Ajax4JSF issues with MyFaces Ajax Components

I’ve posted an entry about how much I like AJAX4JSF some time ago but it turns out the lib causes issues with myfaces ajax components. I’ve not tried all of the ajax components we have but when the AJAX4JSF filter is configured in the application components like inputsuggestajax begin to fail.

Ajax4JSF filter is the cause of this, I haven’t digged what it does deeply but simply removing the filter config makes the myfaces components work again. Me and my buddy Yigit needed to use both ajax4jsf and myfaces ajax component together without any problems, so we came up with an interesting hack. In myfaces we generally use a request parameter called affectedAjaxComponent when making an ajax call with dojo, the idea is to disable ajax4jsf’s filter to intervene when there is a parameter with key affectedAjaxComponent in request parameter map. In order to apply the hack, we’ve checked out the code of ajax4jsf code from java.net, applied the hack and made our own quick fix build.

The hack works for us right now in our project but of course I’ll prefer ajax4jsf and myfaces ajax components work together without any hacks in general.

UPDATE: 28.11.2007
Solution: By setting forceparser to false, myfaces ajax components started working with Ajax4JSF. The config must be as follows;

<filter>   <display-name>Ajax4jsf Filter</display-name>   <filter-name>ajax4jsf</filter-name>   <filter-class>org.ajax4jsf.Filter</filter-class>   <init-param>    <param-name>forceparser</param-name>    <param-value>false</param-value>   </init-param> </filter> <filter-mapping>   <filter-name>ajax4jsf</filter-name>   <servlet-name>Faces Servlet</servlet-name>   <dispatcher>REQUEST</dispatcher>   <dispatcher>FORWARD</dispatcher>   <dispatcher>INCLUDE</dispatcher> </filter-mapping>

Many thanks to Sergey Smirnov for this.

MyFaces Security EL Extensions

Last week I’ve completed my work on the Security EL extension in Myfaces and added it to sandbox. By the help of SecurityContextVariableResolver and the SecurityContextPropertyResolver it’s possible to retrieve information from the underlying authentication/authorization mechanism that is used in the JSF application. The advantage of the resolver over existing enabledOnUserRole-visibleOnUserRole attributes is that the resolver can be used with any jsf component not just the extended ones in tomahawk. Also these two attributes will be deprecated soon in future releases of tomahawk.

Current Features
   1. #{securityContext.authType} : Gives the name of authentication mechanism used like BASIC, FORM or etc.
   2. #{securityContext.remoteUser} : Returns the name of the current authenticated user
   3. #{securityContext.ifGranted['rolename']} : If the user is in the role “rolename”, returns true or vice versa
   4. #{securityContext.ifAllGranted['rolename1,rolename2']} : Returns true if user is in all of the roles given in the roles list, vice versa
   5. #{securityContext.ifAnyGranted['rolename1,rolename2']} : Returns true if user is in any one of the roles given in the roles list, vice versa
   6. #{securityContext.ifNotGranted['rolename1,rolename2']} : Returns true if user is not in any of the roles given in the roles list, vice versa

SecurityContext is an abstract class that is used when the expressions above are resolved, J2EE container security is used by the default implementation SecurityContextImpl meaning;

ifGranted #{securityContext.ifGranted['rolename']} will yield to FacesContext.getCurrentInstance().getExternalContext().isUserInRole(“rolename”).

It’s also possible to provide your own implementation of the SecurityContext if you’re using another mechanism to manage security other than J2EE container like JAAS or ACEGI(Try SecurityContextHolderAwareRequestFilter first:). In order to plug your implementation in org.apache.myfaces.SECURITY_CONTEXT context parameter needs to be configured with the class name of your implementation as the param value.

<context-param>     <param-name>org.apache.myfaces.SECURITY_CONTEXT</param-name>     <param-value>com.mycompany.MySecurityContextImpl</param-value> </context-param>