[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation

2008-06-23 Thread JIRA

[ 
https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607228#action_12607228
 ] 

Matthias Weßendorf commented on TRINIDAD-1129:
--

back to this bug.
this is also a security issue.
When hijacking the submit (via man in the middle tool), currently is looks like 
no validation will occur on the server...
Will fix the validations soon, when time allows.

> Server-side validation does not work when using Sun JSF implementation
> --
>
> Key: TRINIDAD-1129
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
> Project: MyFaces Trinidad
>  Issue Type: Bug
>Affects Versions:  1.2.8-core
>Reporter: Stephen Friedrich
>Assignee: Matthias Weßendorf
> Attachments: test.war
>
>
>  (and very probably other Trinidad validator also) do not 
> validate anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a 
> subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no 
> validation exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and 
> "maximum" fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with 
> mojarra's expectations.
> (Using mojarra 1.2_08)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.



[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation

2008-06-22 Thread JIRA

[ 
https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607111#action_12607111
 ] 

Matthias Weßendorf commented on TRINIDAD-1129:
--

@CACHE_VIEW_ROOT: you see the issue here, because the restoreStateI() of the 
original class isn't called. Things like Tomahawk t:stateSave will work now, 
because of that. But the validator from Trinidad fails, because doesn't push 
the "restore" to super. So, I think the best is here to just implement the 
validation logic inside the Trinidad class. I'd still keep the base class, so a 
"instanceof javax.faces.." is still OK. Does that make sense?

> Server-side validation does not work when using Sun JSF implementation
> --
>
> Key: TRINIDAD-1129
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
> Project: MyFaces Trinidad
>  Issue Type: Bug
>Affects Versions:  1.2.8-core
>Reporter: Stephen Friedrich
> Attachments: test.war
>
>
>  (and very probably other Trinidad validator also) do not 
> validate anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a 
> subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no 
> validation exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and 
> "maximum" fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with 
> mojarra's expectations.
> (Using mojarra 1.2_08)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.



[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation

2008-06-22 Thread JIRA

[ 
https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607110#action_12607110
 ] 

Matthias Weßendorf commented on TRINIDAD-1129:
--

I'd like to keep the super class, but not its validate() logic. Instead we 
write it on our own.
Perhaps my taking the lines for the myfaces impl (that's what I meant with 
"myfaces' validation"...

@CACHE_VIEW_ROOT: well, it did make a difference, that's why I noticed it.

> Server-side validation does not work when using Sun JSF implementation
> --
>
> Key: TRINIDAD-1129
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
> Project: MyFaces Trinidad
>  Issue Type: Bug
>Affects Versions:  1.2.8-core
>Reporter: Stephen Friedrich
> Attachments: test.war
>
>
>  (and very probably other Trinidad validator also) do not 
> validate anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a 
> subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no 
> validation exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and 
> "maximum" fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with 
> mojarra's expectations.
> (Using mojarra 1.2_08)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.



[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation

2008-06-22 Thread Stephen Friedrich (JIRA)

[ 
https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607073#action_12607073
 ] 

Stephen Friedrich commented on TRINIDAD-1129:
-

Regarding: org.apache.myfaces.trinidad.CACHE_VIEW_ROOT
That should not make any difference for server-side state saving, right?
First of all, I'd like to keep my pages small, plus the warning "template text 
in Facelets may appear in duplicate" does not sound like something I'd like to 
deal with.

But I'll give it a try and especially check how PPR is affected.
Thanks!

> Server-side validation does not work when using Sun JSF implementation
> --
>
> Key: TRINIDAD-1129
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
> Project: MyFaces Trinidad
>  Issue Type: Bug
>Affects Versions:  1.2.8-core
>Reporter: Stephen Friedrich
> Attachments: test.war
>
>
>  (and very probably other Trinidad validator also) do not 
> validate anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a 
> subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no 
> validation exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and 
> "maximum" fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with 
> mojarra's expectations.
> (Using mojarra 1.2_08)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.



[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation

2008-06-22 Thread Stephen Friedrich (JIRA)

[ 
https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607072#action_12607072
 ] 

Stephen Friedrich commented on TRINIDAD-1129:
-

I don't know what exactly you mean by "myfaces' validation".

Can't we just remove the super class altogether?
I mean, checking that a value is in  a range is not exactly a big deal that 
justifies a dependency on other code.
Just directly implementing the validator interface would maybe add half a dozen 
lines of code to the validator (probbaly less, as there's already logic that 
checks all the different cases, but the "valid" case).

If that's ok with you I'll create a patch that does exactly that for all the 
validators that currently extend the concrete JSF validator classes.

> Server-side validation does not work when using Sun JSF implementation
> --
>
> Key: TRINIDAD-1129
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
> Project: MyFaces Trinidad
>  Issue Type: Bug
>Affects Versions:  1.2.8-core
>Reporter: Stephen Friedrich
> Attachments: test.war
>
>
>  (and very probably other Trinidad validator also) do not 
> validate anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a 
> subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no 
> validation exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and 
> "maximum" fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with 
> mojarra's expectations.
> (Using mojarra 1.2_08)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.



[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation

2008-06-21 Thread JIRA

[ 
https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607060#action_12607060
 ] 

Matthias Weßendorf commented on TRINIDAD-1129:
--

or... we don't call super.validate(-...); and use the myfaces' validation in 
our class...

