How can we do when use onmifaces in the case of spring boot apps?, where the error pages declaration is made at EmbeddedServletContainerCustomizer class?
#Override
public void customize(ConfigurableEmbeddedServletContainer container) {
MimeMappings mappings = new MimeMappings(MimeMappings.DEFAULT);
mappings.add("eot", "application/vnd.ms-fontobject");
mappings.add("ttf", "application/x-font-ttf");
mappings.add("woff", "application/x-font-woff");
mappings.add("woff2", "application/x-font-woff2");
container.setMimeMappings(mappings);
container.addErrorPages(new ErrorPage(HttpStatus.NOT_FOUND, "/error.xhtml"));
container.addErrorPages(new ErrorPage(FaceletException.class, "/error.xhtml"));
container.addErrorPages(new ErrorPage(Throwable.class, "/error.xhtml"));
}
I have analized findErrorPageLocation and it uses WebXml that parses web.xml files.
The Servlet API in its current version does not support programmatically defining and obtaining error pages. That's why OmniFaces had to manually parse web.xml.
OmniFaces does not and will not support Spring specific APIs. I recommend to just keep using web.xml for error page configuration so that non-Spring libraries will be able to share them.
Related
org.primefaces.webapp.filter.FileUploadFilter does not registered to my application, unless I define FileUploadFilter explicitly in my spring configuration like;
#Bean
FileUploadFilter fileUploadFilter() {
return new FileUploadFilter();
}
Referring to this question;
If you're however not using JSF 2.2 yet and you can't upgrade it
(should be effortless when already on a Servlet 3.0 compatible
container), then you need to manually register the below PrimeFaces
file upload filter in web.xml (it will parse the multi part request
and fill the regular request parameter map so that FacesServlet can
continue working as usual)
Conversely I have javax.faces in my classpath: org.glassfish:javax.faces:jar:2.2.13:compile. (and mojarra impl)
Should we go manually with this? Or else It can not be detected and registered automatically, we have to register a manual configuration to joinfaces
UPDATE: Actually this is not directly relevant to registration of FileUploadFilter. Embedded jetty in spring-boot does not pick up annotated configurations example of which FacesServlet has a #MultipartConfig annotation. I have opened an issue to spring-boot for that:
https://github.com/spring-projects/spring-boot/issues/6681
https://github.com/spring-projects/spring-boot/issues/6680 will fix the issue. WebServletHandler will pick up #MultipartConfig annotated classes.
Is it possible for someone to access or view the web.xml file of a web application over internet, using somthing like wget tool? I'm asking for saecurity reasons like username
By specification, it is not possible to directly access /WEB-INF (and /META-INF) contents by a public URL. Here are extracts of relevance from the aforelinked specification:
10.5 Directory structure
...
Also, except
for the case where static resources are packaged in JAR files, any requests from the
client to access the resources in WEB-INF/ directory must be returned with a
SC_NOT_FOUND(404) response.
10.6 Web Application Archive File
...
Also, any requests to access the resources in META-INF
directory must be returned with a SC_NOT_FOUND(404) response.
However, there have been implementations, configurations and even homegrown servlets or filters which introduced a security bug making this possible. All those security issues boil down to be caused by a RequestDispatcher#forward() or even RequestDispatcher#include() (so watch out with dynamic <jsp:include>!) call forwarding or including a resource which is specified by a client-controlled request path or parameter, if necessary making use of path traversal with ../.
Here's the simplest example of such a servlet exposing the security issue:
#WebServlet("/test/*")
public class TestServlet extends HttpServlet {
#Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.getRequestDispatcher(request.getPathInfo()).forward(request, response);
}
}
On Tomcat (tested with 8.0.21), you can with the above servlet get the web.xml contents by just calling http://localhost:8080/context/test/WEB-INF/web.xml. Such a servlet is often implemented as part of homegrown MVC front controller or dispatcher pattern. Decent MVC frameworks like JSF and Spring MVC shouldn't have this issue.
And, some users configure a MVC front controller on a "catch-all" URL pattern of /* or even /, and then re-map the static resources like CSS/JS/images on /static/* to container's default servlet like so:
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/static/*</url-pattern>
</servlet-mapping>
On older Tomcat versions (before 7.0.4), the enduser can get /WEB-INF (and /META-INF) contents through such a mapping. This problem was mentioned previously in this Q&A: Tomcat serving static content. Actually, this mapping approach is wrong and should have been solved with help of a filter as descibed in this answer: How to access static resources when mapping a global front controller servlet on /*. See also Tomcat issue 50026.
Summarized: by default it's not possible. But (bad) code and configuration can make this possible.
I'm using spring boot with jsf (primefaces). here you can find sample of my application. When I invoke this application using mvn spring-boot:run and access application with jsf or with xhtml everything works ok. But when I deploy this application to tomcat, xhtml page is not rendered properly. I can see page source (xhtml source, not html), but this is not wanted. I want to be able to display the same with .jsf and .xhtml.
Can anybody tell me what am I missing?
Edit:
as I reviewd this issue and it was not helpfull (I also have *.xhtml mapping for faces servlet and as I wrote before, this is working on spring-boot embedded tomcat but not on classic tomcat), I think the problem will be more related to the spring configuration, but I'm not sure what and where to change.
Thanks
Problem in spring config. Add this to file Application.java:
#Bean
public ViewResolver getViewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/view/");
resolver.setSuffix(".xhtml");
return resolver;
}
I am using JSF 2.0 and Liferay 6.1
On any kind of request to any Java class my init() is getting called. Even in case of PrimeFaces component calls for its related PrimeFaces Java method. This method should be called only once when my portlet will initialize.
#ManagedBean
#ViewScoped
public class MyMangedBean {
public void init() {
System.out.println("Init method called");
}
}
Please help me to find out possible solution.
EDIT
I found the component behind this cause
In my xhtml file I have
<bridge:inputFile id="MyFileUpload" size="50"
binding="#{myBean.toBeUploadFile}" onchange="{fileSelected(this);}" style="position: absolute;height: 29px;width:107px;opacity:0;filter: alpha(opacity=0);z-index:100;"/>
Whenever I remove its binding attribute. My project works fine. It will not call init() multiple times. But I need this attribute to get my file uploaded.
I have kept xml namespace as
xmlns:bridge="http://portletfaces.org/bridge"
I have also kept dependency for commons-io(version 1.3) and commons-filedownload(1.2.1) in pom.xml
I dont know what else I am missing for this component or what is actual cause behind this.
You should consider using the bridge:inputFile tag that comes with the latest release of Liferay Faces instead of the older obsolete tags that come from portletfaces.org.
There is a nice demo here that uses the bridge:inputFile that you can try on a Liferay tomcat portal instance, and then follow the same pattern that it uses for file upload.
That demo has been tested, it works great, and it is supported by Liferay.
There are many more demos that are tested and working well on Liferay Portal 6.1. You can download the source for them and build them for yourself as shown here. And follow the version scheme here to make sure that you align the correct versions of the Portal, Mojarra, and the Liferay Faces Bridge.
Hope that helps.
I am building a web service using seam 2.0.1 and deploying it on jboss 4.2.2 GA. I have my web service class which access another class (updates stuff in data base).
I have standard-jaxws-endpoint-config.xml in META-INF folder.
#Name("pluginHandler")
#Scope(ScopeType.APPLICATION)
#Install(precedence = Install.BUILT_IN)
#Startup(depends = "someclass")
#Stateless
#WebService(name = "Plugin", serviceName = "PluginService")
public class PlugInHandler {
#WebMethod
public int processRequest(Account account)
{
Workbench wb = Component.getInstance("Workbench");
//above line keeps throwing exception "No application context active"
}
}
I have been looking all over different forums, but I cannot find a solution. I tried using Lifecycle.begincall() and Lifecycle.endCall() but nothing worked.
Do I need web.xml as well? If yes what information should web.xml contain?
Any help would be highly appreciated.
I recognize that this is question is rather dated, but to those few poor souls out there that still share your (and, currently my) predicament, here are a few pointers (dragged together from various sources but mainly from https://community.jboss.org/thread/192046):
Java EE WebService
First, using JBoss 4.2.2 likely means using Java EE5. WebServices there (with or without SEAM 2) can only be created on top of Stateless Session Beans. Stateless Session Beans in Java EE 5 need to implement a Service Endpoint Interface annotated with #Local or #Remote. While this has become optional in Java EE6, it is still mandatory here.
So:
#Local
public interface PluginHandlerInterface {
int processRequest(Account account);
}
#WebService
#Stateless
public PluginHandler implements PluginHandlerInterface { }
POJO WebService
If, in seam, you want to use a regular POJO as web-service, your class has to have another special annotation defining a Handler chain:
#WebService
// This here makes all the difference!
#HandlerChain(file = "web-service-handler-chain.xml")
public class PluginHandler {
...
}
This is the handler chain you put in /WEB-INF/classes/web-service-handler-chain.xml:
<?xml version="1.0" encoding="UTF-8"?>
<handler-chains xmlns="http://java.sun.com/xml/ns/javaee">
<handler-chain>
<handler>
<description>seam request handler</description>
<!-- probably not necessary
<handler-name>org.jboss.seam.webservice.SOAPRequestHandler</handler-name>
-->
<handler-class>org.jboss.seam.webservice.SOAPRequestHandler</handler-class>
</handler>
</handler-chain>
</handler-chains>
And you have to announce your service class to the war files web.xml like so:
<listener> <!-- this might already be present in your web.xml -->
<listener-class>org.jboss.seam.servlet.SeamListener</listener-class>
</listener>
<servlet> <!-- Which class is to be used? -->
<servlet-name>PluginHandler</servlet-name>
<servlet-class>your.package.name.PluginHandler</servlet-class>
</servlet>
<servlet-mapping>
<!-- you'll find it under http://localhost:8080/your-war/PluginHandler?wsdl-->
<servlet-name>PluginHandler</servlet-name>
<url-pattern>/PluginHandler</url-pattern>
</servlet-mapping>
So these three steps, creating the handler chain, adding the annotation and announcing your service to the web.xml, should do the trick for you in SEAM: You'll have a web-service and the SEAM Context available right in it.