dominikdorn.com » JSF2

JSF Components – The entity “uuml” was referenced, but not declared

Dominik Dorn — Mon, 25 Oct 2010 15:21:54 +0000

Today I created a custom JSF 2 Composite Component, but Mojarra threw an error on me, when I tried to use a German Umlaut like ü in my markup, like this

HTTP Status 500 -

type Exception report

message

descriptionThe server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: javax.servlet.ServletException: javax.faces.view.facelets.FaceletException: Error Parsing /resources/sg/uploadedDoc.xhtml: Error Traced[line: 45] The entity "uuml" was referenced, but not declared.

root cause

javax.servlet.ServletException: javax.faces.view.facelets.FaceletException: Error Parsing /resources/sg/uploadedDoc.xhtml: Error Traced[line: 45] The entity "uuml" was referenced, but not declared.

root cause

java.util.concurrent.ExecutionException: javax.faces.view.facelets.FaceletException: Error Parsing /resources/sg/uploadedDoc.xhtml: Error Traced[line: 45] The entity "uuml" was referenced, but not declared.

root cause

javax.faces.view.facelets.FaceletException: Error Parsing /resources/sg/uploadedDoc.xhtml: Error Traced[line: 45] The entity "uuml" was referenced, but not declared.

note The full stack traces of the exception and its root causes are available in the GlassFish Server Open Source Edition 3.0.1 logs.

GlassFish Server Open Source Edition 3.0.1

The reason this happened is, that I referenced an entity “uuml;” in a xml document where it is not defined.
XML basically just supports a few build-in entities, like “amp;” “quot;”, “apos;”, “lt;” and “gt;”.

To let the SAX-Parser know which additional entities I wanted to use, I simply added the XHTML 1.1 DOCTYPE to the head of the document.
My Component now looks like this:


"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:composite="http://java.sun.com/jsf/composite">
>
>
....
>
 
>
.... text Übermorgen ist auch noch ein Tag ... text
>
>
>

Hope this helps some of you out there.

CDI/Weld manual lookup

Dominik Dorn — Wed, 21 Apr 2010 18:04:28 +0000

So, you’re ended up in a situation, where you are somewhere (e.g. a javax.faces.Converter) where you are unable to simple @Inject SomeClass ?

I had the problem, that I had a FacesConverter like this:

import javax.annotation.ManagedBean;
import javax.annotation.PostConstruct;
import javax.enterprise.context.RequestScoped;
import javax.faces.component.UIComponent;
import javax.faces.context.FacesContext;
import javax.faces.convert.Converter;
import javax.faces.convert.FacesConverter;
import javax.inject.Inject;
 
 
@FacesConverter(forClass = AvailableCountry.class)
@ManagedBean // does not help :(
@RequestScoped // does not help :(
public class AvailableCountryConverter implements Converter
{
	@Inject
	AvailableCountryDao dao;
 
	@PostConstruct
	public void postConstruct()
	{
		System.out.println("calling postConstruct");
	}
 
	public Object getAsObject(FacesContext facesContext, UIComponent
			component, String value) {
		if (value == null || value.length() == 0) {
			return null;
		}
		return dao.find(getKey(value));
	}
 
	Long getKey(String value) {
		Long key;
		key = Long.valueOf(value);
		return key;
	}
 
	String getStringKey(long value) {
		StringBuffer sb = new StringBuffer();
		sb.append(value);
		return sb.toString();
	}
 
	public String getAsString(FacesContext facesContext, UIComponent
			component, Object object) {
		if (object == null) {
			return null;
		}
		if (object instanceof AvailableCountry) {
			AvailableCountry o = (AvailableCountry) object;
			return getStringKey(o.getCountry().getId());
		} else {
			throw new IllegalArgumentException("object " + object + "
					is of type " + object.getClass().getName() + "; expected type: " +
					AvailableCountry.class.getName());
		}
	}
}

But my DAO was not injected, nor was the postConstruct method triggered by CDI.

Why?
Because the bean is not managed by CDI, not even when annotating it with @ManagedBean because it gets created by the JSF-Lifecycle and not by CDI.

Well.. but how to manually lookup a Bean with CDI / Weld?

