I am trying to cluster enable my JSF 2.1 application (mojarra 2.1, Primefaces) on Jboss AS 7.2 (EAP 6.3) And I have researched this issue wihtou being able to find an answer.
I have deployed the application to two nodes and logged into the application. The I shut down the node that was being used and when I try to use the application again, I am directed to a login page. The have printed the session id and it changes when I hit the new node.
I have deployed a sample cluster bench (https://github.com/clusterbench/clusterbench) and the examples all work, with the exception of the JSF sample. The session id is always lost when a node goes down.
My web.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<distributable />
...
</web-app>
My jboss.web.xml is:
<jboss-web version="6.0"
xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_6_0.xsd">
<replication-config>
<!-- The default value is SET_AND_NON_PRIMITIVE_GET, therefore the byte array which is carrying the data is considered
non-primitive and would cause replication even in read only scenario. -->
<replication-trigger>SET</replication-trigger>
<!-- Replicating entire session is the default. -->
<replication-granularity>SESSION</replication-granularity>
</replication-config>
<context-root>/sample</context-root>
</jboss-web>
I am using Spring security to secure my rest API. Following are my configurations;
spring-secutiry.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true">
<!-- Authentication Type and Intercepter Configurations -->
<security:http-basic />
<security:intercept-url pattern="/**" />
<security:anonymous enabled="false" />
<security:session-management invalid-session-url="/">
<security:concurrency-control max-sessions="1" />
</security:session-management>
<security:logout logout-url="/signOff" invalidate-session="true"
delete-cookies="JSESSIONID" logout-success-url="/" />
</security:http>
<bean id="myAuthenticationProvider"
class="com.myauthenticator.spring.secutiry.MyAuthenticationProvider" />
<security:authentication-manager>
<security:authentication-provider ref="myAuthenticationProvider" />
</security:authentication-manager>
</beans>
There is no such implementation for custom logout. I am expecting Spring to intercept call to /signOff and destroys token and redirect me to / because of the configuration in logout-success-url which should challenge for a BASIC auth once more but its loading my home page.
It seems like my spring configurations are not correct i.e. not all calls are intercepted by Spring filter. I have following configurations in my web.xml to priorities my web-fragment which contains my Spring Security Filter;
web.xml
<absolute-ordering>
<name>MyAuthenticator</name>
<others/>
</absolute-ordering>
Note: My filter and custom authentication are implemented as a web-fragment which looks like as follows;
web-fragement.xml
<web-fragment
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
xmlns:webfragment="http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd"
id="T24Authenticator" version="3.0">
<display-name>T24 Authentication Provider</display-name>
<name>MyAuthenticator</name>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
.....
I think there is something wrong with my configurations! But I can't spot it, can anyone?
I am a newbie in Spring based web development.
Our site is Spring based and is currently http based (so quite insecure).
Since, the site is not live yet, we are sending login/password also through a normal JSON request to server and have focussed mostly on JSP, UI design, SQL queries etc.
Now, we want to shift to focus on security and shift to https as a first step.
I have read a no. of web-pages and some spring books but none seems to provide a clear answer on how Spring can be used to provide https security.
Can some one please help me in achieving the above?
Please let me know if my question is not clear. I will try to add more details ASAP.
Our web.xml is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
"
id="WebApp_ID" version="2.5">
<display-name>Spring3MVC</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<!--> Mapping for serving static web-content <-->
<!--> The resources folder must be in parallel to WEB-INF <-->
<!--> The mvc:resources gives "not bound" exception unless bound to a namespace as above for xmlns:mvc <-->
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:resources mapping="/scripts/**" location="/scripts/" />
</web-app>
There is only one controller right now for which, spring-servlet.xml is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:component-scan
base-package="console.controllerpkg" />
<bean id="viewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
</beans>
Thanks a lot in advance!
P.S. If you can recommend me a good example based site/book on spring, it would be much appreciated. Most of the sites/books I have seen lay much emphasis on theory but very little examples. That has left me a little confused.
As Dave says, you need to configure your container to serve SSL, and then deploy your spring app into that container. Learn about configuring Tomcat for SSL.
Alternately, and more flexibly you can front your container using Apache, and enable SSL there.
Spring is not 100% responsible for configuring SSL. For that you need to configure the container (jetty, tomcat, etc) to handle SSL.
Thanks for all the help guys.
I will re-iterate what I did just for my own record purposes.
First of all, the link provided by nont about 'Tomcat for SSL' was really helpful.
I read all about SSL and Tomcat there and this is what I did:
On the command prompt, enter:
keytool -genkey -alias tomcat -keyalg RSA
The above command asked me some simple questions needed for a Certificate. I used the password 'changeit' wherever asked (as that is the default password).
On finishing with the above command, it generated a keystore file in C:/Documents and Settings//.keystore
I copied this .keystore file to tomcat/conf/myKeyStore.jks
Then I added the following to conf/server.xml :
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" minSpareThreads="5"
maxSpareThreads="75"
enableLookups="true"
disableUploadTimeout="true"
acceptCount="100"
maxThreads="200" debug="5"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${catalina.home}/conf/myKeyStore.jks"
keystoreType="JKS" keystorePass="changeit"
truststoreFile="${catalina.home}/conf/cacerts"
truststoreType="JKS" truststorePass="changeit"
SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2"
sslProtocol="TLS" />
And that's it!!
Next time, I ran tomcat my old http link did not work.
Then I tried adding sweet 's' to http with a port number of 8443 and lo! everything was up and running again.
Thanks nont for the wonderful link!!
Configure two different web sites, one for http and one for https, the one for http will have just a redirect to the https site.
I am using JSF in one of my application and the scenario is as follows:
1.I have a pages folder under WEB_INF
2.Inside pages I have a.jsp
3.When I deploy this application with the local tomcat it says "The requested resource (/pages/a.jsp) is not available."
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaeehttp://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>Sample_Proj</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>AddUser.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
</web-app>
Is there anything else i need to add into web.xml?
The below url is what I'm using to hit the page:
http://localhost:8080/Sample_Proj/WEB-INF/page/AddUser.jsp
Your jsp files / folders should exist in the root of the web project and not in the WEB-INF folder, i.e.:
/pages/a.jsp
/WEB-INF/...
Your web.xml file is very much incomplete when it comes to a JSF web project. I would recommend reading the Java EE 6 tutorial, you can read through this chapter on getting started with web applications
I had configured JSF 1.2 successfully to display English error messages that come from the server. Now I was making the transition to JSF 2.0, but the error messages seem to be back to German. Localized error messages are a real pain if you want to google up anything (I have no idea who decided localized error messages to be a good thing BTW!).
Here's the faces-config.xml:
<?xml version="1.0" encoding="UTF-8"?>
<faces-config version="2.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd">
<application>
<!-- view handler only for JSF 1.2 -->
<!--view-handler>com.sun.facelets.FaceletViewHandler</view-handler-->
<locale-config>
<default-locale>en</default-locale>
<supported-locale>en</supported-locale>
<supported-locale>en_US</supported-locale>
</locale-config>
</application>
</faces-config>
I'm using JSF 2.0.3 as shipped with JBAS 6, plus Seam and RichFaces.
Does anyone know how to get error messages in English language? Maybe config from the deployer or JBAS 6 itself?
Edit: the error messages appear at server startup as launched from inside Eclipse.
The message comes from your container, not from JSF.
You can change your regional settings or add the JVM parameter -Duser.language=en when you start the container.