headers
Bruno Aranda | 9 Feb 19:10
Picon
Gravatar

Myfaces 2.1.6 change of behaviour for h:outputScript

Hi,

I can see there are some improvements related to the resource handling and
to fix a security problem in MyFaces 2.1.6. However, now the behaviour for
h:outputScript seems to have changed and subfolders are not allowed in the
"library" attribute.

Before I could do things like:

<h:outputScript library= "javascript/mysuperlibrary"
name="mysuperscript.js" />

And now the resource handler complains with a warning:

09-Feb-2012 18:04:21 org.apache.myfaces.renderkit.html.HtmlScriptRenderer
encodeEnd
WARNING: Resource referenced by resourceName mysuperscript.js and
libraryName javascript/mysuperlibrary not found in call to
ResourceHandler.createResource. It will be silenty ignored.

Am I doing something wrong? Do I need my own ResourceHandler if I want to
have all my resources in their subfolders, resulting in a more tidy project?

Cheers,

Bruno
Permalink | Reply | 4 comments |
headers
Leonardo Uribe | 9 Feb 16:58
Picon
Favicon
Gravatar

[SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability

--------------------------------------------------------------------------------------------------

CVE-2011-4367: Apache MyFaces information disclosure vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
           MyFaces Core 2.0.1 to 2.0.11
           MyFaces Core 2.1.0 to 2.1.5
           Earlier versions are not affected

Description:

MyFaces JavaServer Faces (JSF) allows relative paths in the
javax.faces.resource 'ln' parameter or writing the url so the resource
name include '..' sequences . An attacker could use the security
vulnerability to view files that they should not be able to.

Mitigation:

Users of affected versions should apply one of the following mitigations:
MyFaces Core 2.0.x users should update to 2.0.12
MyFaces Core 2.1.x users should update to 2.1.6

Example:

In linux or similar systems:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Döring Markus | 8 Feb 10:20
Picon

[Trinidad] JIRA Issue 354: autoSubmit on text field suppresses ActionEvent on a button

Hi List,

I've come across this issue: https://issues.apache.org/jira/browse/TRINIDAD-354
and have to say (as others already posted in jira comments) that the issue is still not fixed in latest release.
Additionally it not only occurs on text field but also on select many listbox, select many shuttle any maybe
a lot more components.

Jira should be opened again and someone should look into it, because an issue from 2006 still not fixed is a pain.

Thanks
Markus
Permalink | Reply | 1 comment |
headers
Leonardo Uribe | 7 Feb 16:19
Picon
Favicon
Gravatar

[ANNOUNCE] MyFaces Commons20 1.0.2.1 release

The Apache MyFaces team is pleased to announce the release of
Apache MyFaces Commons20 1.0.2.1.

This project contains non-renderkit-specific code that can be used with any
myfaces jsf framework.

MyFaces Commons20 1.0.2.1 is available in both binary and source distributions.

     * http://myfaces.apache.org/commons/download.html

Apache MyFaces Commons is available in the central Maven repository under
Group ID "org.apache.myfaces.commons".

Release Notes - MyFaces Commons20 - Version 1.0.2.1

Sub-task

     [MFCOMMONS-44] - Remove gzip compression feature from myfaces commons resourcehandler

Bug

     [MFCOMMONS-39] - semicolon typo in ExtendedDefaultResourceHandlerSupport
     [MFCOMMONS-40] - enable checkstyle checks for MyFaces commons
     [MFCOMMONS-41] - MyFaces commons files must use svn:eol-style native
     [MFCOMMONS-45] - CLONE - MyFaces ResourceImpl$ValueExpressionFilterInputStream does not handle
resolving long URLs
     [MFCOMMONS-46] - CLONE - org.apache.myfaces.shared.resource. ResourceImpl: PushbackInputStream
delegate is not closed

Enjoy!
(Continue reading)

Permalink | Reply | 0 comments |
headers
Leonardo Uribe | 7 Feb 16:11
Picon
Favicon
Gravatar

[ANNOUNCE] MyFaces Core v2.0.12 Release

The Apache MyFaces team is pleased to announce the release of MyFaces Core 2.0.12.

MyFaces Core is a JavaServer(tm) Faces 2.0 implementation as specified by JSR-314. MyFaces Core has
passed Sun's JSR-314 TCK and is 100% compliant with the JSR-314 specification.

MyFaces Core 2.0.12 is available in both binary and source distributions.

     * http://myfaces.apache.org/download.html

MyFaces Core is also available in the central Maven repository under Group ID "org.apache.myfaces.core".

Release Notes - MyFaces Core - Version 2.0.12

Sub-task

     [MYFACES-3437] - [PERF] Use index-based loop where possible

Bug

     [MYFACES-3401] - Issue with RichFaces fileUpload component using MyFaces 2.0
     [MYFACES-3414] - MyFaces ResourceImpl$ValueExpressionFilterInputStream does not handle resolving
long URLs
     [MYFACES-3416] - Default ValidatorFactory is not stored on application map
     [MYFACES-3429] - ArrayIndexOutOfBoundsException in CompositeELResolver under load
     [MYFACES-3430] - org.apache.myfaces.shared.resource. ResourceImpl: PushbackInputStream delegate
is not closed
     [MYFACES-3431] - jsf.js: minor spec implementation bug, success is sent at the wrong location of the code
     [MYFACES-3433] - PhaseListenerManager throws NPE if pre-phase action was unsuccessful
     [MYFACES-3442] - Infinite loop when calling ApplicationImpl._handleListenerForAnnotations under
heavy load
(Continue reading)

Permalink | Reply | 0 comments |
headers
Deschamps Yves | 3 Feb 14:19
Picon
Picon
Favicon
Gravatar

Maven Repository for portlet-bridge 1.0.1-SNAPSHOT

Hi,

Where can i found myfaces portlet-bridge 1.0.1-SNAPSHOT (Maven) ?
Thank you.