First, you need to get the BeanManager. When you have a FacesContext (like in the converter above), you can get it like this:

    public BeanManager getBeanManager()
    {
        return (BeanManager) 
              ((ServletContext) facesContext.getExternalContext().getContext())
                   .getAttribute("javax.enterprise.inject.spi.BeanManager"); 
    }

If you don’t have access to a FacesContext, ServletContext or similar, you can lookup the BeanManager through JNDI

    public BeanManager getBeanManager()
    {
        try{
            InitialContext initialContext = new InitialContext();
            return (BeanManager) initialContext.lookup("java:comp/BeanManager");
        catch (NamingException e) {
            log.error("Couldn't get BeanManager through JNDI");
            return null;
        }
    }

After you’ve got your BeanManager, simply lookup your Bean like this:
(In my case, I wanted to lookup a bean with the type AvailableCountryDao)
Type-based CDI manual lookup

    public AvailableCountryDao getFacade()
    {
        BeanManager bm = getBeanManager();
        Bean<AvailableCountryDao> bean = (Bean<AvailableCountryDao>) bm.getBeans(AvailableCountryDao.class).iterator().next();
        CreationalContext<AvailableCountryDao> ctx = bm.createCreationalContext(bean);
        AvailableCountryDao dao = (AvailableCountryDao) bm.getReference(bean, AvailableCountryDao.class, ctx); // this could be inlined, but intentionally left this way
        return dao;
    }

Thanks to my friend Lincoln Baxter, III for the snipped.

Name-based CDI manual lookup

    public Object getBeanByName(String name) // eg. name=availableCountryDao
    {
        BeanManager bm = getBeanManager();
        Bean bean = bm.getBeans(name).iterator().next();
        CreationalContext ctx = bm.createCreationalContext(bean); // could be inlined below
        Object o = bm.getReference(bean, bean.getClass(), ctx); // could be inlined with return
        return o;
    }

So, now you’re able to manually lookup beans with CDI.
In case you have the same problem (with Converters/Validators) like I had above, checkout Seam Faces, where this problem already is fixed,
meaning your @ManagedBean annotated Converter/Validator is working as expected with @Inject, @PostConstruct & @PreDestroy

Using complex urls & regular expressions with PrettyFaces

Dominik Dorn — Wed, 17 Mar 2010 20:15:24 +0000

If you like to construct complex & pretty urls with JSF2 & PrettyFaces, you might be interested in the following few lines of code.

In our example, we want to match a URL like this one

1	http://www.studyguru.eu/at/tuwien/184.153--Entwurfsmethoden-fuer-verteilte-Systeme

Previously I tried to match it with a PrettyFaces Pattern/Regex like this:

        value="/([a-z]{2})/([a-z0-9\-_]*)/([a-z0-9\-_\.]*)\-\-.*"/>

But thankfully, PrettyFaces >2.0.4 supports directly populating the RequestParams!

Configure your pretty-config like this:

 xmlns="http://ocpsoft.com/prettyfaces/2.0.4"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="http://ocpsoft.com/prettyfaces/2.0.4
                http://ocpsoft.com/xml/ns/prettyfaces/ocpsoft-pretty-faces-2.0.4.xsd">
....
 
     id="coursePage">
         value="/#{countryCode}/#{uniShortName}/#{courseId}--.*"/>
        >/path/to/coursePage.xhtml>
    >
....

and use JSF2′s viewParams like this:

 version="1.0" encoding="UTF-8"?>

        PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"
      xmlns:h="http://java.sun.com/jsf/html"
      xmlns:f="http://java.sun.com/jsf/core"
      xmlns:pretty="http://ocpsoft.com/prettyfaces"
      xmlns:ui="http://java.sun.com/jsf/facelets"
      xmlns:p="http://primefaces.prime.com.tr/ui"
        >
>
>
     id="countryCodeId"
                 required="true"
                 requiredMessage="Kein Land spezifiziert"
                 name="countryCode" value="#{coursePageBean.countryCode}"
            >
         pattern="([a-z]{2})"/>
    >
 
