1 2 Previous Next 20 Replies Latest reply on Feb 26, 2011 9:27 AM by henk53

protect jsf files

javatwo Dec 7, 2010 6:37 AM

Is there a way to protect jsf (jsp) files? jsf files are encrypted in the war, and decrypted before they are loaded to create tree view . jsf files are compiled and live in memory. How to plugin such decryption code?

Thanks, Dave

1. Re: protect jsf files

nbelaevski Dec 7, 2010 6:12 PM (in response to javatwo)

Hi Dave,

In JSF 1.2 you can use ViewHandler (generic solution) or ResourceResolver (Facelets-specific). For JSF 2.0 ResourceResolver also or define your own ViewDeclarationLanguageFactory.
Actions
2. Re: protect jsf files

javatwo Dec 9, 2010 7:05 AM (in response to nbelaevski)

Hi Nick, thanks for reply.   I looked at jsf-ri ViewHandlerImpl. There is one method,

private boolean executePageToBuildView(FacesContext context, UIViewRoot viewToExecute)

but the method calls
        // build the view by executing the page
        extContext.dispatch(requestURI);

It seems depatching the URI to servlet container. I could not find the code that build jsf view tree from jsf file.

Thanks for help. Dave
Actions
3. Re: protect jsf files

nbelaevski Dec 9, 2010 7:49 AM (in response to javatwo)

What JSF version do you use?
Actions
4. Re: protect jsf files

javatwo Dec 9, 2010 12:05 PM (in response to nbelaevski)

jsf ri: jsf-impl.1.2.12.jar
Actions
5. Re: protect jsf files

nbelaevski Dec 9, 2010 12:16 PM (in response to javatwo)

You can override com.sun.facelets.FaceletViewHandler.buildView(FacesContext, UIViewRoot) or are you using JSP pages?
Actions
6. Re: protect jsf files

javatwo Dec 11, 2010 7:09 AM (in response to nbelaevski)

I am using JSP pages.
Actions
7. Re: protect jsf files

javatwo Dec 12, 2010 5:58 AM (in response to javatwo)

I downloaded facelet 1.1.14, and tried facelet, but got

Caused by: java.lang.NullPointerException
        at com.sun.facelets.compiler.NamespaceHandler.apply(NamespaceHandler.java:49)
        at com.sun.facelets.compiler.EncodingHandler.apply(EncodingHandler.java:25)
        at com.sun.facelets.impl.DefaultFacelet.apply(DefaultFacelet.java:95)
        at com.sun.facelets.FaceletViewHandler.buildView(FaceletViewHandler.java:524)
        at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:567)
        at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:100)
        at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:176)
        at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110)
        at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
        at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
        at org.apache.myfaces.custom.ppr.PPRLifecycleWrapper.render(PPRLifecycleWrapper.java:84)
        at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)

I like to check out the facelet source file. I can browse
http://java.net/projects/facelets/sources/svn/show/tags/milestone_1-1-14?rev=679

But i could not check out
svn checkout "http://java.net/projects/facelets/sources/svn/show/tags/milestone_1-1-14" facelet

Thanks for help
Dave
Actions
8. Re: protect jsf files

nbelaevski Dec 12, 2010 6:26 AM (in response to javatwo)

Dave,

Encrypting JSP pages is actually out of JSF scope, because, as you already mentioned, it executes page on the server to build component tree. So there nothing from JSF side you can use.

For Facelets: java.net projects are being migrated to Kenai infrastructure, so I've noticed downloads for some projects are not available. However you can get sources here: http://repo1.maven.org/maven2/com/sun/facelets/jsf-facelets/1.1.14/jsf-facelets-1.1.14-sources.jar
Actions
9. Re: protect jsf files

javatwo Dec 12, 2010 8:04 AM (in response to nbelaevski)

Hi Nick, I downloaded the source, debug it:

the following method return null since libraries.length is 0. I am not familiar with the code.

CompositeTagLibrary.java
------------------
public TagHandler createTagHandler(String ns, String localName,
            TagConfig tag) throws FacesException {
        for (int i = 0; i < this.libraries.length; i++) {
            if (this.libraries[i].containsTagHandler(ns, localName)) {
                return this.libraries[i].createTagHandler(ns, localName, tag);
            }
        }
        return null;
    }

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:ui="http://java.sun.com/jsf/facelets"
      xmlns:h="http://java.sun.com/jsf/html"
      xmlns:f="http://java.sun.com/jsf/core"
      xmlns:t="http://myfaces.apache.org/tomahawk"
      xmlns:a4j="http://richfaces.org/a4j"
      xmlns:rich="http://richfaces.org/rich" >
<ui:composition template="/layout.xhtml">
<ui:param name="bean" value="#{aBean}" />
</ui:composition>
</html>

layout.xhtml
--------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:ui="http://java.sun.com/jsf/facelets"
      xmlns:h="http://java.sun.com/jsf/html"
      xmlns:f="http://java.sun.com/jsf/core"
      xmlns:t="http://myfaces.apache.org/tomahawk"
      xmlns:a4j="http://richfaces.org/a4j"
      xmlns:rich="http://richfaces.org/rich" >
<ui:composition template="/layout_basic.xhtml">
<ui:define name="content">
...
</ui:define>
</ui:composition>
</html>

Anything wrong with the facelet pages? Thanks for help.

Dave
Actions
10. Re: protect jsf files

nbelaevski Dec 12, 2010 10:53 AM (in response to javatwo)

Pages look ok. Check that you have configured Facelets view handler. Also on JBoss AS built-in tag libraries are not discovered correctly, so you should use Facelets with version greater than 1.1.15.b1.
Actions
11. Re: protect jsf files

javatwo Dec 12, 2010 1:27 PM (in response to nbelaevski)

Hi Nick, I downloaded the 1.1.15.B1, and the issue was solved.

For EL, it does not support boolean operator "&&". I have to replace it with "and".

com.sun.facelets.FaceletException: Error Parsing foo.xhtml: Error Traced[line: 47] The entity name must immediately follow the '&' in the entity reference.

Thanks , Dave
Actions
12. Re: protect jsf files

nbelaevski Dec 12, 2010 5:16 PM (in response to javatwo)

For EL, it does not support boolean operator "&&". I have to replace it with "and".
Yes, Facelet views should be correct XML files. You can use & or enclose text into CDATA if ampersand symbol is used inside text.
Actions
13. Re: protect jsf files

javatwo Dec 12, 2010 11:12 PM (in response to nbelaevski)

Facelet tries to evaluate comments in .xhtml files and show comments in generated HTML.





Comments are internal and should not be displayed to client browser. Is there a way to prevent both?

Thanks, Dave
Actions
14. Re: protect jsf files

javatwo Dec 12, 2010 11:48 PM (in response to javatwo)

I found the following:
<context-param>
<param-name>facelets.SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
Actions

1 2 Previous Next

Go to original post