History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: APF-979
Type: Bug Bug
Status: Open Open
Priority: Major Major
Assignee: Matt Raible
Reporter: René Günther
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
AppFuse

server side validation and inputHidden fields causes problems

Created: 11/Dec/07 02:16 PM   Updated: 03/May/08 10:29 PM
Component/s: Web - JSF
Affects Version/s: 2.0.1
Fix Version/s: 2.1

File Attachments: 1. Text File APF-979.patch (3 kb)
Environment: basic jsf 2.0.1


 Description  « Hide
Check: http://www.nabble.com/inputHidden-and-disabled-form-fields-are-lost-to14269886.html

Reproduce an error:

1. In userForm.xhtml remove validator tag for passwordHint
2. login as user/user (not admin/admin)
3. change own profile
4. clear content of passwordHint
5. submit
6. roles are lost
7. provide content for passwordHint
8. submit will result in: WARN [btpool0-2] UserSecurityAdvice.before(92) | Access Denied: 'user' tried to change their role(s)!

Admin would lose all his roles after submit...

Workaround:
Replace inputHidden with t:saveState or do as described in:
http://www.nabble.com/inputHidden-and-disabled-form-fields-are-lost-to14269886.html

 All   Comments   Change History   FishEye      Sort Order:
[ Permlink | « Hide ]
René Günther - 11/Dec/07 02:43 PM
What I have done:
1. Change all <h:inputField ... to <t:saveState
2. Roles need special treatment:

<c:otherwise>
<t:saveState value="#{userForm.userRoles}" />
<t:saveState value="#{userForm.user.roles}" />
<t:saveState value="#{userForm.user.enabled}" />
<t:saveState value="#{userForm.user.accountExpired}" />
<t:saveState value="#{userForm.user.accountLocked}" />
<t:saveState value="#{userForm.user.credentialsExpired}" />
<h:panelGroup>
<t:htmlTag value="strong">#{text['user.roles']}:</t:htmlTag>
<c:forEach var="role" items="#{userForm.userRoles}"
varStatus="status">
               ${role}<c:if test="${!status.last}">,</c:if>
</c:forEach>
</h:panelGroup>
<h:outputText />
<h:outputText />
</c:otherwise>


Now in that case in userForm.save():
getRequest().getParameterValues("userForm:userRoles") == null in:
setUserRoles(getRequest().getParameterValues("userForm:userRoles"));

But it doesnt matter since users roles are stored:
<t:saveState value="#{userForm.user.roles}" />

[ Permlink | « Hide ]
Matt Raible - 03/May/08 10:27 PM
The suggested fix does solve this problem, but it creates a new one when trying to add a new user. When saving a new user, I now get the following error:

javax.faces.FacesException: javax.crypto.BadPaddingException: Given final block not properly padded
        at org.apache.myfaces.shared_impl.util.StateUtils.symmetric(StateUtils.java:373)
        at org.apache.myfaces.shared_impl.util.StateUtils.symmetric(StateUtils.java:411)
        at org.apache.myfaces.shared_impl.util.StateUtils.decrypt(StateUtils.java:291)
        at org.apache.myfaces.shared_impl.util.StateUtils.reconstruct(StateUtils.java:240)
        at org.apache.myfaces.renderkit.html.HtmlResponseStateManager.getSavedState(HtmlResponseStateManager.java:184)
        at org.apache.myfaces.renderkit.html.HtmlResponseStateManager.getState(HtmlResponseStateManager.java:136)
        at org.apache.myfaces.application.jsp.JspStateManagerImpl.restoreView(JspStateManagerImpl.java:289)
        at org.ajax4jsf.framework.ajax.AjaxStateManager.restoreView(AjaxStateManager.java:76)
        at

[ Permlink | « Hide ]
Matt Raible - 03/May/08 10:28 PM
Patch file with suggested fixes.


Powered by a free Atlassian JIRA non-profit license for AppFuse. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.10-#260) - Bug/feature request - Contact Administrators