     id="universityCodeId"
                 required="true"
                 requiredMessage="Keine Hochschule spezifiziert"
                 name="uniShortName" value="#{coursePageBean.universityCode}"
            >
         pattern="([a-z0-9\-_]*)"/>
    >
     id="courseIdId"
                 required="true"
                 requiredMessage="Keine KursId spezifiziert"
                 name="courseId" value="#{coursePageBean.courseId}"
            >
         pattern="([a-z0-9\-_\.]*)"/>
    >
 
     type="preRenderView" listener="#{coursePageBean.populate}"/>
>
>coursePage>
 
countryCode #{ coursePageBean.countryCode} />
courseId #{coursePageBean.courseId}/>
universityCode #{coursePageBean.universityCode}/>
>
>

Voila! You now can match complex urls with PrettyFaces and apply all your custom validators
to your Pretty URL

Authentication in JSF2 with JAAS: Part 2 – Authenticating a client/user

Dominik Dorn — Thu, 25 Feb 2010 11:28:04 +0000

In the second part of this series, we are going to understand some more terminology of JAAS and start creating our own authentication system.

A LoginContext Object is used by applications to authenticate users independently of the underlying authentication technology. Authentication technology in this context means stuff like “file based authentication”, “Database based authentication”, “LDAP authentication”, “CERTIFICATE authentication” and so on.

The LoginContext class is part of the javax.security.auth.login package and describes methods used to authenticate Subjects/user in the meaning of Part 1 of this series). The documentation states:

A subject is an identity in a system that you want to authenticate and assign access rights to. A subject can be a human user, a process, or a machine..

which is basically what I said before. Its still a little bit unclear to me, why they use “user” in one documentation and “subject” in the other, but as its the same thing, we know what to do.

The documentation further states, that a subject may interact with different authorities (applications) and may have different passwords (credentials) for each of them. To represent the subject/user in these applications, the java.security.Principal class is used.

Our own LoginContext now invokes various LoginModules ( these handle the different ways of authentication, like form based, HTTP-Basic, HTTP-Digest, etc.). The LoginModule interface is part of
the javax.security.auth.spi package. If one ever wants to integrate Facebook connect or something similar, this is where to look at!

But how does the LoginContext know, which LoginModules to invoke? This is done by a Configuration Object.

So, to sum this up:

We have 1-n LoginModules, handling different form of authentication.. file, db, ldap and so on
We have a LoginContext, taking users credentials and supplying them to the LoginModules
We have configurations, specifying which LoginModules should be used by the LoginContext
A client supplies its credentials to the LoginContext. The LoginContext looks up, which LoginModules to use in its Configuration and authenticates the client with the provided credentials against the LoginModules.

But why bother with all this stuff of LoginContext, LoginModules, Configuration and so on? Shouldn’t it be easy to use authentication, especially custom authentication in a web-app?

Because we’ve already got it in our AppServer!

Configuration:
We’re actually creating our Configuration object manually in our web.xml.

Here we define, how we gain the authentication data from the user. In this example, I used auth-method=FORM because no-one wants to use HTTP-Basic Authentication anymore today!

    
        FORM
        nameOfTheRealm

/login.xhtml
/loginError.xhtml

With this configuration, you can already create your own login form with your preferred style, like this:
login.xhtml


Userid
Password

In the next part of the series, we’ll see how you can do it with an jsf/facelets page.

Ok, we now got our form for login. To Logout simply make a link to /j_security_logout

We’ve now got login + logout, but they are not working yet. What we still have to do, is specify, what we’re authenticating against. In this post, we called it LoginModule, in Glassfishv3 its called Realm and we have already
configured it with our Login-Config above.

A post which explains how to configure the simply, build in Glassfish “File-Realm” is available at DevelopInJava.com.

In the next blog entry of this series, we’ll see how we can create our own realm, that really suits our needs.

