Both files seem very similar, subsequently I'm struggling to understand their purposes.
I have seen faces-config referred to as a plain JSF controller, while adfc-config is an extended ADF controller.
Some clarification would be good, as right now I can't see why you would have both in an ADF application if that is the case, so I must be missing something.
adfc-config is different from faces-config
Faces Config is the controller of your application, it's what make JSF based frameworks work effectively, and it's where you will need to define your own customization like view handlers, converters, validators, etc...
adfc-config is just the main application unbounded Task Flow, which make it a little easier for developers to define their pages and main navigation root inside of it instead of doing it the JSF way and define them in faces config, it also provide additional functionality like defining managed beans which will have much more scopes than the original JSF given the ADF Framework additions, but still at the end it's just an Unbounded Task Flow. Here is the documentation reference about adfc-config.xml
adfc-config is used by the ADF Faces framework, when task flows are in the picture.
More information at: http://docs.oracle.com/cd/E23943_01/web.1111/b31974/taskflows.htm
Yes, you are right when you say that the functionality looks similar. Things like pageFlowScope / backingBeanScope / task flows / etc. are extensions to the standard JSF framework and require a custom configuration file.
So, if you create a project based on the Fusion WebApplication template, then you will see a default adfc-config.xml file entry.
Hope that helps.
Related
I'm exploring the JSF 2.2 Faces Flow feature but I'm still not sure what are the advantages of defining a flow using Faces Flow instead of using the normal navigation system (calling facelets in links or buttons)?
Only use it if you want to use a #FlowScoped bean on a given set of views. In other words, only use it if you want a managed bean which should live as long as you're navigating through the specified collection of views registered in the flow configuration file.
There are indeed very few real world use cases for this. They all boil down to a multi-step wizard of which each step is bookmarkable. Previously, before the introduction of the flow scope, one would use conditionally rendered includes for this, but they are in turn not individually bookmarkable, because the URL stays the same all the time.
See also:
What is new in JSF 2.2? - Faces Flow
Java EE 7 tutorial - Using Faces Flows
How to navigate in JSF? How to make URL reflect current page (and not previous one)
Faces flow and navigation are different.
Face flow like business flow in the frond end site, much like wizard.
I am trying to learn the concepts of Java EE (EJB,JSF...) and therefore I am working on an example application.
Unfortunately I have problems to understand how some concepts should work together and if I am doing it in an correct professional manner. At this point, I am really confused about all these different methods and hope someone can help me out.
The core functionality of my application consists of a document server where registered users can upload documents and describe it with useful information.
The Documents should simply be saved on the Server and all Information should be stored in a MySQL Database.
I created three Projects with Netbeans.
Enterprise Application Project (DocApp)
EJB Module (DocApp-ejb)
and a Web Application Project (DocApp-war).
The main things work fine like
accessing the database with JPA
uploading files with primefaces FileUploader
injecting JSF with EJB
and even the user authorization with JDBC-Realm as shown in this tutorial
http://jugojava.blogspot.de/2011/02/jdbc-security-realm-with-glassfish-and.html
My Problem now is, that all pages in a specific subdirectory should only be accessible by registered users.
The only way i see is to use one SessionScoped ManagedBean, instead of using multiple RequestScoped ManagedBeans .
This seems to be a bad practice but I have no Idea how to handle this otherwise.
The way i understand it, there should be one ManagedBeand for every JSF Page (xhtml).
Is there a good way to handle this or am i doing anything wrong?
The default mechanism to give access to a whole sub directory is adding a security constraint in web.xml for the URL pattern representing that directory.
Every registered user should get a role that represents being registered, eg "REGISTERED"
This role is then added to the security constraint in web.xml.
The interaction between JSF and the Servlet container managed security is a little awkward, but it does work.
I've been asked by a freelancer friend of mine to join him on a JSF 2.0 project, and I'm slowly picking up speed and putting the pieces together. Coming from a Windows Forms .NET world, I have a lot to learn to say the least.
My major concern is with the lack of apparent consensus on how to protect a JSF application.
