search

eclipse-ee4j / mojarra

Mojarra, a Jakarta Faces implementation
Other
160 stars 109 forks source link

Lack of support for secure cookie in com.sun.faces.context.ExternalContextImpl? #5202

Closed morvael closed 1 year ago

morvael commented 1 year ago

This is stack trace of a bug that breaks non-ajax file downloads using PrimeFaces after migrating from Java EE 8 to Jakarta EE 10 (and from WildFly 26 to 27):

Caused by: java.lang.IllegalArgumentException: No enum constant com.sun.faces.context.ExternalContextImpl.PREDEFINED_COOKIE_PROPERTIES.SameSite
    at java.base/java.lang.Enum.valueOf(Enum.java:273)
    at com.sun.jsf-impl@4.0.0.SP01//com.sun.faces.context.ExternalContextImpl$PREDEFINED_COOKIE_PROPERTIES.valueOf(ExternalContextImpl.java:102)
    at com.sun.jsf-impl@4.0.0.SP01//com.sun.faces.context.ExternalContextImpl.addResponseCookie(ExternalContextImpl.java:765)
    at jakarta.faces.api//jakarta.faces.context.ExternalContextWrapper.addResponseCookie(ExternalContextWrapper.java:646)
    at deployment.sandbox-ear-1.ear.sandbox-web-1.war//org.primefaces.util.ResourceUtils.addResponseCookie(ResourceUtils.java:178)
    at deployment.sandbox-ear-1.ear.sandbox-web-1.war//org.primefaces.component.filedownload.FileDownloadActionListener.regularDownload(FileDownloadActionListener.java:93)
    at deployment.sandbox-ear-1.ear.sandbox-web-1.war//org.primefaces.component.filedownload.FileDownloadActionListener.processAction(FileDownloadActionListener.java:70)

I started this as https://github.com/primefaces/primefaces/issues/9702 and later discovered https://github.com/primefaces/primefaces/issues/6111 which seems to be related. Is it because WildFly 27.0.1 uses older version of ExternalContextImpl (I see current master contains "secure")?

melloware commented 1 year ago

See: https://github.com/eclipse-ee4j/mojarra/issues/5165

morvael commented 1 year ago

Yes, found this in history. I guess I need this ASAP in WildFly :) Is turning off secure cookies a possible workaround?

melloware commented 1 year ago

Yeah I think you can disable in PF with a switch.

BalusC commented 1 year ago

Already fixed in Mojarra side indeed.

https://github.com/eclipse-ee4j/mojarra/issues/5165

Is turning off secure cookies a possible workaround?

Or, quick'n'dirty, patch the ExternalContextImpl by providing a local copy extracted from latest Mojarra version in your WAR while maintaining the exact FQN. This one will have higher precedence in classloading.

morvael commented 1 year ago

Failed to make it work when part of war/ear (preserving FQN), but patched WidlFly's jsf-impl-4.0.0.SP01.jar and all is well now.