We now got everything needed for a basic authentication, but we don’t yet have a group to role mapping, which we need for stuff like #{request.isUserInRole(‘ADMIN’)} or annotating our beans (see later for all of that).
So what we’re going to do is, map the given “groups” to roles. Before we do that, we should tell our application, which roles we have. Do it like that in your web.xml

    >
        >all the users with the role Admin>
        >ADMIN>
    >
 
    >
        >all the users that are authenticated>
        >LOGGEDIN_USER>
    >
 
    >
        >all the users that are moderators/extended rights>
        >MODERATOR>
    >

Now we can map the groups we get from the realm to our roles. We have to put this in
/WEB-INF/sun-web.xml (if you’re using Glassfish v3). My file looks like this:

 version="1.0" encoding="UTF-8"?>

Application Server 9.0 Servlet 2.5//EN'
    'http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd'>
 error-url="">
    >/>
    >
        >LOGGEDIN_USER>
        >default>
    >
    >
        >MODERATOR>
        >moderatoren>
    >
    >
        >ADMIN>
        >root>
    >
     delegate="true"/>
    >
         name="keepgenerated" value="true">
            >Keep a copy of the generated 
                servlet class' java code.>
        >
    >
>

Click here to view the general structure of the sun-web.xml file.

Our User -> Principal, Group -> Role mapping now works. We can start protecting resources in our app! Horray!

We’re doing this by specifying “security-constraints” like this in our web.xml

    >
        >
            >admin-area>
            >/admin/>
        >
        >
            >admins should be allowed to access this resources>
            >ADMIN>
        >
    >

This should be quite self-explanatory, for a detailed explanation take a look at
Security Annotations and Authorization in GlassFish and the Java EE 5 SDK, which also explains how to secure beans with annotations
and has a nice matrix whats possible with annotations and whats not.

If you want to lock some stuff for everyone, simply leave the auth-constraint element empty, like this:

    >
        >
            >admin-area>
            >/admin/>
        >
        >
        >
    >

If you’ve followed these instructions and the one on the blog-post Securing a Web Application on Glassfish using JAAS, you should now be able to authenticate different users with different roles in your app using the File-Realm.

In the next articles of the series, we will look how to create an own realm, how to replace the form-based login with a JSF-Based one and how to work with roles in your JSF-Pages.

References:

Authentication in JSF2 with JAAS: Part 1 – Understand the terminology

Dominik Dorn — Wed, 24 Feb 2010 23:02:12 +0000

Ok, this will be a multi-part blog entry series.
What I want to do with this blog entries, is to document, how to make your JSF2 application use JAAS ( Java Authentication and Authorization Service ) to manage your/my users, authenticate them through a form with
the help of the server and use that security information in our JSF2 pages and our Java Beans.

In this first part of the series, I’ll try to cover the terminology used in easy to understand words.

These are the terms, you’ll need to know:

realm: A realm is basically a "user database", being it a flat file with user/pass + group info, database tables or even an ldap directory or something else you can imagine, like facebook connect or google authentication system. It may be used by n applications.
user: A user is a person or program wishing to authenticate against our server/app. If you only make your website for real persons, these are your users. If you also offer a webservice, other programs accessing that service are also users. A user belongs to a realm, so may be valid in n applications (see principal below)
role: Roles are assigned to users and/or groups in an application. E.g. GUEST for a not authenticated visitor, LOGGEDIN_USER for an authenticated user, MODERATOR or ADMIN for special people.
group: Groups are like roles, but they are used over multiple applications and mapped to specific ROLES on an per-application-basis
principal: A Principal is an authenticated user in the scope of an application. The same user may have different principals in different applications. A principal is identified by its name and authenticated using authentication data (credentials)
security policy domain: Also called security domain or realm. Basically, the database where you lookup users. But in this meaning, its where the realms are used, being it application1, application2, applicationN
Security attributes: are attributes associated with every principal, like " is allowed to access the admin area" or stuff like that.
credential: contains or references security attributes; are used to authenticate a Principal for a Java EE product service (your webapp)

If you want to get the original documentation, take a look at the Security chapter in the Java EE 6 Tutorial Volume I

Further references, which I’ll probably be using in the next posts of these series:

Using German Umlauts / Umlaute in JSF/JSF2

Dominik Dorn — Mon, 15 Feb 2010 17:28:16 +0000

If you happen to localize your JSF Web-Application to German, you’ll probably have problems displaying German Umlauts ( äÄ, ö Ö, ü Ü, ß) in your page.

