Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lack of support for secure cookie in com.sun.faces.context.ExternalContextImpl? #5202

Closed
morvael opened this issue Jan 18, 2023 · 5 comments
Closed

Lack of support for secure cookie in com.sun.faces.context.ExternalContextImpl? #5202

morvael opened this issue Jan 18, 2023 · 5 comments

Comments

@morvael
Copy link

morvael commented Jan 18, 2023

This is stack trace of a bug that breaks non-ajax file downloads using PrimeFaces after migrating from Java EE 8 to Jakarta EE 10 (and from WildFly 26 to 27):

Caused by: java.lang.IllegalArgumentException: No enum constant com.sun.faces.context.ExternalContextImpl.PREDEFINED_COOKIE_PROPERTIES.SameSite
	at java.base/java.lang.Enum.valueOf(Enum.java:273)
	at com.sun.jsf-impl@4.0.0.SP01//com.sun.faces.context.ExternalContextImpl$PREDEFINED_COOKIE_PROPERTIES.valueOf(ExternalContextImpl.java:102)
	at com.sun.jsf-impl@4.0.0.SP01//com.sun.faces.context.ExternalContextImpl.addResponseCookie(ExternalContextImpl.java:765)
	at jakarta.faces.api//jakarta.faces.context.ExternalContextWrapper.addResponseCookie(ExternalContextWrapper.java:646)
	at deployment.sandbox-ear-1.ear.sandbox-web-1.war//org.primefaces.util.ResourceUtils.addResponseCookie(ResourceUtils.java:178)
	at deployment.sandbox-ear-1.ear.sandbox-web-1.war//org.primefaces.component.filedownload.FileDownloadActionListener.regularDownload(FileDownloadActionListener.java:93)
	at deployment.sandbox-ear-1.ear.sandbox-web-1.war//org.primefaces.component.filedownload.FileDownloadActionListener.processAction(FileDownloadActionListener.java:70)

I started this as primefaces/primefaces#9702 and later discovered primefaces/primefaces#6111 which seems to be related. Is it because WildFly 27.0.1 uses older version of ExternalContextImpl (I see current master contains "secure")?
@melloware
Copy link
Contributor

See: #5165

@morvael
Copy link
Author

morvael commented Jan 18, 2023

Yes, found this in history. I guess I need this ASAP in WildFly :) Is turning off secure cookies a possible workaround?

@melloware
Copy link
Contributor

Yeah I think you can disable in PF with a switch.

@BalusC
Copy link
Contributor

BalusC commented Jan 18, 2023
edited
Loading

Already fixed in Mojarra side indeed.

#5165

Is turning off secure cookies a possible workaround?

Or, quick'n'dirty, patch the ExternalContextImpl by providing a local copy extracted from latest Mojarra version in your WAR while maintaining the exact FQN. This one will have higher precedence in classloading.

@BalusC BalusC closed this as completed Jan 18, 2023
@morvael
Copy link
Author

morvael commented Jan 19, 2023

Failed to make it work when part of war/ear (preserving FQN), but patched WidlFly's jsf-impl-4.0.0.SP01.jar and all is well now.

@Lars5678 Lars5678 mentioned this issue Jul 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@BalusC @morvael @melloware