Security Concerns of Migrating from Richfaces to Primefaces - security

I have a small Richfaces web application hosted on a JBoss EAP 6.4 server. I want to now run the app instead on a JBoss EAP 7.0 server, and modify the app to use Primefaces v6.1 instead of Richfaces.
Can anyone tell me (or make an educated guess) as to what may be some new security concerns or implications for doing so?
Thanks

Related

PrimeFaces 3.5 with WebSphere 6.1

I have a problem with WebSphere 6.1 and Primefaces. I have created an application, but used a local Tomcat appserver for testing. Everything was working fine, until I tried to deploy it on WAS 6.1.
After investigating the internal server problem, I saw, that WAS 6.1 only supports JSF 1.1, so I can throw out the whole interface :S
My question is, what is the best and most importantly, the fastest solution for this:
my interface is very simple, only panels, commandbuttons, a menu and a printer component. Is it possible to go back to a previous version of primefaces that supports jsf 1.1 keeping most of the code? (as I read, primefaces 1.1 is the last, which is far away from 3.5 )
use another faces implementation, if yes which one is the easiest to switch to from primefaces
can WAS 6.1 be made somehow compatible with JSF 2?
any other way
It's possible if you drop the necessary JSF 2.0/2.1 + PrimeFaces 3.5 JARs in webapp's /WEB-INF/lib and set in WebSphere admin the classloader policy to PARENT_LAST on both the EAR and WAR. This will force WebSphere to load webapp-bundled JSF instead of its own bundled JSF.

JSF - Trinidad versus MyFaces

I understand that the Trinidad framework is an extension of MyFaces project (who is the JSF implementation). But, I have JSF project that has only the trinidad dependencies. So, I ask:
How works this project without the JSF implementation´s dependencies?
Thank you
Apparently the project which you've in hands is been targeted for deployment on a real Java EE application server.
Normally, JSF is already provided as part of the Java EE API by a decent Java EE application server such as Glassfish, JBoss AS, WebSphere, WebLogic, etc. The web application project does not need to include the JSF libraries at all (like as it does not ever need to include the JSP/Servlet/EJB/JPA/etc libraries when deployed to such a server).
However, in case of barebones JSP/Servlet containers like Tomcat and Jetty, JSF is not provided by the server itself. JSF has either to be manually installed in those containers or to be provided by the web application project itself.
JSF component libraries like Trinidad, PrimeFaces, RichFaces, etc are not part of the Java EE API and thus surely need to be supplied by the web application project itself.

Does JSF 1.2 support JDK 1.5 and Servlets 2.4?

I am currently developing a J2EE project using Servlets 2.4 and JSF 1.2. If I deploy my app in WebSphere 6.1, the page renders properly. If I deploy it in Tomcat 6.0 that uses JDK 1.5, the page doesn't render properly and show something like below:
<h:outputText value="#{msg.my_value}" />
I am just curious to know what is the root cause that cause the problem and it's just so interesting that it works in WebSphere and doesn't work in Tomcat although both of them are using JDK 1.5.
WebSphere as being a concrete Java EE application server ships with bundled JSF libraries, but Tomcat as being a simple JSP/Servlet container does not ship with any bundled JSF libraries. If you have paid close attention to your Tomcat server logs, then you should have noticed that there's a ClassNotFoundException on the FacesServlet which should already be enough hint as to the root cause of this problem.
You need to supply your own JSF implementation for Tomcat. This can be done by manually downloading the JSF libraries and placing them in either the /WEB-INF/lib folder of your webapp, or the /lib folder of the Tomcat installation. The latter will apply on all of its deployed webapps, like as happens in WebSphere.

Oracle ADF Faces application on Websphere 7.0

Can someone please help me out with the Oracle ADF faces application which I'm trying to deploy on Websphere 7.0? Do I need to apply any fixpacks on WAS? I'm trying to migrate this project from Websphere 6.1 to Websphere 7.0.
In Websphere 6.1, after removing jsf implementation jar files and providing them as part of WEB-INF\lib and changing the classloader to PARENT_LAST, the application was working fine.
For websphere 7.0, I can't seem to get the application working. It always picks up the Sun's JSF implementation. I've also tried the shared library concept but to no success.
Regards,
Zahir
The Oracle documentation lists a certification for WAS 7.0.0.13 ND. So you need FixPack 13 or later.
As the WebSphere Application Server 7 is a full blown JEE5 server it requires/has JSF 1.2 support. You can switch between the built in Sun and MyFaces implementation if required.
You should probably make sure that the ADF version you are using is certified for WAS 7. The ADF release notes tell that ADF supports JSF 2.0. The WAS 7 only comes with JSF 1.2. Exchanging the JSF version with placing the JSF 2 libs into WEB-INF/lib works well for our projects in conjunction with the 'PARENT_LAST' classloading policy. Make sure that you set the policy either for the whole application or for both the application and the web module.
ADF Faces is a Java based framework and it will run on WebSphere but, you have to add the required libraries first. The easiest way to prepare WebSphere to run ADF Faces application is through JDeveloper. Alternatively, you can google Oracle JRF (Java Runtime Framework) and install that on your WebSphere, before running the ADF Faces application.

Deploying JSf 2.0 app in tomcat 5.5

I have developed a JSF 2.0 application and tested it on Apache Tomcat 6.0. The problem is that the official server can only have version 5.5 installed. So I tried to deploy it as it was but I kept getting the JasperException. I figured out that the problem probably lies with the standard.jar and jstl.jar. How can I deploy it then? How to downgrade the application?
Thanks for any help, links or tutorials.
Best Regards.
JSF2.0 requires Tomcat 6.0 or later.
If you use the JSF-RI 1.2, you can run JSF 1.2 with tomcat 5.5
EDITED:
I read that in version 5.5.20 it doesn't work properly. Tomcat 5.5.17 and Tomcat 5.0.28 are fine with JSF1.2
I have used Mojarra 2.0.3-b03 on Tomcat 5.5.28 and it works well so far. All basic facelet tags work fine so far (h:dataTable, f:ajax, etc.)
Currently trying to use RichFaces 4 (still under development though) but seems lot of components not ready yet.

Resources