Uploaded image for project: 'Shale'
  1. Shale
  2. SHALE-287

Faulty behavior of the "token" component with Apache MyFaces >1.1.1

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Not A Problem
    • None
    • None
    • Core
    • None
    • OS: Microsoft Windows XP SP2
      Servlet Container: jakarta-tomcat-5.5.9

    Description

      This issue appears when using Apache MyFaces as of version 1.1.2. The MyFaces project states the following about their 1.1.2 release:

      [Quote]
      This is the first official release of what we are now calling the "core." The core refers to the JSF 1.1 implementation as specified by JSR-127. It has passed Sun's TCK and is considered to be 100% compliant with the spec.
      [/Quote]

      So as a conclusion, I think everyone who's still using MyFaces 1.1.1 should hurry upgrading his code to be 1.1.2 compliant.
      Allthough Shale should be JSF-implementation-independant, it seems this issue appears or not depending on the used MyFaces version.

      Steps to reproduce the issue:

      • Use a simple JSF submission form to which you add Shale's Token tag to check for illegal form resubmissions.
      • As long as you submit the form correctly, everyting works fine.
      • Press F5 (page refresh) once, the browser warns about HTTP POST data resubmission.
      • Discard the warning and go on resending the same HTTP request.
      • Shale recognizes the resubmission and acts correctly (no application logic gets invoked).
            • This is the part where the behavior changes according to what MyFaces version is used:

      With MyFaces 1.1.1
      --------------------------

      • Resubmit the form correctly (using the submit button).
        ==> The workflow goes on and the form is correctly submitted.

      With MyFaces 1.1.2 and above
      -----------------------------------------

      • Resubmit the form correctly (using the submit button).
        ==> Nothing happens. No new token is generated, so no application logic gets invoked and the workflow stucks.

      I attached a sample project which demoes the issue.

      – EDIT:
      I forgot to mention that with both MyFaces versions, I set the context-param "org.apache.myfaces.ALLOW_JAVASCRIPT" to false. In theory, this shouldn't make a difference since I'm using HTTP POST just as the javascript would do, but I think it's worth the hint.

      Regards,
      Mike

      Attachments

        1. Token.java.diff
          0.7 kB
          Mike Meessen
        2. ShaleIssueDemo.war
          2.18 MB
          Mike Meessen
        3. shale-test-core.war
          2.19 MB
          Craig R. McClanahan
        4. ShaleIssueDemo.zip
          4.69 MB
          Mike Meessen

        Activity

          People

            craigmcc Craig R. McClanahan
            mike.meessen Mike Meessen
            Votes:
            3 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: