3 Replies Latest reply on Dec 15, 2008 9:22 AM by Nick Belaevski

    problem with 3.2 upgrade - prompted to download skinning.js.

    sarah valentine Newbie

      We recently upgraded from myfaces1.1.5, JBoss 4.0.5 to
      JBoss 4.2.2, tomahawk12-1.1.7, richfaces 3.2.2.SR1

      Running using an IE 7.0 browser results in a popup dialog to download skinning.js.faces. This occurred immediately after the upgrade (no code change was involved.)

      The web.xml changes made were:
      - adding parameter for com.sun.faces: numberOfViewsInSession, numberOfLogicalViews
      - commented out listener org.apache.myfaces.webapp.StartupServletContextListener
      - added listener com.sun.faces.config.ConfigureListener

      Any idea of what may be the cause of this error?

      Thanks,
      Sarah

        • 1. Re: problem with 3.2 upgrade - prompted to download skinning
          Nick Belaevski Master

          Hi Sarah,

          Looks like content type for skinning.js is incorrect for some reason. Can you please post your web.xml file? Also can you please post details for skinning.js from Firefox Firebug add-on like on this picture: http://i34.tinypic.com/2qj9jea.png?

          • 2. Re: problem with 3.2 upgrade - prompted to download skinning
            sarah valentine Newbie

            Using firefox it does not prompt for a download but immediately downloads the js --
            http://cvs.local.enservio.com:8080/a4j/s/3_2_2.SR1org/richfaces/renderkit/html/css/extended_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.faces

            Firebug shows the DOM so I'm not sure if that would be helpful.

            My web.xml

            <?xml version="1.0" encoding="UTF-8"?>
            <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4"
             xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
            
             <display-name>cvs</display-name>
             <description>
             This application is the (hopefully) new UI for Enservio's CVS application.
             </description>
            
             <!-- How long will web sessions last (in minutes) -->
             <session-config>
             <session-timeout>15</session-timeout>
             </session-config>
            
             <error-page>
             <error-code>400</error-code>
             <location>/internal/inbox.faces</location>
             </error-page>
            
             <error-page>
             <error-code>404</error-code>
             <location>/internal/inbox.faces</location>
             </error-page>
            
             <error-page>
             <error-code>408</error-code>
             <location>/internal/inbox.faces</location>
             </error-page>
            
             <listener>
             <description>Monitors http session activity.</description>
             <listener-class>
             com.enservio.webapp.listener.EnservioSessionListener
             </listener-class>
             </listener>
            
            <!--
             <context-param>
             <description>
             A very common problem in configuring MyFaces-web-applications
             is that the Extensions-Filter is not configured at all
             or improperly configured. This parameter will check for a properly
             configured Extensions-Filter if it is needed by the web-app.
             In most cases this check will work just fine, there might be cases
             where an internal forward will bypass the Extensions-Filter and the check
             will not work. If this is the case, you can disable the check by setting
             this parameter to false.
             </description>
             <param-name>org.apache.myfaces.CHECK_EXTENSIONS_FILTER</param-name>
             <param-value>false</param-value>
             </context-param>
            -->
            
             <!-- -->
             <!-- JBoss -->
             <!-- -->
            <!--
             <context-param>
             <param-name>org.jboss.jbossfaces.WAR_BUNDLES_JSF_IMPL</param-name>
             <param-value>true</param-value>
             </context-param>
            -->
            
             <!-- -->
             <!-- JBoss RichFaces -->
             <!-- -->
             <context-param>
             <param-name>org.richfaces.SKIN</param-name>
             <param-value>blueSky</param-value>
             </context-param>
            
             <filter>
             <display-name>RichFaces Filter</display-name>
             <filter-name>richfaces</filter-name>
             <filter-class>org.ajax4jsf.Filter</filter-class>
             </filter>
            
             <filter-mapping>
             <filter-name>richfaces</filter-name>
             <servlet-name>faces-servlet</servlet-name>
             <dispatcher>REQUEST</dispatcher>
             <dispatcher>FORWARD</dispatcher>
             <dispatcher>INCLUDE</dispatcher>
             </filter-mapping>
            
             <!--
             *** Uncomment the extensions filter and the two following extensions
             *** mappings to enable Tomahawk (MyFaces extended components
             *** and custom validators). See tutorial at
             *** http://www.coreservlets.com/JSF-Tutorial/ and
             *** http://myfaces.apache.org/tomahawk/extensionsFilter.html
             *** Also note that if you use the old style (servlet 2.3)
             *** declaration for web.xml, you have to put these filter entries
             *** at the TOP of web.xml.
             -->
            <!--
             <filter>
             <filter-name>MyFacesExtensionsFilter</filter-name>
             <filter-class>
             org.apache.myfaces.webapp.filter.ExtensionsFilter
             </filter-class>
             <init-param>
             <param-name>uploadMaxFileSize</param-name>
             <param-value>100m</param-value>
             </init-param>
             </filter>
            
             <filter-mapping>
             <filter-name>MyFacesExtensionsFilter</filter-name>
             <servlet-name>faces-servlet</servlet-name>
             </filter-mapping>
             <filter-mapping>
             <filter-name>MyFacesExtensionsFilter</filter-name>
             <url-pattern>*.faces</url-pattern>
             </filter-mapping>
             <filter-mapping>
             <filter-name>MyFacesExtensionsFilter</filter-name>
             <url-pattern>/faces/myFacesExtensionResource/*</url-pattern>
             </filter-mapping>
            -->
            
             <!-- -->
             <!-- JSF -->
             <!-- -->
             <servlet>
             <servlet-name>faces-servlet</servlet-name>
             <servlet-class>com.enservio.faces.EnservioFacesServlet</servlet-class>
             <load-on-startup>1</load-on-startup>
             </servlet>
            
             <servlet-mapping>
             <servlet-name>faces-servlet</servlet-name>
             <url-pattern>*.faces</url-pattern>
             </servlet-mapping>
            
             <!-- This tells JSF RI ConfigureListener to initialize JSF
             even though FacesServlet is not referenced in web.xml -->
             <context-param>
             <param-name>com.sun.faces.forceLoadConfiguration</param-name>
             <param-value>true</param-value>
             </context-param>
            
             <!-- Reduce the number of cached view objects for each JSF session -->
             <context-param>
             <param-name>com.sun.faces.numberOfViewsInSession</param-name>
             <param-value>2</param-value>
             </context-param>
            
             <!-- Reduce the number of cached view objects for each JSF session -->
             <context-param>
             <param-name>com.sun.faces.numberOfLogicalViews</param-name>
             <param-value>2</param-value>
             </context-param>
            
             <context-param>
             <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
             <param-value>server</param-value>
             </context-param>
            
             <context-param>
             <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
             <param-value>.xhtml</param-value>
             </context-param>
            
             <context-param>
             <param-name>facelets.DEVELOPMENT</param-name>
             <param-value>false</param-value>
             </context-param>
            
             <context-param>
             <param-name>javax.faces.CONFIG_FILES</param-name>
             <param-value>/WEB-INF/navigation.xml</param-value>
             </context-param>
            
             <context-param>
             <param-name>com.enservio.DEFAULT_URL</param-name>
             <param-value>/internal/inbox.faces</param-value>
             </context-param>
            
             <context-param>
             <param-name>com.enservio.DEFAULT_ERROR_URL</param-name>
             <param-value>/internal/error.faces</param-value>
             </context-param>
            
             <!-- -->
             <!-- MyFaces -->
             <!-- -->
            <!--
             <listener>
             <listener-class>
             org.apache.myfaces.webapp.StartupServletContextListener
             </listener-class>
             </listener>
            -->
            
             <!-- config listener for JBoss / SUN JSF RI -->
             <listener>
             <listener-class>
             com.sun.faces.config.ConfigureListener
             </listener-class>
             </listener>
            
             <!-- -->
             <!-- MyFaces Specific Configuration Parameters -->
             <!-- -->
             <!--
             <context-param>
             <description>
             Comma separated list of URIs of (additional) faces config
             files. (e.g. /WEB-INF/my-config.xml) See JSF 1.0 PRD2,
             10.3.2
             </description>
             <param-name>javax.faces.CONFIG_FILES</param-name>
             <param-value>/WEB-INF/faces-config.xml</param-value>
             </context-param>
            
            
             <context-param>
             <description>
             This parameter tells MyFaces if javascript code should be
             allowed in the rendered HTML output. If javascript is
             allowed, command_link anchors will have javascript code that
             submits the corresponding form. If javascript is not
             allowed, the state saving info and nested parameters will be
             added as url parameters. Default: "true"
             </description>
             <param-name>org.apache.myfaces.ALLOW_JAVASCRIPT</param-name>
             <param-value>true</param-value>
             </context-param>
            
             <context-param>
             <description>
             If true, rendered HTML code will be formatted, so that it is
             "human readable". i.e. additional line separators and
             whitespace will be written, that do not influence the HTML
             code. Default: "true"
             </description>
             <param-name>org.apache.myfaces.PRETTY_HTML</param-name>
             <param-value>true</param-value>
             </context-param>
            
             <context-param>
             <param-name>org.apache.myfaces.DETECT_JAVASCRIPT</param-name>
             <param-value>false</param-value>
             </context-param>
            
             <context-param>
             <description>
             If true, a javascript function will be rendered that is able
             to restore the former vertical scroll on every request.
             Convenient feature if you have pages with long lists and you
             do not want the browser page to always jump to the top if
             you trigger a link or button action that stays on the same
             page. Default: "false"
             </description>
             <param-name>org.apache.myfaces.AUTO_SCROLL</param-name>
             <param-value>true</param-value>
             </context-param>
             -->
             <!-- -->
             <!-- Struts -->
             <!-- -->
             <servlet>
             <servlet-name>action</servlet-name>
             <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
             <init-param>
             <param-name>config</param-name>
             <param-value>/WEB-INF/struts-config.xml</param-value>
             </init-param>
             <init-param>
             <param-name>debug</param-name>
             <param-value>3</param-value>
             </init-param>
             <init-param>
             <param-name>detail</param-name>
             <param-value>3</param-value>
             </init-param>
             <load-on-startup>0</load-on-startup>
             </servlet>
            
             <servlet-mapping>
             <servlet-name>action</servlet-name>
             <url-pattern>*.do</url-pattern>
             </servlet-mapping>
            
             <!-- -->
             <!-- jBPM SchedulerServlet -->
             <!-- -->
             <servlet>
             <servlet-name>SchedulerServlet</servlet-name>
             <servlet-class>org.jbpm.web.JbpmThreadsServlet</servlet-class>
             <load-on-startup>1</load-on-startup>
             </servlet>
             <servlet-mapping>
             <servlet-name>SchedulerServlet</servlet-name>
             <url-pattern>/scheduler</url-pattern>
             </servlet-mapping>
            
             <!-- -->
             <!-- REPORTS VIEW SERVLET -->
             <!-- -->
             <servlet>
             <servlet-name>ReportViewServlet</servlet-name>
             <servlet-class>com.enservio.reports.ReportViewServlet</servlet-class>
             </servlet>
             <servlet-mapping>
             <servlet-name>ReportViewServlet</servlet-name>
             <url-pattern>/reports/*</url-pattern>
             </servlet-mapping>
            
             <!-- -->
             <!-- Filters -->
             <!-- NOTE: Order of filters matters -->
             <!-- -->
            
