February 2011 - seam-issues - Jboss List Archives

[JBoss JIRA] Created: (SEAM-15) Remove prerequisite element in favor of enforcer rule in modules

by Dan Allen (JIRA)

Remove prerequisite element in favor of enforcer rule in modules ---------------------------------------------------------------- Key: SEAM-15 URL: https://issues.jboss.org/browse/SEAM-15 Project: Seam 3 Issue Type: Task Components: Build Infrastructure Reporter: Dan Allen Priority: Minor -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

2
3
0 / 0

[JBoss JIRA] Created: (SEAMFACES-26) Implement global protection against XSRF attacks via incremental token-based form fields

by Lincoln Baxter III (JIRA)

Implement global protection against XSRF attacks via incremental token-based form fields ---------------------------------------------------------------------------------------- Key: SEAMFACES-26 URL: https://jira.jboss.org/browse/SEAMFACES-26 Project: Seam Faces Issue Type: Feature Request Components: Security Reporter: Lincoln Baxter III Fix For: 3.0.0.Alpha4 I'd like to see a way to implement this for ALL pages, not requiring a custom tag. I believe this could be done easily using the PreRenderViewEvent to add a hidden form field to store the token in all outbound forms, in combination with a cookie that is sent to the browser, storing a unique private key for that browser session. Next, use a phase-listener after Restore_View, comparing the request parameter to the restored component value or session. Very similar to the <s:token> component, but as a global solution that could be enabled/disabled via XML config. The token value increments on each subsequent form submission, and includes a hashed version of the browser's signature (and corresponding public key for the browser's cookie-assigned private key.) The token is compared to either a value stored in ViewState (insecure if using client-side state-saving) or a value stored in the user's session as (an ordered list that can detect repeat or invalid requests.) Question: how does this affect the back-button? Note: In order for any cookie-based public key to be assigned to the browser, one MUST assume that the server/client are speaking HTTPS, otherwise any communication of public/private keys will be vulnerable to man-in-the-middle attacks. "1. When rendered, it assigns a unique identifier to the browser using a cookie that lives until the end of the browser session. This is roughly the browser's private key. The <s:token> tag is used inside of an <h:form> and generates a hidden form field named javax.faces.FormSignature. The form signature is calculated as follows: " -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

4
10
0 / 0

[JBoss JIRA] Created: (SEAM-26) Faces sources contains .class instead of .java files

by Ondrej Skutka (JIRA)

Faces sources contains .class instead of .java files ---------------------------------------------------- Key: SEAM-26 URL: https://issues.jboss.org/browse/SEAM-26 Project: Seam 3 Issue Type: Bug Components: Build Infrastructure Affects Versions: 3.0.0.Beta2 Reporter: Ondrej Skutka -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

3
2
0 / 0

[JBoss JIRA] Created: (SEAM-23) Incorrect version Seam Catch docs in the dist bundle

by Jozef Hartinger (JIRA)

Incorrect version Seam Catch docs in the dist bundle ---------------------------------------------------- Key: SEAM-23 URL: https://issues.jboss.org/browse/SEAM-23 Project: Seam 3 Issue Type: Bug Components: Common Documentation Affects Versions: 3.0.0.Beta2 Reporter: Jozef Hartinger Assignee: Shane Bryzak The Seam Catch documentation bundled with the Seam 3.0.0.Beta2 dist is not of 3.0.0.Beta2 but seems to be 3.0.0.Beta1. Although https://issues.jboss.org/browse/SEAMCATCH-45 has been fixed in Seam Catch for 3.0.0.Beta2, these fixes are not present in the common docs -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

3
2
0 / 0

[JBoss JIRA] Created: (SEAMPERSIST-30) Rename org.jboss.seam.persistence.transactions test package

by Ondrej Skutka (JIRA)

Rename org.jboss.seam.persistence.transactions test package ----------------------------------------------------------- Key: SEAMPERSIST-30 URL: https://issues.jboss.org/browse/SEAMPERSIST-30 Project: Seam Persistence Issue Type: Task Affects Versions: 3.0.0.Beta4 Reporter: Ondrej Skutka Priority: Optional rename tests/base/src/main/java/org/jboss/seam/persistence/transactions to transaction to match the impl package -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