How to resolve this? Encode the umlauts with their Unicode code in your message-bundle like this

ä = \u00e4
Ä = \u00c4
ö = \u00f6
Ö =\u00d6
ü = \u00fc
Ü = \u00dc
ß = \u00df

So, e.g. just specify it like this in your bundle.properties

1	homework=Haus\u00fcbung

Specify the bundle itself in your faces-config.xml

 version='1.0' encoding='UTF-8'?>
 
 version="2.0"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd">
 
    >
        >
            >/bundle>
            >bundle>
        >
    >
>

and use it in your facelets page example.xhtml like this:

1	#{bundle.homework}

or like this

1	value="#{bundle.homework}" />

If you don’t want to convert all the Umlauts in your bundle by hand, simply use javas

1	native2ascii

command to automatically encode the Umlauts in your bundle.properties file.

Update:
I found this unicode chart, which I think is quite useful!

FileUpload with JSF 2 and Servlet 3.0

Dominik Dorn — Mon, 28 Dec 2009 23:11:28 +0000

As I had serious problems with FileUpload and the existing “solutions”, mainly Tomahawk, MyFaces, RichFaces, PrimeFaces, etc. which are all not 100% ready for JSF 2.

I created a taglib based on the code of BalusC.
You can find the Taglib on Github

The source code is based on these two posts:

Simply check out the code with git

1	git clone http://github.com/domdorn/fileUploadServlet3JSF2.git

then install the taglib with

1	mvn clean compile install

and import it into your maven project like this

net.balusc
fileUploadServlet3JSF2
1.0-SNAPSHOT

You can then use the taglib in your Facelets files like this:

Upload.xhtml

 version="1.0" encoding="UTF-8"?>

PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"
	xmlns:h="http://java.sun.com/jsf/html"
	xmlns:f="http://java.sun.com/jsf/core"
	xmlns:ui="http://java.sun.com/jsf/facelets"
	xmlns:hh="http://balusc.net/jsf/html"
>
>
	>FileUploadTest>
>
>
 
 prependId="false">
 
	 globalOnly="false" id="messages"/>
 
	 columns="3">
 
			 for="someText">
				SomeText:
			>
 
			 id="someText" value="#{uploadBean.someText}" required="true">
				 event="blur" render="someText someTextMessage" execute="@this"/>
			>  for="someText" id="someTextMessage"/>
 
			 for="filenameText">
			Filename:
			>
 
			 id="filenameText" value="#{uploadBean.filename}" required="true">
				 event="blur" render="filenameText filenameTextMessage" execute="@this" />
			>
			 for="filenameText" id="filenameTextMessage"/>
	>
	>
 
	 enctype="multipart/form-data" prependId="false">
	 columns="3">
		 for="uploadedFile" rendered="#{empty uploadBean.file}">
				Input File:
		>
		 id="uploadedFile" value="#{uploadBean.file}" rendered="#{empty uploadBean.file}">
			 validatorId="fileValidator"/>
		>
		 for="uploadedFile"/>
	>
	 value="submit" action="#{uploadBean.submit}" />
>
>
>

The bean:

package com.dominikdorn.simpleFileUpload.beans;code>
 
import javax.faces.bean.ManagedBean;
import javax.faces.bean.RequestScoped;
import javax.faces.bean.SessionScoped;
import javax.faces.bean.ViewScoped;
import java.io.File;
 
@ViewScoped
@ManagedBean
public class UploadBean {
 
private File file;
private String filename;
 
public String getFilename() {
return filename;
}
 
public void setFilename(String filename) {
System.out.println("binding filename");
this.filename = filename;
}
 
public String submit()
{
System.out.println("calling submit");
 
if(file != null)
{
this.filename = file.getName();
}
 
System.out.println("processed");
// do what you want with the file
return "yeah";
}
 
public UploadBean() {
}
 
public File getFile() {
return file;
}
 
public void setFile(File file) {
this.file = file;
}
 
private String someText;
 
public String getSomeText() {
return someText;
}
 
public void setSomeText(String someText) {
System.out.println("binding someText");
this.someText = someText;
}
}