--

-- 
Yves Deschamps
CRI Pôle Web, Environnement Numérique de Travail
Bâtiment M4
Tel : 03 20 43 41 89
Fax : 03 20 43 66 25
Blog Pro : http://blogs.univ-lille1.fr/pg/blog/ydescham
Permalink | Reply | 0 comments |
headers
Michael Heinen | 3 Feb 10:15

Re: onsumit not exeucted for ajax requests - alternative?

Hi,

onsubmit of the form is executed for the standard Command Button but not 
for an Ajax Button.
I tried with myFaces 2.1.5, 2.0.11 and with mojarra 2.1.6 and 2.0.8.

Here is a very simple sample:
<html xmlns="http://www.w3.org/1999/xhtml"
       xmlns:ui="http://java.sun.com/jsf/facelets"
       xmlns:h="http://java.sun.com/jsf/html"
       xmlns:f="http://java.sun.com/jsf/core">
<ui:composition>

<h:form id="myform" onsubmit="alert('submitted')" >
<h:outputText id="oldCounter" value="oldCounter: 
#{MyController.counter}"/><br/>
<h:outputText id="newCounter" value="newCounter: 
#{MyController.counter}"/><br/>

<h:commandButton value="AjaxButton" 
actionListener="#{MyController.increase}" >
<f:ajax render="newCounter" execute="@this"/>
</h:commandButton><br/>
<h:commandButton value="Button" actionListener="#{MyController.increase}"/>
</h:form>

</ui:composition>
</html>

@ManagedBean(name = "MyController")
(Continue reading)

Permalink | Reply | 0 comments |
headers
Michael Heinen | 2 Feb 11:05

onsumit not exeucted for ajax requests - alternative?

Hi,

I am currently migrating an application to JSF 2.1

I have a lot of ajax commands (richfaces) and some new f:ajax tags.
My forms contain some js functions which should be called during 
onsubmit but unfortunately onsubmit is not called for ajax requests.

How can I specify some JS functions that should be executed before any 
ajax call?
I do not want to add them to a few hundred commands manually and would 
like to define the calls on a few spots as possible.

Thanks,
Michael
Permalink | Reply | 8 comments |
headers
PEREZ ALCAIDE JESUS | 31 Jan 13:27
Picon
Gravatar

Synchronization problem

Hello,

I'm having some errors while doing a stress testing on my application. If I make a single request it works
fine. Even if I make a single request and after that do the stress test, it works fine. The problem occurs
when doing the stress test on a just started server.

For the stress test I'm using WebLOAD to make requests to the same URL during 5 minutes, beginning with 5
concurrent users until 500 concurrent users. The problem is arising at the very beginning of the test.

I have wrapped the Application object  in order to do additional processing when creating a composite
component of my own:

public class BKSApplication extends ApplicationWrapper {

      /** Component type for views */
      private static final String COMPONENT_TYPE_VIEW = "rigel.faces.View";

      private volatile Application wrapped;

      public BKSApplication(Application application) {
            super();
            wrapped = application;
      }

      [...]

      @Override
      public UIComponent createComponent(FacesContext context, Resource componentResource) {
            UIComponent comp = wrapped.createComponent(context, componentResource);
            // get componentType
(Continue reading)

Permalink | Reply | 0 comments |
headers
Cédric Durmont | 27 Jan 15:02
Picon

[ExtVal] Validations for one action only

Hello there,

I'm trying to implement a somewhat classical validation scheme : I
have a JSF form ( Myfaces 2.1.5, Trinidad 2.0.2-SNAPSHOT), and I want
to perform some validations but only when I trigger a specific button
/ action.
Other buttons in the page may open dialogs, trigger actionEvents /
valueChangeEvents. There are also some autosubmit input fields
(Trinidad), and I need all these to run without being stopped by the
validation.

I tried to simply use immediate="true" on every button / field where
it was needed, but strangely enough, it didn't stop all of the
validations (esp. the input fields with autosubmit + immediate="true"
act as if they were immediate="false".

Can some folks here give me a hint on the best way to achieve this ?
My validations a a mix on static (this field is numeric, this one's 50
chrs max, etc.) and dynamic ("if value of attribute A is in a specific
list, then B becomes mandatory", "X or Y may be null, but not both")
Getting these to work with Trinidad's client-based validations would
definitely be the icing on the cake !

Thanks,

Cedric Durmont
Permalink | Reply | 1 comment |
headers
Thomas Andraschko | 26 Jan 23:01

Pluggable serialization

Hi,

i know, there already is an wiki entry which explains how to use JBoss
Serialization.
I tried this in our application but unfortunately there is mem leak which
occurs after some jetty or tomcat restarts.
We don't use client side state saving but AFAIK it will also be used for
"SERIALIZE_STATE_IN_SESSION".

My question is, would it be possible to make the serialization more
pluggable?
I know for example msm (memcached-session-manager) is using a pluggable
serialization for serializing the session to the memcached nodes.
It allows to use for example: default java, kyro, xstream or javolution.

Thanks.

Best regards,
Thomas
Permalink | Reply | 2 comments |

Gmane