2
2
0 / 0

[JBoss JIRA] Created: (SEAMFACES-73) The mappins are not properly logged in the following log entry: "Auto-registering FacesServlet with mappings "

by Marek Dec (JIRA)

The mappins are not properly logged in the following log entry: "Auto-registering FacesServlet with mappings " --------------------------------------------------------------------------------------------------------------- Key: SEAMFACES-73 URL: https://issues.jboss.org/browse/SEAMFACES-73 Project: Seam Faces Issue Type: Bug Components: Configuration API Affects Versions: 3.0.0.Beta2 Reporter: Marek Dec Priority: Trivial When auto registering faces servlet (FacesServletInitializer) an array of mappings is logged. The problem is that String[].toString method is invoked to produce the list of mappings what results in printing a meaningless information (Object.toString()). FacesServletInitialization:44, method: private void registerFacesServlet(ServletContext ctx). -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

2
3
0 / 0

[JBoss JIRA] Created: (SEAM-14) Figure out how to get ${project.version} replaces in ref guide and readme

by Dan Allen (JIRA)

Figure out how to get ${project.version} replaces in ref guide and readme ------------------------------------------------------------------------- Key: SEAM-14 URL: https://issues.jboss.org/browse/SEAM-14 Project: Seam 3 Issue Type: Task Components: Build Infrastructure Reporter: Dan Allen Assignee: Dan Allen Priority: Minor -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

4
5
0 / 0

[JBoss JIRA] Created: (SEAM-3) Merge "API" javadoc from IMPL to API

by Pete Muir (JIRA)

Merge "API" javadoc from IMPL to API ------------------------------------ Key: SEAM-3 URL: https://jira.jboss.org/jira/browse/SEAM-3 Project: Seam 3 Issue Type: Task Components: Build Infrastructure Reporter: Pete Muir -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

3
3
0 / 0

[JBoss JIRA] Created: (SOLDER-61) Write documentation for JBoss Logging

by Dan Allen (JIRA)

Write documentation for JBoss Logging ------------------------------------- Key: SOLDER-61 URL: https://issues.jboss.org/browse/SOLDER-61 Project: Seam Solder Issue Type: Feature Request Components: Documentation Affects Versions: 3.0.0.Beta1 Reporter: Dan Allen Fix For: 3.0.0.CR1 Seam Solder is the project that exposes JBoss Logging to the community (it's the face of JBoss Logging). We need a dedicated chapter on JBoss Logging: 1. What is it? 2. Why do we need it? 3. Is it portable (yes) 4. How do you use it? 5. How does tooling play in? 6. What does Solder add? -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

2
2
0 / 0

[JBoss JIRA] Created: (SOLDER-73) Misc documentation issues

by Jozef Hartinger (JIRA)

Misc documentation issues ------------------------- Key: SOLDER-73 URL: https://issues.jboss.org/browse/SOLDER-73 Project: Seam Solder Issue Type: Bug Components: Documentation Affects Versions: 3.0.0.Beta3 Reporter: Jozef Hartinger Priority: Minor * Section 1.2 ** remove org.jboss.logging:jboss-logging as a transitive dependency ** change "Most of Seam Solder has very few dependencies, only one of which is not provided by Java EE 6:" to reflect reality * Chapter 3 - "Annotations without *listitems* provide a static INSTANCE *listitem* that should be used rather than creating a new instance every time." - this probably talks about annotations without *members* - IMHO it is not correct to reference annotation members as "listitems" - at least the CDI spec uses the term *member* * Chapter 6 ** "Access to MDC and NDC" - personally, I have no idea what *MDC* and *NDC* mean - consider explaining / using full name / providing a link * Chapter 7 ** " This chapter will walk you each utility" - should be "This chapter will walk you *through* each utility" ** s/javaodoc/javadoc * Section 7.1 ** s/Seam Solder provides an AnnotatedType implementation that should be suitable for most portable extensions needs./Seam Solder provides an AnnotatedType implementation that should be suitable for most portable *extensions'* needs. * Chapter 14 - s/intercepter/interceptor -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

3
4
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

seam-issues February 2011