Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-7269

<s:token> - cookie identifying the browser (javax.faces.ClientToken) might contain illegal characters

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • EAP_EWP 5.2.0
    • EAP_EWP 5.1.1
    • Seam
    • None
    • Workaround Exists
    • Hide

      Override the default clientUidSelector;

      @Name("org.jboss.seam.ui.clientUidSelector")
      @Install(precedence = Install.DEPLOYMENT)
      public class FixedClientUidSelector extends ClientUidSelector {

      private static final long serialVersionUID = -4923235748771706010L;
      private String clientUid;

      @Create
      public void onCreate()

      { setCookiePath(FacesContext.getCurrentInstance().getExternalContext().getRequestContextPath()); setCookieMaxAge(-1); setCookieEnabled(true); clientUid = getCookieValue(); }

      public void seed() {
      if (!isSet())

      { clientUid = RandomStringUtils.random(50, true, true); // Fixed setCookieValueIfEnabled(clientUid); }

      }

      public boolean isSet()

      { return clientUid != null; }

      public String getClientUid()

      { return clientUid; }

      @Override
      protected String getCookieName()

      { return "javax.faces.ClientToken"; }

      }

      Show
      Override the default clientUidSelector; @Name("org.jboss.seam.ui.clientUidSelector") @Install(precedence = Install.DEPLOYMENT) public class FixedClientUidSelector extends ClientUidSelector { private static final long serialVersionUID = -4923235748771706010L; private String clientUid; @Create public void onCreate() { setCookiePath(FacesContext.getCurrentInstance().getExternalContext().getRequestContextPath()); setCookieMaxAge(-1); setCookieEnabled(true); clientUid = getCookieValue(); } public void seed() { if (!isSet()) { clientUid = RandomStringUtils.random(50, true, true); // Fixed setCookieValueIfEnabled(clientUid); } } public boolean isSet() { return clientUid != null; } public String getClientUid() { return clientUid; } @Override protected String getCookieName() { return "javax.faces.ClientToken"; } }
    • Low
    • Not Required
    • NEW

    Description

      The cookie that uniquely identifies the browser is randomly generated and contains illegal characters, for example: semicolon ";"

      This cause org.jboss.seam.ui.UnauthorizedCommandException: viewId: /restricted/desktop.xhtml - Form signature invalid

      Attachments

        Issue Links

          duplicates

          Bug - A problem that impairs or prevents the functions of the product. JBPAPP-7183 Back port fix - Cookie path being set to empty string via getRequestContextPath forming invalid cookies in IE

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              mnovotny@redhat.com Marek Novotny
              rhn-support-alazarot Alessandro Lazarotti
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: