Tuesday, October 4, 2011

Seam 3.1.0.Beta3 Release

Seam 3.1.0.Beta3 has been tagged, and the artifacts have been released on the JBoss Nexus repository. Please report any bugs or problems to the Seam Forums.
Posted by Sebastian Sachtleben at 3:18 PM 0 comments
Labels:

Sunday, October 2, 2011

Prevent .DS_Store file access on Tomcat 6

The .DS_Store file is a Mac OS X file which provides information about folder content. This file will be created by the Mac OS X Finder. Attacker can obtain sensitive information about your system if this file is accessible via your Tomcat web server. To solve this security vulnerability go to your server.xml and add the following line: 
<Context path=".DS_Store" docBase="">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="*" />
</Context>
So the full host configuration should be looking similiar to this: 
<Host appBase="webapps" autoDeploy="false" name="localhost" unpackWARs="false" xmlNamespaceAware="false" xmlValidation="false">
    <Context path=".DS_Store" docBase="">
        <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="*" />
    </Context>
</Host>
Now restart the Tomcat Server, place a ".DS_Store" file into your application and try to download it. You should receive a http status 404.
Posted by Sebastian Sachtleben at 12:38 AM 0 comments
Labels: ,

Saturday, October 1, 2011

IronJacamar 1.1.0.Alpha2 Release

IronJacamar 1.1.0.Alpha2 has been released here.
Posted by Sebastian Sachtleben at 3:23 PM 0 comments

Thursday, September 15, 2011

Hibernate Search 4.0.0.Beta1 Release

Hibernate Search 4.0.0.Beta1 has been released here.
Posted by Sebastian Sachtleben at 4:24 PM 0 comments
Labels: ,

Hibernate Core 4.0.0.CR3 Release

Hibernate Core 4.0.0.CR3 has been released here.
Posted by Sebastian Sachtleben at 10:27 AM 0 comments
Labels: ,

Thursday, September 8, 2011

Problems with Mojarra

In recent Mojarra versions, there was always a problem. JBoss AS 7 comes with Mojarra version 2.0.4-b09. Once the tag a4j:ajax will be used on JSF components you receive the following error message:
javax.faces.FacesException: Unexpected error restoring state for component with id form:inputComponent:input.  Cause: java.lang.ClassCastException: javax.faces.component.StateHolderSaver cannot be cast to [Ljava.lang.Object;.
    at com.sun.faces.application.view.StateManagementStrategyImpl$1.visit(StateManagementStrategyImpl.java:273)
    at com.sun.faces.component.visit.FullVisitContext.invokeVisitCallback(FullVisitContext.java:151)
    at javax.faces.component.UIComponent.visitTree(UIComponent.java:1485)
    at javax.faces.component.UIComponent.visitTree(UIComponent.java:1496)
    at javax.faces.component.UIComponent.visitTree(UIComponent.java:1496)
    at javax.faces.component.UIComponent.visitTree(UIComponent.java:1496)
    at javax.faces.component.UIForm.visitTree(UIForm.java:335)
    at javax.faces.component.UIComponent.visitTree(UIComponent.java:1496)
    at javax.faces.component.UIComponent.visitTree(UIComponent.java:1496)
    at javax.faces.component.UIComponent.visitTree(UIComponent.java:1496)
    at com.sun.faces.component.visit.VisitUtils.doFullNonIteratingVisit(VisitUtils.java:75)
    at com.sun.faces.application.view.StateManagementStrategyImpl.restoreView(StateManagementStrategyImpl.java:257)
    at com.sun.faces.application.StateManagerImpl.restoreView(StateManagerImpl.java:181)
    at com.sun.faces.application.view.ViewHandlingStrategy.restoreView(ViewHandlingStrategy.java:123)
    at com.sun.faces.application.view.FaceletViewHandlingStrategy.restoreView(FaceletViewHandlingStrategy.java:448)
    at com.sun.faces.application.view.MultiViewHandler.restoreView(MultiViewHandler.java:148)
    at com.ocpsoft.pretty.faces.application.PrettyViewHandler.restoreView(PrettyViewHandler.java:109)
    at javax.faces.application.ViewHandlerWrapper.restoreView(ViewHandlerWrapper.java:288)
    at javax.faces.application.ViewHandlerWrapper.restoreView(ViewHandlerWrapper.java:288)
    at javax.faces.application.ViewHandlerWrapper.restoreView(ViewHandlerWrapper.java:288)
    at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:187)
    at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
    at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:111)
    at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:312)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
    at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
    at com.ocpsoft.pretty.PrettyFilter.doFilter(PrettyFilter.java:118)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
    at org.jboss.seam.servlet.exception.CatchExceptionFilter.doFilter(CatchExceptionFilter.java:65)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
    at org.jboss.seam.servlet.event.ServletEventBridgeFilter.doFilter(ServletEventBridgeFilter.java:72)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:139)
    at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57)
    at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:49)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952)
    at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.ClassCastException: javax.faces.component.StateHolderSaver cannot be cast to [Ljava.lang.Object;
    at org.ajax4jsf.component.behavior.AjaxBehavior.restoreState(AjaxBehavior.java:343)
    at javax.faces.component.UIComponentBase.restoreBehaviors(UIComponentBase.java:2056)
    at javax.faces.component.UIComponentBase.restoreBehaviorsState(UIComponentBase.java:2023)
    at javax.faces.component.UIComponentBase.restoreState(UIComponentBase.java:1443)
    at javax.faces.component.UIOutput.restoreState(UIOutput.java:256)
    at javax.faces.component.UIInput.restoreState(UIInput.java:1379)
    at com.sun.faces.application.view.StateManagementStrategyImpl$1.visit(StateManagementStrategyImpl.java:265)
    ... 51 more

The workaround
The best way to solve this problem, is to switch Mojarra version back to 2.0.2-b10. Download the package from the Mojarra repository. Extract zip file and drop the jsf-impl-2.0.2-b10.jar into:
/your/path/jboss-as-web-7.0.1.Final/modules/com/sun/jsf-impl/main
Change the module.xml in the same directory to:
<module xmlns="urn:jboss:module:1.0" name="com.sun.jsf-impl">
    <dependencies>
        <module name="javax.faces.api"/>
        <module name="javaee.api"/>
        <module name="javax.servlet.jstl.api"/>
        <module name="org.apache.xerces" services="import"/>
        <module name="org.apache.xalan" services="import"/>
    </dependencies>

    <resources>
        <resource-root path="jsf-impl-2.0.2-b10.jar"/>
    </resources>
</module>

Why not the lastest version?
Currently the latest Mojarra version doesn't invoke Seam Faces s:viewAction methods. Lets cross fingers and hope this issue will be fixed with the upcoming 2.2.0 version.

Important Links:
Posted by Sebastian Sachtleben at 6:50 PM 0 comments
Labels: , ,

Upgrade Hibernate Core 3.6 to 4.0

Be careful with updating Hibernate Core 3.6 to 4.0 with MySQL as database and strategy GenerationType.AUTO. For me it was an update of JBoss AS 6 (Hibernate 3.6) to AS 7 (Hibernate 4). If you have mapped tables like this: 
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
Hibernate 3.6 uses the auto increment functionality to increment the id. But Hibernate 4 creates a sequence table and uses this to increment the id. Even if you say sequences are ok, you will run into exceptions on a given database, since Hibernate tries to save the first object with id 1 which already exists. Better change the strategy to: 
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
Now both Hibernate versions will create the table structure in the same way.
Posted by Sebastian Sachtleben at 6:41 PM 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)