Re: org.apache.myfaces.LOG_WEB_CONTEXT_PARAMS default to false?

2018-01-29 Thread Mike Kienenberger
That's the same kind of thing I'm seeing. Each of those lines are warnings, and the whole thing is prefixed with enough context to understand what's being logged and how to turn it off. INFO: Scanning for context init parameters not defined. It is not necessary to define them all into your

Re: org.apache.myfaces.LOG_WEB_CONTEXT_PARAMS default to false?

2018-01-29 Thread Thomas Andraschko
Not sure why you only see this but if you start a new project, without any context-parameters (which is valid and MyFaces is well preconfigured), the following will be logged: Jan 29, 2018 10:36:18 PM org.apache.webbeans.lifecycle.AbstractLifeCycle bootstrapApplication INFO: OpenWebBeans

Re: org.apache.myfaces.LOG_WEB_CONTEXT_PARAMS default to false?

2018-01-29 Thread Mike Kienenberger
I don't see all of the context parameters being logged. I only see the ones which haven't been set being logged. aka warnings. Jan 29, 2018 3:41:29 PM org.apache.myfaces.webapp.WebConfigParamsLogger logWebContextParams INFO: Scanning for context init parameters not defined. It is not necessary

[jira] [Comment Edited] (MYFACES-4133) Don't deserialize the ViewState-ID if the state saving method is server

2018-01-29 Thread Thomas Andraschko (JIRA)
[ https://issues.apache.org/jira/browse/MYFACES-4133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16343942#comment-16343942 ] Thomas Andraschko edited comment on MYFACES-4133 at 1/29/18 8:04 PM: -

[jira] [Commented] (MYFACES-4133) Don't deserialize the ViewState-ID if the state saving method is server

2018-01-29 Thread Thomas Andraschko (JIRA)
[ https://issues.apache.org/jira/browse/MYFACES-4133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16343942#comment-16343942 ] Thomas Andraschko commented on MYFACES-4133: [~stockli] Seems like HMAC is already used. If

[jira] [Resolved] (MYFACES-4196) Add warning if USE_ENCRYPTION is false

2018-01-29 Thread Thomas Andraschko (JIRA)
[ https://issues.apache.org/jira/browse/MYFACES-4196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thomas Andraschko resolved MYFACES-4196. Resolution: Fixed > Add warning if USE_ENCRYPTION is false >

org.apache.myfaces.LOG_WEB_CONTEXT_PARAMS default to false?

2018-01-29 Thread Thomas Andraschko
Hi, everytime i use a new JSF application, all context parameters of MyFaces are logged. This actually "hides" warnings or other errors and is very annoying. WDYT about setting it to false as default in 2.3? Regards, Thomas

[jira] [Created] (MYFACES-4196) Add warning if USE_ENCRYPTION is false

2018-01-29 Thread Thomas Andraschko (JIRA)
Thomas Andraschko created MYFACES-4196: -- Summary: Add warning if USE_ENCRYPTION is false Key: MYFACES-4196 URL: https://issues.apache.org/jira/browse/MYFACES-4196 Project: MyFaces Core

[jira] [Resolved] (MYFACES-4133) Don't deserialize the ViewState-ID if the state saving method is server

2018-01-29 Thread Thomas Andraschko (JIRA)
[ https://issues.apache.org/jira/browse/MYFACES-4133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thomas Andraschko resolved MYFACES-4133. Resolution: Fixed > Don't deserialize the ViewState-ID if the state saving method

Re: MyFaces 2.3.0 last item - MyFaces-4133

2018-01-29 Thread Thomas Andraschko
Commited a newer version of the patch, which doesn't remove the StateTokenProcessor, but introduced a second implementation which will be instantiated by the StateCache. 2018-01-29 19:59 GMT+01:00 Thomas Andraschko : > Thanks Leo. > As it said, it would be great if

[jira] [Commented] (MYFACES-4133) Don't deserialize the ViewState-ID if the state saving method is server

2018-01-29 Thread Thomas Andraschko (JIRA)
[ https://issues.apache.org/jira/browse/MYFACES-4133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16343870#comment-16343870 ] Thomas Andraschko commented on MYFACES-4133: Commited a modified version - without deleting

Re: MyFaces 2.3.0 last item - MyFaces-4133

2018-01-29 Thread Thomas Andraschko
Thanks Leo. As it said, it would be great if you could refactor it later but it's the time right to change this behavior and i would like to see a release soon. 2018-01-29 15:28 GMT+01:00 Leonardo Uribe : > Hi > > Ok, Before 2.3.0 release is the right time to do it. I do not

[jira] [Commented] (TOBAGO-1762) Add a component for rating

2018-01-29 Thread Hudson (JIRA)
[ https://issues.apache.org/jira/browse/TOBAGO-1762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16343786#comment-16343786 ] Hudson commented on TOBAGO-1762: SUCCESS: Integrated in Jenkins build Tobago Trunk #1275 (See

Re: MyFaces 2.3.0 last item - MyFaces-4133

2018-01-29 Thread Leonardo Uribe
Hi Ok, Before 2.3.0 release is the right time to do it. I do not want to be a stone on the road, so please do it. I think I have made clear my reasoning about it, it is not mandatory, it is just an opinion. regards, Leonardo Uribe 2018-01-29 3:52 GMT-05:00 Thomas Andraschko

Re: MyFaces 2.3.0 last item - MyFaces-4133

2018-01-29 Thread Thomas Andraschko
Hi, the question is: Why should we use encryption and serialization when it's actually >NOT< required for server side state? Sure, encryption should be safe actually but instead of using a better encryption algorithm like mentioned in the ticket, it's better to just removed the encryption.

Result of: [VOTE] Release Tobago 2.1.1

2018-01-29 Thread Udo Schnurpfeil
Hi, thank you for checking and voting for the release. The result is +1 Volker Weber Dennis Kieselhorst Bernd Bohmann so I will proceed with the next steps for the release. Regards, Udo signature.asc Description: OpenPGP digital signature