jsf

Why does a commandLink within a facet within a composite component renders an error?

99封情书 提交于 2020-12-30 08:17:14
问题 When I create a composite component with a facet in it and place a command link within that facet, I get an error message: This link is disabled as it is not nested within a JSF form. A commandButton does not behave in the same way, so I am inclined to this this is a bug. index.xhtml : <?xml version='1.0' encoding='UTF-8' ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns

Why does a commandLink within a facet within a composite component renders an error?

Deadly 提交于 2020-12-30 08:16:26
问题 When I create a composite component with a facet in it and place a command link within that facet, I get an error message: This link is disabled as it is not nested within a JSF form. A commandButton does not behave in the same way, so I am inclined to this this is a bug. index.xhtml : <?xml version='1.0' encoding='UTF-8' ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns

Cannot load webpage from Postman because of javax.faces.ViewState?

£可爱£侵袭症+ 提交于 2020-12-15 05:20:51
问题 I am trying to integrate a web application written by someone else with an API written by someone else. At the moment I am trying to test one of the webpages using Postman. When the webpage is loaded in a browser it works correctly. I have replicated all of the headers and body in Postman, however when I try to launch the webpage in Postman a HTTP 500 status code appears (internal server error). I think the issue is with: javax.faces.ViewState , which is a body key/value pair. I initially do

Cannot load webpage from Postman because of javax.faces.ViewState?

核能气质少年 提交于 2020-12-15 05:19:01
问题 I am trying to integrate a web application written by someone else with an API written by someone else. At the moment I am trying to test one of the webpages using Postman. When the webpage is loaded in a browser it works correctly. I have replicated all of the headers and body in Postman, however when I try to launch the webpage in Postman a HTTP 500 status code appears (internal server error). I think the issue is with: javax.faces.ViewState , which is a body key/value pair. I initially do

On a successful login, SecurityContext.authenticate() returns AuthenticationStatus.SEND_CONTINUE instead of AuthenticationStatus.SUCCESS

荒凉一梦 提交于 2020-12-14 23:46:29
问题 Jakarta EE 8 Wildfly 21 Java 11 Using Java EE Security , I'm trying custom form authentication in a simple application. These are the relevant files (the description of the problem is below the files): CustomFormAuthenticationConfig.java package br.dev.authentication.view; import javax.enterprise.context.ApplicationScoped; import javax.faces.annotation.FacesConfig; import javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition; import javax.security

On a successful login, SecurityContext.authenticate() returns AuthenticationStatus.SEND_CONTINUE instead of AuthenticationStatus.SUCCESS

廉价感情. 提交于 2020-12-14 23:45:06
问题 Jakarta EE 8 Wildfly 21 Java 11 Using Java EE Security , I'm trying custom form authentication in a simple application. These are the relevant files (the description of the problem is below the files): CustomFormAuthenticationConfig.java package br.dev.authentication.view; import javax.enterprise.context.ApplicationScoped; import javax.faces.annotation.FacesConfig; import javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition; import javax.security

On a successful login, SecurityContext.authenticate() returns AuthenticationStatus.SEND_CONTINUE instead of AuthenticationStatus.SUCCESS

房东的猫 提交于 2020-12-14 23:41:32
问题 Jakarta EE 8 Wildfly 21 Java 11 Using Java EE Security , I'm trying custom form authentication in a simple application. These are the relevant files (the description of the problem is below the files): CustomFormAuthenticationConfig.java package br.dev.authentication.view; import javax.enterprise.context.ApplicationScoped; import javax.faces.annotation.FacesConfig; import javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition; import javax.security

On a successful login, SecurityContext.authenticate() returns AuthenticationStatus.SEND_CONTINUE instead of AuthenticationStatus.SUCCESS

六眼飞鱼酱① 提交于 2020-12-14 23:41:03
问题 Jakarta EE 8 Wildfly 21 Java 11 Using Java EE Security , I'm trying custom form authentication in a simple application. These are the relevant files (the description of the problem is below the files): CustomFormAuthenticationConfig.java package br.dev.authentication.view; import javax.enterprise.context.ApplicationScoped; import javax.faces.annotation.FacesConfig; import javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition; import javax.security

Where can I find XML schema definitions (XSD) for JSF Facelets tag libraries?

♀尐吖头ヾ 提交于 2020-11-28 08:30:04
问题 Where can I find XML schema definitions for xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:c="http://java.sun.com/jstl/core" or since JSF 2.2 xmlns:jsf="http://xmlns.jcp.org/jsf" xmlns:ui="http://xmlns.jcp.org/jsf/facelets" xmlns:h="http://xmlns.jcp.org/jsf/html" xmlns:f="http://xmlns.jcp.org/jsf/core" xmlns:a="http://xmlns.jcp.org/jsf/passthrough" xmlns:c="http://xmlns.jcp.org/jsp/jstl/core" ? 回答1: I recently

上传"定时任务"获取系统权限

允我心安 提交于 2020-11-25 18:28:40
原文来自 SecIN社区 —作者:tkswifty 相关背景   文件上传是系统中比较常见的业务需求,例如上传头像、简历、报表等。但是如果在业务实现过程中没有考虑相关的安全问题(例如没有对用户上传的文件类型做校验或者校验不充分,导致用户可以上传恶意脚本到服务器)便会导致相关的风险。   Java文件类File以抽象的方式代表文件名和目录路径名。该类主要用于文件和目录的创建、文件的查找和文件的删除等。   一般新建文件是通过将给定路径名字符串转换成抽象路径名来创建一个新File实例: File file = new File("path")   使用File创建文件时,若路径处path写入…/…/穿越符号,是可以跨目录新建文件的:   看一个例子,下面是通过引入…/…/穿越符进行跨目录在上级目录Desktop创建文件:   结合该特点,结合特定的利用场景可以完成相关的权限获取操作。例如: linux写入定时任务、ssh公钥 windows写入自启动脚本、恶意dll … 挖掘过程   一般针对文件上传业务,主要判断是否有检查后缀名,同时要查看配置文件是否有设置白名单或者黑名单,如果没有的话,那么攻击者利用该缺陷上传类似webshell等恶意文件。   目标系统主要是通过commons-fileupload组件来实现文件上传,具体实现如下: DiskFileItemFactory
订阅 jsf