exabrial
commented
3 years ago can you try this with a current version of Apache TomEE? 8.0.1 is woefully out of date and contains security vulnerabilities.
Open macbl opened 3 years ago
exabrial
commented
3 years ago can you try this with a current version of Apache TomEE? 8.0.1 is woefully out of date and contains security vulnerabilities.
macbl
commented
3 years ago I can confirm this on Tomee 8.0.6. plume. DateTimePicker requires owasp-java-html-sanitizer.jar which in turn requires google guava.jar (2.1 MB!). For a simple calendar element this is a quite heavy dependency. [...by the way, I like BootsFaces very much.]
The dateTimePicker causes an exception with Tomee due to a missing HTMLPoliyBuilder. Is there an undocumented dependecy to a third party lib now?
Stack Trace: 18-Jan-2021 11:59:39.242 SEVERE [https-jsse-nio-8443-exec-8] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [Faces Servlet] in context with path [] threw exception [org/owasp/html/HtmlPolicyBuilder] with root cause java.lang.ClassNotFoundException: org.owasp.html.HtmlPolicyBuilder at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1365) at org.apache.tomee.catalina.TomEEWebappClassLoader.loadClass(TomEEWebappClassLoader.java:208) at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1188) at net.bootsfaces.component.dateTimePicker.DateTimePickerRenderer.encodeJS(DateTimePickerRenderer.java:396) at net.bootsfaces.component.dateTimePicker.DateTimePickerRenderer.encodeBegin(DateTimePickerRenderer.java:152) at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:540) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1644) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650) at javax.faces.render.Renderer.encodeChildren(Renderer.java:152) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:566) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1647) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650) at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:468) at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:170) at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:132) at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:102) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76) at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:199) at javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:708) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:451) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.openejb.server.httpd.EEFilter.doFilter(EEFilter.java:65) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:368) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.tomee.catalina.OpenEJBValve.invoke(OpenEJBValve.java:45) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:666) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.tomee.catalina.OpenEJBSecurityListener$RequestCapturer.invoke(OpenEJBSecurityListener.java:97) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1598) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:835)