Bug 1026999
Summary: | [GSS] (6.1.1 patch) JAVASERVERFACES-2902 - Flash cookie doesn't get proper path for applications on root | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | ivassile | ||||||||||||||||
Component: | JSF | Assignee: | Marek Schmidt <maschmid> | ||||||||||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Tomas Remes <tremes> | ||||||||||||||||
Severity: | medium | Docs Contact: | Russell Dickenson <rdickens> | ||||||||||||||||
Priority: | medium | ||||||||||||||||||
Version: | 6.1.1 | CC: | cobrien, ivassile, jawilson, ppitonak, ssilvert, yyang | ||||||||||||||||
Target Milestone: | --- | ||||||||||||||||||
Target Release: | One-off release | ||||||||||||||||||
Hardware: | Unspecified | ||||||||||||||||||
OS: | Unspecified | ||||||||||||||||||
Whiteboard: | |||||||||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||||||
Doc Text: |
PATCH NAME:
BZ-1026999
PRODUCT NAME:
JBoss Enterprise Application Platform (EAP)
VERSION:
6.1.1
SHORT DESCRIPTION:
Flash cookie doesn't get proper path for applications on root.
LONG DESCRIPTION:
See JAVASERVERFACES-2902 (https://java.net/jira/browse/JAVASERVERFACES-2902)
MANUAL INSTALL INSTRUCTIONS:
1. Unzip BZ-1026999.zip
2. Copy jboss-jsf-api_2.1_spec-2.1.26.Final-redhat-1.jar (located in jboss-jsf-api folder) to $JBOSS_HOME/modules/system/layers/base/javax/faces/api/main
3. Copy module.xml (located in jboss-jsf-api folder) to $JBOSS_HOME/modules/system/layers/base/javax/faces/api/main so that the new JAR is utilized.
4. Copy jsf-impl-2.1.26-redhat-1.jar (located in jsf-impl folder) to $JBOSS_HOME/modules/system/layers/base/com/sun/jsf-impl/main
5. Copy module.xml (located in jsf-impl folder) to $JBOSS_HOME/modules/system/layers/base/com/sun/jsf-impl/main so that the new JAR is utilized.
COMPATIBILITY:
N/A
DEPENDENCIES:
N/A
SUPERSEDES:
N/A
SUPERSEDED BY:
N/A
CREATOR:
Ilia Vassilev
DATE:
November 11, 2013
|
Story Points: | --- | ||||||||||||||||
Clone Of: | |||||||||||||||||||
: | 1027367 (view as bug list) | Environment: | |||||||||||||||||
Last Closed: | 2013-11-20 17:45:19 UTC | Type: | Support Patch | ||||||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||||||
Documentation: | --- | CRM: | |||||||||||||||||
Verified Versions: | Category: | --- | |||||||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||||
Embargoed: | |||||||||||||||||||
Bug Depends On: | |||||||||||||||||||
Bug Blocks: | 1027367 | ||||||||||||||||||
Attachments: |
|
Created attachment 820262 [details]
jsf-impl 2.1.26
Created attachment 822295 [details]
jsf-impl-2.1.26-redhat-1.jar
Created attachment 822296 [details]
jboss-jsf-api_2.1_spec-2.1.26.Final-redhat-1.jar
Created attachment 822302 [details]
jsf-impl-2.1.26-redhat-1.jar
Created attachment 822524 [details]
one-off patch
@QA: Please verify the patch. This is basically mix of two issues, where this issue is superset problem to https://bugzilla.redhat.com/show_bug.cgi?id=1017242. This is issue (Bug 1026999, also https://java.net/jira/browse/JAVASERVERFACES-2136) is not reproducible in EAP 6.1.1 and as I've read (and understood) related customer case, in fact they were asking for fix of https://java.net/jira/browse/JAVASERVERFACES-2902, which is equal to bz1017242. So this patch should be IMO updated to reflect bz1017242 issue. Next thing is that there should be opened/prepared next patch for EAP 6.2.0, where is still jsf version 2.1.19. @Tomas: You are right. Since the customer originally requested a fix for https://java.net/jira/browse/JAVASERVERFACES-2136, I incorrectly named this one-off BZ and the patch description. This patch is actually fixing https://java.net/jira/browse/JAVASERVERFACES-2902. @Marek: How to correct this problem? I can edit this BZ to reflect https://java.net/jira/browse/JAVASERVERFACES-2902. What should we do with the other BZ case https://bugzilla.redhat.com/show_bug.cgi?id=1027367? Created attachment 823392 [details]
one-off patch
@Marek: Corrected the patch description to match https://java.net/jira/browse/JAVASERVERFACES-2902. Note: BZ-1027367 [1] is unchanged. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1027367 @Stan I would like to ask you at few things in this new jsf-impl-2.1.26-redhat-1.jar. First is that I am seeing following warning, when testing flash scope with redirect: " SEVERE [javax.enterprise.resource.webcontainer.jsf.flash] (web-executor-threads - 1) JSF1094: Could not decode flash data from incoming cookie value Invalid characters in decrypted value. Processing will continue, but the flash is unavailable for this request." As I've debugged it, I explored the problem is fired in ELFlash class (specifically com.sun.faces.context.flash.ELFlash.PreviousNextFlashInfoManager) in method decode, where is this new code (comparing to 2.1.19): try { urlDecodedValue = URLDecoder.decode(cookie.getValue(), "UTF-8"); } catch (UnsupportedEncodingException uee) { urlDecodedValue = cookie.getValue(); } value = guard.decrypt(urlDecodedValue); Can you please explain me, what is the use or purpose of this ? Because my theory is following - do something in application -> store the flash values to the cookie (which is properly encrypted and subsequently decrypted by the same key) -> now I restart application and access the application again -> now there's the problem when it tries to decrypt same cookie, but with another key -> resulting in InvalidKeyException and producing this message. I am not really sure, what this problem may cause in real. RichFaces 4.3.2 (from WFK 2.3) works fine on patched EAP 6.1.1 except of push component which is a known issue (see bug 1001854). RichFaces 4.3.4 (from to-be-released WFK 2.4) works fine. @Ilia Shouldn't be this in ON_QA state ? @Tomas: I've been told to flip the status to Modified when the patch is ready for QA. I think that QA should change it to ON_QA, but I may be wrong. Hmm it looks like that the process has changed little bit, so you are right. Ok I don't consider my above comment as some crucial problem, so I verified the patch: 7622d709092b68ad5d7aa20abc0748ab jsf-impl-2.1.26-redhat-1.jar 3c883e53dda39de48a0bba267f40002e jboss-jsf-api_2.1_spec-2.1.26.Final-redhat-1.jar @Tomas: Thanks for verifying the patch. Do you know when the patch will be available on Customer Portal? @Ilia: Sorry I forgot to promote the patch, so hopefully asap. |
Created attachment 820261 [details] jsf-api 2.1.26