[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation
[ https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607228#action_12607228 ] Matthias Weßendorf commented on TRINIDAD-1129: -- back to this bug. this is also a security issue. When hijacking the submit (via man in the middle tool), currently is looks like no validation will occur on the server... Will fix the validations soon, when time allows. > Server-side validation does not work when using Sun JSF implementation > -- > > Key: TRINIDAD-1129 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1129 > Project: MyFaces Trinidad > Issue Type: Bug >Affects Versions: 1.2.8-core >Reporter: Stephen Friedrich >Assignee: Matthias Weßendorf > Attachments: test.war > > > (and very probably other Trinidad validator also) do not > validate anything on the server side at all. > Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a > subclass of javax.faces.validator.LengthValidator. > Trinidad's validate() method first delegates to the super class and if no > validation exception occurs there, it does nothing. > However the JSF base class never validates anything because the "minimum" and > "maximum" fields do not have their values restored. > It seems that the Trinidad way of handling state saving conflicts with > mojarra's expectations. > (Using mojarra 1.2_08) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation
[ https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607111#action_12607111 ] Matthias Weßendorf commented on TRINIDAD-1129: -- @CACHE_VIEW_ROOT: you see the issue here, because the restoreStateI() of the original class isn't called. Things like Tomahawk t:stateSave will work now, because of that. But the validator from Trinidad fails, because doesn't push the "restore" to super. So, I think the best is here to just implement the validation logic inside the Trinidad class. I'd still keep the base class, so a "instanceof javax.faces.." is still OK. Does that make sense? > Server-side validation does not work when using Sun JSF implementation > -- > > Key: TRINIDAD-1129 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1129 > Project: MyFaces Trinidad > Issue Type: Bug >Affects Versions: 1.2.8-core >Reporter: Stephen Friedrich > Attachments: test.war > > > (and very probably other Trinidad validator also) do not > validate anything on the server side at all. > Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a > subclass of javax.faces.validator.LengthValidator. > Trinidad's validate() method first delegates to the super class and if no > validation exception occurs there, it does nothing. > However the JSF base class never validates anything because the "minimum" and > "maximum" fields do not have their values restored. > It seems that the Trinidad way of handling state saving conflicts with > mojarra's expectations. > (Using mojarra 1.2_08) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation
[ https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607110#action_12607110 ] Matthias Weßendorf commented on TRINIDAD-1129: -- I'd like to keep the super class, but not its validate() logic. Instead we write it on our own. Perhaps my taking the lines for the myfaces impl (that's what I meant with "myfaces' validation"... @CACHE_VIEW_ROOT: well, it did make a difference, that's why I noticed it. > Server-side validation does not work when using Sun JSF implementation > -- > > Key: TRINIDAD-1129 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1129 > Project: MyFaces Trinidad > Issue Type: Bug >Affects Versions: 1.2.8-core >Reporter: Stephen Friedrich > Attachments: test.war > > > (and very probably other Trinidad validator also) do not > validate anything on the server side at all. > Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a > subclass of javax.faces.validator.LengthValidator. > Trinidad's validate() method first delegates to the super class and if no > validation exception occurs there, it does nothing. > However the JSF base class never validates anything because the "minimum" and > "maximum" fields do not have their values restored. > It seems that the Trinidad way of handling state saving conflicts with > mojarra's expectations. > (Using mojarra 1.2_08) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation
[ https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607073#action_12607073 ] Stephen Friedrich commented on TRINIDAD-1129: - Regarding: org.apache.myfaces.trinidad.CACHE_VIEW_ROOT That should not make any difference for server-side state saving, right? First of all, I'd like to keep my pages small, plus the warning "template text in Facelets may appear in duplicate" does not sound like something I'd like to deal with. But I'll give it a try and especially check how PPR is affected. Thanks! > Server-side validation does not work when using Sun JSF implementation > -- > > Key: TRINIDAD-1129 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1129 > Project: MyFaces Trinidad > Issue Type: Bug >Affects Versions: 1.2.8-core >Reporter: Stephen Friedrich > Attachments: test.war > > > (and very probably other Trinidad validator also) do not > validate anything on the server side at all. > Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a > subclass of javax.faces.validator.LengthValidator. > Trinidad's validate() method first delegates to the super class and if no > validation exception occurs there, it does nothing. > However the JSF base class never validates anything because the "minimum" and > "maximum" fields do not have their values restored. > It seems that the Trinidad way of handling state saving conflicts with > mojarra's expectations. > (Using mojarra 1.2_08) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation
