p:captcha throws - Blocked loading mixed active content on FireFox - jsf

I am having problems trying to use the <p:captcha>. I am getting the following error in FireFox v34.0.5:
Blocked loading mixed active content "http://www.google.com/recaptcha/api/challenge?k=xxxxxxxxxxxxxxxxxxxxxxxxx"
The check button is showing but not the captcha image
My applications is hosted in a secure (HTTPS) server but seems the captcha is connecting to a non secure server using HTTP
This is my web.xml file:
<context-param>
<param-name>primefaces.PUBLIC_CAPTCHA_KEY</param-name>
<param-value><xxxxx_recaptcha_generated_public_captcha_key></param-value>
</context-param>
<context-param>
<param-name>primefaces.PRIVATE_CAPTCHA_KEY</param-name>
<param-value><xxxxx_recaptcha_generated_private_captcha_key></param-value>
</context-param>
And my view file (forgottenOPassword.xhtml):
<p:captcha label="Captcha" rendered="#{passBB.showCaptcha}"/>
<p:commandButton actionListener="#{passBB.verifyCaptcha}"
ajax="false"
icon="ui-icon-check"
rendered="#{passBB.showCaptcha}"
value="Check"/>

Set the secure attribute of <p:captcha> to true. See also VDL documentation: "Enables https support".
<p:captcha ... secure="true" />
Or if you'd like to let it depend on the current request (e.g. when you've 2 versions of the webapp and the captcha is placed in some reusable tagfile/component), then check HttpServletRequest#isSecure() instead:
<p:captcha ... secure="#{request.secure}" />
Either way, if it evaluates to true, then the CaptchaRenderer will use https instead of http.

Related

OmniFaces CDNResourceHandler could not find resources when not included locally

I'm using OmniFaces CDNResourceHandler to point my resources to a CDN, instead of local files.
I added this line in my XHTML file: <h:outputStylesheet library="twitter-bootstrap" name="bootstrap.min.css" />
And my faces-config.xml have this line:
<context-param>
<param-name>org.omnifaces.CDN_RESOURCE_HANDLER_URLS</param-name>
<param-value>
twitter-bootstrap:bootstrap.min.css=https://somehost/twitter-bootstrap/3.3.7/bootstrap.min.css
</param-value>
</context-param>
And I'm getting this error when access the page:
Unable to find resource twitter-bootstrap, bootstrap.min.css
Note: When I access the file at https://somehost/twitter-bootstrap/bootstrap.min.css I can download the file properly.
I'm using Mojarra under Wildfly configured to Development stage.
The resource handler is properly configured at faces-config.xml file.
<application>
<resource-handler>org.omnifaces.resourcehandler.CDNResourceHandler</resource-handler>
</application>
I did some tests, and I notice that the error doesn't occurs if I create an empty file bootstrap.min.css under WEBAPP_FOLDER/resources/twitter-bootstrap. If I delete the file, the errors occurs again.
Even I use CDN, do I need to keep resources locally?
The CDNResourceHandler is primarily intented to move auto-included JSF resources to a CDN, such as jsf.js file from <f:ajax>, or primefaces.js and jquery.js from PrimeFaces, or to automatically switch to a CDN when installed in production.
You don't need it in your case with a permanent CDN resource. Just use plain <link>.
<link rel="stylesheet" src="https://somehost/twitter-bootstrap/bootstrap.min.css" />
This is also explicitly mentioned in the CDNResourceHandler documentation.
For non-JSF resources, you can just keep using plain HTML <script> and <link> elements referring the external URL
Update: as you're not the first one who wondered about this, I've as per issue 122 bypassed this technical restriction for OmniFaces 2.6. In other words, you do not necessarily need a local resource anymore.

tomahawk panelNavigation2 does not triggered actionlistener after upgrading to JSF2

I have migrated my web application from JSF 1.2 to JSF 2.1.
In my web.xml I have set the the following context-param to true in order to use bundle jars instead of using the provided wildfly jars.
<context-param>
<param-name>org.jboss.jbossfaces.WAR_BUNDLES_JSF_IMPL</param-name>
<param-value>true</param-value>
</context-param>
I have placed the following jars into the WEB-INF/libs folder:
tomahawk21-1.1.14, jsf-api-2.1.0.jar and jsf-impl-2.1.0.jar
I can start the application und log myself in. However once I click on a MenuItem built as follows:
<h:form id="nav" styleClass="nav">
<t:panelNavigation2 id="panel-nav" expandAll="true">
<t:navigationMenuItems value="#{hello.menuItems}" />
</t:panelNavigation2>
</h:form>
nothing happens. I have programmatically set actionListener for the MenuItem. It did work fine when using JSF1.2.
Using remote debugging with eclipse clearly proves that the action listener method is not called.
Best regards
Edmond

