL pages, not requiring a custom tag.
I believe this could be done easily using the PreRenderViewEvent to add a hidden form field to store the token in all outbound forms, in combination with a cookie that is sent to the browser, storing a unique private key for that browser session.
Next, use a phase-listener after Restore_View, comparing the request parameter to the restored component value or session. Very similar to the <s:token> component, but as a global solution that could be enabled/disabled via XML config.
The token value increments on each subsequent form submission, and includes a hashed version of the browser's signature (and corresponding public key for the browser's cookie-assigned private key.) The token is compared to either a value stored in ViewState (insecure if using client-side state-saving) or a value stored in the user's session as (an ordered list that can detect repeat or invalid requests.)
Question: how does this affect the back-button?
Note: In order for any cookie-based public key to be assigned to the browser, one MUST assume that the server/client are speaking HTTPS, otherwise any communication of public/private keys will be vulnerable to man-in-the-middle attacks.
"1. When rendered, it assigns a unique identifier to the browser using a cookie that lives until the end of the browser session. This is roughly the browser's private key. The <s:token> tag is used inside of an <h:form> and generates a hidden form field named javax.faces.FormSignature. The form signature is calculated as follows: "
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 3 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1620) "java.lang.IllegalStateException: No application context active" thrown on legacy components.xml declaration
by Przemyslaw Jaskierski (JIRA)
"java.lang.IllegalStateException: No application context active" thrown on legacy components.xml declaration
------------------------------------------------------------------------------------------------------------
Key: JBSEAM-1620
URL: http://jira.jboss.com/jira/browse/JBSEAM-1620
Project: JBoss Seam
Issue Type: Bug
Affects Versions: 2.0.0.BETA1
Environment: Tomcat 6.0.13
Reporter: Przemyslaw Jaskierski
Fix For: 2.0.0.CR1
Reporting on Gavin's demand. After migrating from 1.3.0 ALPHA to latest 2.0.0 cvs snapshot I got this exception because on my classpath was an alternate components.xml with core:microcontainer. Please see forum topic for complete description. Posting only stacktrace here.
java.lang.IllegalStateException: No application context active
at org.jboss.seam.Component.forName(Component.java:1707)
at org.jboss.seam.Component.getInstance(Component.java:1757)
at org.jboss.seam.Component.getInstance(Component.java:1740)
at org.jboss.seam.Component.getInstance(Component.java:1719)
at org.jboss.seam.core.ResourceBundle.instance(ResourceBundle.java:209)
at org.jboss.seam.jsf.SeamApplicationMessageBundle.handleGetObject(SeamApplicationMessageBundle.jav
a:28)
at java.util.ResourceBundle.getObject(ResourceBundle.java:380)
at java.util.ResourceBundle.getString(ResourceBundle.java:346)
at com.sun.faces.util.MessageFactory.getMessage(MessageFactory.java:151)
at com.sun.faces.util.MessageFactory.getMessage(MessageFactory.java:122)
at com.sun.faces.util.MessageUtils.getExceptionMessageString(MessageUtils.java:277)
at com.sun.faces.config.ConfigureListener.configure(ConfigureListener.java:828)
at com.sun.faces.config.ConfigureListener.configure(ConfigureListener.java:486)
at com.sun.faces.config.ConfigureListener.contextInitialized(ConfigureListener.java:381)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3827)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4334)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:566)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Jul 7, 2007 7:21:43 PM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class com.sun.faces.conf
ig.ConfigureListener
javax.faces.FacesException: java.lang.IllegalStateException: No application context active
at com.sun.faces.config.ConfigureListener.contextInitialized(ConfigureListener.java:387)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3827)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4334)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:566)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: java.lang.IllegalStateException: No application context active
at org.jboss.seam.Component.forName(Component.java:1707)
at org.jboss.seam.Component.getInstance(Component.java:1757)
at org.jboss.seam.Component.getInstance(Component.java:1740)
at org.jboss.seam.Component.getInstance(Component.java:1719)
at org.jboss.seam.core.ResourceBundle.instance(ResourceBundle.java:209)
at org.jboss.seam.jsf.SeamApplicationMessageBundle.handleGetObject(SeamApplicationMessageBundle.jav
a:28)
at java.util.ResourceBundle.getObject(ResourceBundle.java:380)
at java.util.ResourceBundle.getString(ResourceBundle.java:346)
at com.sun.faces.util.MessageFactory.getMessage(MessageFactory.java:151)
at com.sun.faces.util.MessageFactory.getMessage(MessageFactory.java:122)
at com.sun.faces.util.MessageUtils.getExceptionMessageString(MessageUtils.java:277)
at com.sun.faces.config.ConfigureListener.configure(ConfigureListener.java:828)
at com.sun.faces.config.ConfigureListener.configure(ConfigureListener.java:486)
at com.sun.faces.config.ConfigureListener.contextInitialized(ConfigureListener.java:381)
... 15 more
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 3 months
[JBoss JIRA] Created: (SEAMJMS-2) Message Destinations may be declared by specifying a @Resource annotation as part of a producer field
by Jordan Ganoff (JIRA)
Message Destinations may be declared by specifying a @Resource annotation as part of a producer field
-----------------------------------------------------------------------------------------------------
Key: SEAMJMS-2
URL: https://jira.jboss.org/browse/SEAMJMS-2
Project: Seam JMS
Issue Type: Feature Request
Components: Injection
Reporter: Jordan Ganoff
Priority: Blocker
>From JSR-299-20090521.pdf:
3.7.2. Declaring a message destination
A message destination may be declared by specifying a
type Topic or Queue.
@Resource
annotation as part of a producer field declaration of
The @Resource annotation specifies the metadata needed to obtain the topic or queue from the component environment.
@Resource(name="java:global/env/jms/PaymentQueue")
@Produces @PaymentProcessor Queue paymentQueue;
@Resource(name="java:global/env/jms/Prices")
@Produces @Prices Topic pricesTopic;
The bindings and deployment type of the resource are determined by the producer field declaration.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 3 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2588) s:conversationPropagation breaks a4j:commandButton
by Fijai Cairo (JIRA)
s:conversationPropagation breaks a4j:commandButton
--------------------------------------------------
Key: JBSEAM-2588
URL: http://jira.jboss.com/jira/browse/JBSEAM-2588
Project: JBoss Seam
Issue Type: Bug
Components: JSF Controls
Affects Versions: 2.0.1.GA
Environment: Firefox OSX 10.51, JBoss AS 4.22, JAVA 1.5.0_13-b05-237
Reporter: Fijai Cairo
<a4j:commandButton styleClass="btn" id="contactButton#{accountHolder}" oncomplete="UIControl('contactForm', 'contact', 'identification');" reRender="contactBlock#{accountHolder},uiSec" actionListener="#{accountOpen.submitContactInfo}" value="Continue" >
<a4j:actionparam name="holder" value="getSuffix()" noEscape="true"/>
<s:conversationPropagation type="join" />
</a4j:commandButton>
Renders the following: Notice that the onclick handler is rendered before the input is rendered and causes a document.getElementById("contactButton1") has no properties javascript error.
<div id="contactContinueSection1" style="padding: 10px 10px 10px 10px; display: block">
<script language="JavaScript" type="text/javascript">
//<![CDATA[
document.getElementById('contactButton1').onclick = new Function("event", "{if (document.getElementById){var form = document.getElementById('contactForm1');var input = documen
t.createElement('input');if (document.all){ input.type = 'hidden';input.name = 'conversationPropagat
ion';input.value = 'join';}else if (document.getElementById) {input.setAttribute('type', 'hidden');i
nput.setAttribute('name', 'conversationPropagation');input.setAttribute('value', 'join');}form.appen
dChild(input);return true;}}");
//]]>
</script>
<input id="contactButton1" name="contactButton1" onclick="A4J.AJAX.Submit('_viewRoot','contactForm1',event,{'parameters':{'holder':getSuffix(),'conversationPr
opagation':'join','contactButton1':'contactButton1'} ,'actionUrl':'/BaisiPrototype/AE/primary.jspv?j
avax.portlet.faces.DirectLink=true','oncomplete':function(request,event,data){UIControl('contactForm
', 'contact', 'identification');}} );return false;" value="Continue" class="btn" type="button" />
</div>
Without <s:conversationPropagation type="join" />, the onclick handler is rendered as an attribute of the button as ff:
<div id="contactContinueSection1" style="padding: 10px 10px 10px 10px; display: block"><input id="contactButton1" name="contactButton1" onclick="A4J.AJAX.Submit('_viewRoot','contactForm1',event,{'parameters':{'holder':getSuffix(),'contactButton1
':'contactButton1'} ,'actionUrl':'/BaisiPrototype/AE/primary.jspv?javax.portlet.faces.DirectLink=tru
e','oncomplete':function(request,event,data){UIControl('contactForm', 'contact', 'identification');}
} );return false;" value="Continue" class="btn" type="button" />
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 3 months
[JBoss JIRA] Created: (SEAMFACES-57) Use InputElement<T> instead of @InputField for injection of form input
by Dan Allen (JIRA)
Use InputElement<T> instead of @InputField for injection of form input
----------------------------------------------------------------------
Key: SEAMFACES-57
URL: https://jira.jboss.org/browse/SEAMFACES-57
Project: Seam Faces
Issue Type: Feature Request
Components: Validation & Conversion
Affects Versions: 3.0.0.Beta1
Reporter: Dan Allen
Priority: Minor
The idea for @InputField is nice, but having access to only the converted value of a field is limiting. We should switch to a wrapper type at the injection point to provide access to the id, clientId and component. The implementation could also provide use the narrowing bean facility in Weld Extensions to make the producer stronger typed.
Proposal:
@Inject
private InputElement<String> firstName;
@Inject
private InputElement<String> lastName;
@Inject
private InputElement<Date> dateOfBirth;
InputElement<T>
String id
String clientId
T value
UIInput component
The input element thus allows much more flexibility in terms of what the developer can accomplish in the validation method. One of those is being able to assign a message to a particular input field.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 3 months