> Server-side validation does not work when using Sun JSF implementation
> --
>
> Key: TRINIDAD-1129
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
> Project: MyFaces Trinidad
>  Issue Type: Bug
>Affects Versions:  1.2.8-core
>Reporter: Stephen Friedrich
> Attachments: test.war
>
>
>  (and very probably other Trinidad validator also) do not 
> validate anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a 
> subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no 
> validation exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and 
> "maximum" fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with 
> mojarra's expectations.
> (Using mojarra 1.2_08)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.



[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation

2008-06-21 Thread JIRA

[ 
https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607059#action_12607059
 ] 

Matthias Weßendorf commented on TRINIDAD-1129:
--

these classes were overridden for two reasons:
-optimization of state-saving
-poor messages (wasn't possible to customize in the past).

I think I will do something like this in the restoreState() of these validators:

public void restoreState(FacesContext context, Object state)
{
  _facesBean.restoreState(context, state);
  super.setMaximum(getMaximum());
  super.setMinimum(getMinimum());
}


> Server-side validation does not work when using Sun JSF implementation
> --
>
> Key: TRINIDAD-1129
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
> Project: MyFaces Trinidad
>  Issue Type: Bug
>Affects Versions:  1.2.8-core
>Reporter: Stephen Friedrich
> Attachments: test.war
>
>
>  (and very probably other Trinidad validator also) do not 
> validate anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a 
> subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no 
> validation exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and 
> "maximum" fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with 
> mojarra's expectations.
> (Using mojarra 1.2_08)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.



[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation

2008-06-21 Thread JIRA

[ 
https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607058#action_12607058
 ] 

Matthias Weßendorf commented on TRINIDAD-1129:
--

I noticed your app has:

  org.apache.myfaces.trinidad.CACHE_VIEW_ROOT
  false


this disables an optimization for state-saving.

> Server-side validation does not work when using Sun JSF implementation
> --
>
> Key: TRINIDAD-1129
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
> Project: MyFaces Trinidad
>  Issue Type: Bug
>Affects Versions:  1.2.8-core
>Reporter: Stephen Friedrich
> Attachments: test.war
>
>
>  (and very probably other Trinidad validator also) do not 
> validate anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a 
> subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no 
> validation exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and 
> "maximum" fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with 
> mojarra's expectations.
> (Using mojarra 1.2_08)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.



[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation

2008-06-21 Thread Stephen Friedrich (JIRA)

[ 
https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607035#action_12607035
 ] 

Stephen Friedrich commented on TRINIDAD-1129:
-

Nope. Does not work for me. Strange.
Forgot to say: facelets 1.1.14

Here's my complete test page. When entering a single character in the text 
field and clicking on save, 
the action listener on the bean is called (but shouldn't of course):



http://www.w3.org/TR/html4/strict.dtd";>
http://www.w3.org/1999/xhtml";
  xmlns:trh="http://myfaces.apache.org/trinidad/html";
  xmlns:tr="http://myfaces.apache.org/trinidad";
>
















And here's the bean:

package com.acme;

public class Test {
private String bar;

public String getBar() {
return bar;
}

public void setBar(String bar) {
this.bar = bar;
}

public String save() {
System.out.println("Test.save: " + bar);
return null;
}
}



bean configuration in faces-config.xml:


foo
com.acme.Test
session






My trinidad-config.xml:



http://myfaces.apache.org/trinidad/config";>

true

texas


false


inaccessible





Anything else that may cause this?

> Server-side validation does not work when using Sun JSF implementation
> --
>
> Key: TRINIDAD-1129
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
> Project: MyFaces Trinidad
>  Issue Type: Bug
>Affects Versions:  1.2.8-core
>Reporter: Stephen Friedrich
>
>  (and very probably other Trinidad validator also) do not 
> validate anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a 
> subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no 
> validation exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and 
> "maximum" fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with 
> mojarra's expectations.
> (Using mojarra 1.2_08)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.



[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation

2008-06-21 Thread JIRA

[ 
https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607029#action_12607029
 ] 

Matthias Weßendorf commented on TRINIDAD-1129:
--

Hrm,

I just tried this:


> Server-side validation does not work when using Sun JSF implementation
> --
>
> Key: TRINIDAD-1129
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
> Project: MyFaces Trinidad
>  Issue Type: Bug
>Affects Versions:  1.2.8-core
>Reporter: Stephen Friedrich
>
>  (and very probably other Trinidad validator also) do not 
> validate anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a 
> subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no 
> validation exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and 
> "maximum" fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with 
> mojarra's expectations.
> (Using mojarra 1.2_08)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.



[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation

2008-06-21 Thread JIRA

[ 
https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607030#action_12607030
 ] 

Matthias Weßendorf commented on TRINIDAD-1129:
--


 


entered 'a'
and got a validation error.
using JSF RI 1.2_08 and Trinidad client-side validation disabled

> Server-side validation does not work when using Sun JSF implementation
> --
>
> Key: TRINIDAD-1129
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1129
> Project: MyFaces Trinidad
>  Issue Type: Bug
>Affects Versions:  1.2.8-core
>Reporter: Stephen Friedrich
>
>  (and very probably other Trinidad validator also) do not 
> validate anything on the server side at all.
> Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a 
> subclass of javax.faces.validator.LengthValidator.
> Trinidad's validate() method first delegates to the super class and if no 
> validation exception occurs there, it does nothing.
> However the JSF base class never validates anything because the "minimum" and 
> "maximum" fields do not have their values restored.
> It seems that the Trinidad way of handling state saving conflicts with 
> mojarra's expectations.
> (Using mojarra 1.2_08)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.