[ https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607072#action_12607072 ] Stephen Friedrich commented on TRINIDAD-1129: - I don't know what exactly you mean by "myfaces' validation". Can't we just remove the super class altogether? I mean, checking that a value is in a range is not exactly a big deal that justifies a dependency on other code. Just directly implementing the validator interface would maybe add half a dozen lines of code to the validator (probbaly less, as there's already logic that checks all the different cases, but the "valid" case). If that's ok with you I'll create a patch that does exactly that for all the validators that currently extend the concrete JSF validator classes. > Server-side validation does not work when using Sun JSF implementation > -- > > Key: TRINIDAD-1129 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1129 > Project: MyFaces Trinidad > Issue Type: Bug >Affects Versions: 1.2.8-core >Reporter: Stephen Friedrich > Attachments: test.war > > > (and very probably other Trinidad validator also) do not > validate anything on the server side at all. > Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a > subclass of javax.faces.validator.LengthValidator. > Trinidad's validate() method first delegates to the super class and if no > validation exception occurs there, it does nothing. > However the JSF base class never validates anything because the "minimum" and > "maximum" fields do not have their values restored. > It seems that the Trinidad way of handling state saving conflicts with > mojarra's expectations. > (Using mojarra 1.2_08) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation
[ https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607060#action_12607060 ] Matthias Weßendorf commented on TRINIDAD-1129: -- or... we don't call super.validate(-...); and use the myfaces' validation in our class... > Server-side validation does not work when using Sun JSF implementation > -- > > Key: TRINIDAD-1129 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1129 > Project: MyFaces Trinidad > Issue Type: Bug >Affects Versions: 1.2.8-core >Reporter: Stephen Friedrich > Attachments: test.war > > > (and very probably other Trinidad validator also) do not > validate anything on the server side at all. > Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a > subclass of javax.faces.validator.LengthValidator. > Trinidad's validate() method first delegates to the super class and if no > validation exception occurs there, it does nothing. > However the JSF base class never validates anything because the "minimum" and > "maximum" fields do not have their values restored. > It seems that the Trinidad way of handling state saving conflicts with > mojarra's expectations. > (Using mojarra 1.2_08) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation
[ https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607059#action_12607059 ] Matthias Weßendorf commented on TRINIDAD-1129: -- these classes were overridden for two reasons: -optimization of state-saving -poor messages (wasn't possible to customize in the past). I think I will do something like this in the restoreState() of these validators: public void restoreState(FacesContext context, Object state) { _facesBean.restoreState(context, state); super.setMaximum(getMaximum()); super.setMinimum(getMinimum()); } > Server-side validation does not work when using Sun JSF implementation > -- > > Key: TRINIDAD-1129 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1129 > Project: MyFaces Trinidad > Issue Type: Bug >Affects Versions: 1.2.8-core >Reporter: Stephen Friedrich > Attachments: test.war > > > (and very probably other Trinidad validator also) do not > validate anything on the server side at all. > Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a > subclass of javax.faces.validator.LengthValidator. > Trinidad's validate() method first delegates to the super class and if no > validation exception occurs there, it does nothing. > However the JSF base class never validates anything because the "minimum" and > "maximum" fields do not have their values restored. > It seems that the Trinidad way of handling state saving conflicts with > mojarra's expectations. > (Using mojarra 1.2_08) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation
[ https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607058#action_12607058 ] Matthias Weßendorf commented on TRINIDAD-1129: -- I noticed your app has: org.apache.myfaces.trinidad.CACHE_VIEW_ROOT false this disables an optimization for state-saving. > Server-side validation does not work when using Sun JSF implementation > -- > > Key: TRINIDAD-1129 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1129 > Project: MyFaces Trinidad > Issue Type: Bug >Affects Versions: 1.2.8-core >Reporter: Stephen Friedrich > Attachments: test.war > > > (and very probably other Trinidad validator also) do not > validate anything on the server side at all. > Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a > subclass of javax.faces.validator.LengthValidator. > Trinidad's validate() method first delegates to the super class and if no > validation exception occurs there, it does nothing. > However the JSF base class never validates anything because the "minimum" and > "maximum" fields do not have their values restored. > It seems that the Trinidad way of handling state saving conflicts with > mojarra's expectations. > (Using mojarra 1.2_08) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation
[ https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607035#action_12607035 ] Stephen Friedrich commented on TRINIDAD-1129: - Nope. Does not work for me. Strange. Forgot to say: facelets 1.1.14 Here's my complete test page. When entering a single character in the text field and clicking on save, the action listener on the bean is called (but shouldn't of course): http://www.w3.org/TR/html4/strict.dtd";> http://www.w3.org/1999/xhtml"; xmlns:trh="http://myfaces.apache.org/trinidad/html"; xmlns:tr="http://myfaces.apache.org/trinidad"; > And here's the bean: package com.acme; public class Test { private String bar; public String getBar() { return bar; } public void setBar(String bar) { this.bar = bar; } public String save() { System.out.println("Test.save: " + bar); return null; } } bean configuration in faces-config.xml: foo com.acme.Test session My trinidad-config.xml: http://myfaces.apache.org/trinidad/config";> true texas false inaccessible Anything else that may cause this? > Server-side validation does not work when using Sun JSF implementation > -- > > Key: TRINIDAD-1129 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1129 > Project: MyFaces Trinidad > Issue Type: Bug >Affects Versions: 1.2.8-core >Reporter: Stephen Friedrich > > (and very probably other Trinidad validator also) do not > validate anything on the server side at all. > Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a > subclass of javax.faces.validator.LengthValidator. > Trinidad's validate() method first delegates to the super class and if no > validation exception occurs there, it does nothing. > However the JSF base class never validates anything because the "minimum" and > "maximum" fields do not have their values restored. > It seems that the Trinidad way of handling state saving conflicts with > mojarra's expectations. > (Using mojarra 1.2_08) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation
[ https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607029#action_12607029 ] Matthias Weßendorf commented on TRINIDAD-1129: -- Hrm, I just tried this: > Server-side validation does not work when using Sun JSF implementation > -- > > Key: TRINIDAD-1129 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1129 > Project: MyFaces Trinidad > Issue Type: Bug >Affects Versions: 1.2.8-core >Reporter: Stephen Friedrich > > (and very probably other Trinidad validator also) do not > validate anything on the server side at all. > Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a > subclass of javax.faces.validator.LengthValidator. > Trinidad's validate() method first delegates to the super class and if no > validation exception occurs there, it does nothing. > However the JSF base class never validates anything because the "minimum" and > "maximum" fields do not have their values restored. > It seems that the Trinidad way of handling state saving conflicts with > mojarra's expectations. > (Using mojarra 1.2_08) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (TRINIDAD-1129) Server-side validation does not work when using Sun JSF implementation
[ https://issues.apache.org/jira/browse/TRINIDAD-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607030#action_12607030 ] Matthias Weßendorf commented on TRINIDAD-1129: -- entered 'a' and got a validation error. using JSF RI 1.2_08 and Trinidad client-side validation disabled > Server-side validation does not work when using Sun JSF implementation > -- > > Key: TRINIDAD-1129 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1129 > Project: MyFaces Trinidad > Issue Type: Bug >Affects Versions: 1.2.8-core >Reporter: Stephen Friedrich > > (and very probably other Trinidad validator also) do not > validate anything on the server side at all. > Trinidad's org.apache.myfaces.trinidad.validator.LengthValidator is a > subclass of javax.faces.validator.LengthValidator. > Trinidad's validate() method first delegates to the super class and if no > validation exception occurs there, it does nothing. > However the JSF base class never validates anything because the "minimum" and > "maximum" fields do not have their values restored. > It seems that the Trinidad way of handling state saving conflicts with > mojarra's expectations. > (Using mojarra 1.2_08) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.