PrettyFaces fails in Wildfly 8.1.0 but works in 8.0.0

PrettyFaces kills the session on every request that involves a redirect when the application is deployed on Wildfly 8.1.0.Final. The same app deploys and works properly on Wildfly 8.0.0.Final.
On 8.1.0 PrettyFaces appears to prevent the servlet stack from retreiving the session ID.
The log shows no exceptions in either case. The URL rewrites occur, but session information (including login information) is gone. This is my pretty-config.xml
<pretty-config xmlns="http://ocpsoft.org/schema/rewrite-config-prettyfaces"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://ocpsoft.org/schema/rewrite-config-prettyfaces
http://ocpsoft.org/xml/ns/prettyfaces/rewrite-config-prettyfaces.xsd">
<url-mapping id="user-settings">
<pattern value="/protected/user/settings/"/>
<view-id value="/protected/usersettings.xhtml"/>
</url-mapping>
<url-mapping id="thread-edit">
<pattern value="/protected/threads/edit/#{stitchId}/" />
<view-id value="/protected/threads/stitch.xhtml" />
<action>#{stitchEditBean.editStitchFromId(stitchId)}</action>
</url-mapping>
<url-mapping id="threads-index">
<pattern value="/protected/threads/" />
<view-id value="/protected/threads/index.xhtml" />
</url-mapping>
</pretty-config>
The failure occurs for both PrettyFaces 2.0.12.Final and 3.0.0.Alpha2
As Ken noted, the underlying problem is related to https://issues.jboss.org/browse/WFLY-3448
Adding an explicit cookie path to web.xml works around the issue and is safe.
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<!--
A bug in wildfly 8.1.0.final requires this path to be set explicitly or occasionally the default is
incorrect and the system will generate one cookie per directory incorrectly.
-->
<path>/</path>
</cookie-config>
</session-config>
You may have to manually clear the bad cookies in EACH directory of your app, or flush all your session cookies. Otherwise the old session cookies might hang around causing the issue.
This is a bug in WildFly 8.1.0, addressed here: https://issues.jboss.org/browse/WFLY-3448
After you are on a version that has that bug fixed, you will need to use Rewrite 3.0.0.Alpha3 or newer to resolve additional issues for handling the root context path.

Set HTTP headers properly to force caching on JS, CSS and PNG files

How can I tell to GlassFish server, to store all JS, CSS and PNG files into browser cache in order to reduce HTTP GET requests?
I am using JSF and PrimeFaces.
Just make use of JSF builtin resource handler. I.e. use <h:outputStylesheet name>, <h:outputScript name> and <h:graphicImage name> with files in /resources folder instead of "plain vanilla" <link rel="stylesheet">, <script> and <img>.
<h:outputStylesheet name="css/style.css" />
<h:outputScript name="js/script.js" />
<h:graphicImage name="images/logo.png" />
This way you don't need to worry about resource caching at all. JSF builtin resource handler has already set the necessary response headers. The expiration time defaults already to 1 week.
In Mojarra you can control the expiration time by the following context parameter (the value is in millis):
<context-param>
<param-name>com.sun.faces.defaultResourceMaxAge</param-name>
<param-value>3628800000</param-value> <!-- 6 weeks. -->
</context-param>
And in MyFaces:
<context-param>
<param-name>org.apache.myfaces.RESOURCE_MAX_TIME_EXPIRES</param-name>
<param-value>3628800000</param-value> <!-- 6 weeks. -->
</context-param>
See also:
How to reference CSS / JS / image resource in Facelets template?
What is the JSF resource library for and how should it be used?

how to enable browser caching in jsf

I have created a web application using JSF 2.0. I got feedback from my friend saying I should do "Browser Caching" as I have many images.
However I don't know how to do same in JSF. Any idea/ hint would be appreciated.
Concept on what to be done would also work.
Just use <h:graphicImage name="..."> instead of <img src="...">. This way the default JSF resource handler will instruct the browser to cache them for 1 week by default, which is configureable with an implementation dependent context parameter, which is the following in case of Mojarra:
<context-param>
<param-name>com.sun.faces.defaultResourceMaxAge</param-name>
<param-value>3628800000</param-value> <!-- 6 weeks -->
</context-param>
Note, the same applies when using <h:outputScript> and <h:outputStylesheet> instead of <script> and <link rel="stylesheet">.

Resources