Some methods have been proposed here on SO, including using Spring security, Seam security, custom phase listeners, or simply using the rendered="#{...}" attribute to show/hide components based on user authentication.
I have tried to implement some of these methods, for example Spring security, only to find out that it gets easily defeated by the JSF navigation mechanism that forwards to views instead of redirecting. In other words, Spring security will work fine if the user types in the url of a secured page directly, but not if a h:commandButton's action takes him there.
In view of this, some have suggested to force a redirect by using "faces-redirect=true", but we feel that this could become a performance issue as this causes 2 requests from the browser each time.
On the other hand, I gave up trying to implement Seam security after getting so many missing dependencies errors.
The best solution I have found so far is a custom phase listener from Duncan Mills - Effective Page Authorization In JavaServer Faces, but I'm not 100% convinced this should be used on public facing JSF applications.
So finally, what does this leave us with ? I know this is a pretty wide open ended question, but I honestly have no clue where to go next. I'm pretty sure I have followed the different tutorials to the letter, for example Spring tutorials, but I'm still not satisfied with the way it works.
Could anyone at least confirm/infirm the fact that Spring security is supposed to work across JSF forwards, as I've seen many posts by others having the same issue ? That would at least give me a direction to keep going.
Thank you.
Combination of servlet filter for page validation (applied to the faces servlet), identity session bean (storing user attributes e.g. Role, login id) and a few methods for entitlement checks (e.g. isAdmin(), canViewRecord(recordID)) well ised throughout your page.
You see, when it comes to security I opt for not leaving it in anybody else's hand. also, I validate in several places (hiding a component won't keep folks from forging the right POST request to trigger specific bean methods so watch out).
When I work with JSF I use spring-security.
About the behavior that you comment that spring security allows redirections done with commands button, is weird you must have a wrong configuration because it seams working fine in my project (I just tested).
In any case you can also use the spring security tags to render or not components according to the user's role.
This is a project that can help you to implement the tags.
http://www.dominikdorn.com/facelets/
Hope this helps..
I am going through all the scopes in JSF2.0. I am a little confused about when to use custom Scope. Any specific use cases it will be useful.
Initially I thought I can use it for scope spanning multiple pages like three page registration etc. But looks like we cannot use it there.
Better late than never: I wrote an article about the usage custom scopes in JSF2 : JSF 2 Custom Scopes without 3rd party libraries
Well, the general idea is to create your own Scope for what ever you like e.g. kind of "Conversation Scope". The problem is already adressed within JSR 299 (CDI) and imho this is where it belongs to.
My attempts to create a custom scope resulted in Exceptions thrown by the JSF implementation as soon as the context is destroyed. Since it seems that there are no working examples available, custom scopes should be considered as non-existent in JSF2.0, though announced as a key feature.
Anyway, if you are looking for custom scopes take a look at CDI (escpecially Weld and MyFaces CODI), MyFaces Orchestra (for Conversation Scopes in JSF), Seam (offers a nice solution) or create a Custom Scope using Spring.
HTH
What do people think is the best JSF framework or library for a saving state longer than request scope (but w/o using session scope) that is backbutton/new window safe -- i.e. you have a "wizard"/multi-page form.
For example, MyFaces has the 'SaveState' tag that allows you to maintain state across pages by saving state in the view's component tree. Any comments on SaveState (pros/cons) or suggestions for any better framework or library for this capability?
The t:saveState works perfectly. It's only a bit 'low level' and not tied to a particular bean. There are two other libraries/frameworks which comes to mind which provides control over conversation scope at higher level (e.g. bean-specific tags/annotations):
Apache MyFaces Orchestra (uses tags)
JBoss Seam (uses annotations)
Update: JSF2.0 has added a new scope which achieves a conversation-like state, the #ViewScope. Very useful if you can reuse the same view for subsequent actions.
i think Spring Web Flow is a good solution. you can define your flow as XML and it can integrate with JSF, Struts, Spring MVC, ZK,...
http://www.springsource.org/webflow