             <filter>
             <filter-name>SessionTrackingFilter</filter-name>
             <filter-class>com.enservio.webapp.filter.SessionTrackingFilter</filter-class>
             <init-param>
             <param-name>com.enservio.webapp.SessionTracker.RedirectUri</param-name>
             <param-value>/external/login-session-invalid.faces</param-value>
             </init-param>
             </filter>
             <filter-mapping>
             <filter-name>SessionTrackingFilter</filter-name>
             <url-pattern>/*</url-pattern>
             </filter-mapping>
            
            
             <filter>
             <filter-name>LogFilter</filter-name>
             <filter-class>com.enservio.webapp.filter.LogFilter</filter-class>
             </filter>
             <filter-mapping>
             <filter-name>LogFilter</filter-name>
             <url-pattern>/*</url-pattern>
             </filter-mapping>
            
             <filter>
             <filter-name>ContextFilter</filter-name>
             <filter-class>com.enservio.webapp.filter.ContextFilter</filter-class>
             <init-param>
             <param-name>filter-domain-name</param-name>
             <param-value>true</param-value>
             </init-param>
             </filter>
             <filter-mapping>
             <filter-name>ContextFilter</filter-name>
             <url-pattern>/*</url-pattern>
             </filter-mapping>
            
             <!-- -->
             <!-- cache control filters -->
             <!-- -->
            
             <filter>
             <filter-name>CacheAllForDay</filter-name>
             <filter-class>com.enservio.webapp.filter.CacheControlFilter</filter-class>
             <init-param>
             <param-name>*</param-name>
             <param-value>86400</param-value>
             </init-param>
             </filter>
             <filter-mapping>
             <filter-name>CacheAllForDay</filter-name>
             <url-pattern>/external/*</url-pattern>
             </filter-mapping>
             <filter-mapping>
             <filter-name>CacheAllForDay</filter-name>
             <url-pattern>/images/*</url-pattern>
             </filter-mapping>
             <filter-mapping>
             <filter-name>CacheAllForDay</filter-name>
             <url-pattern>/css/*</url-pattern>
             </filter-mapping>
             <filter-mapping>
             <filter-name>CacheAllForDay</filter-name>
             <url-pattern>/js/*</url-pattern>
             </filter-mapping>
            
             <filter>
             <filter-name>CacheOnlyImagesForDay</filter-name>
             <filter-class>com.enservio.webapp.filter.CacheControlFilter</filter-class>
             <init-param>
             <param-name>image/gif</param-name>
             <param-value>86400</param-value>
             </init-param>
             <init-param>
             <param-name>*</param-name>
             <param-value>0</param-value>
             </init-param>
             </filter>
             <filter-mapping>
             <filter-name>CacheOnlyImagesForDay</filter-name>
             <url-pattern>/internal/*</url-pattern>
             </filter-mapping>
            
            <!--
             <filter>
             <description>Forces any user to login if their session times out.</description>
             <filter-name>force-login</filter-name>
             <filter-class>com.enservio.webapp.filter.ForceLoginFilter</filter-class>
             <init-param>
             <param-name>com.enservio.faces.LoginUri</param-name>
             <param-value>/index.jsp</param-value>
             </init-param>
             <init-param>
             <param-name>com.enservio.faces.NoForwardViewIds</param-name>
             <param-value>
             /external/home.do /external/register.do /external/forgotPassword.do /external/changePassword.do
             </param-value>
             </init-param>
             </filter>
             <filter-mapping>
             <filter-name>force-login</filter-name>
             <url-pattern>*.faces</url-pattern>
             </filter-mapping>
             -->
            
             <!-- -->
             <!-- Development Configuration Parameters -->
             <!-- -->
             <context-param>
             <description>
             Set this flag to true if you want the jsf-ri to validate the
             XML in your faces-config.xml resources against the DTD.
             Default value is false.
             </description>
             <param-name>com.sun.faces.validateXml</param-name>
             <param-value>true</param-value>
             </context-param>
            
             <context-param>
             <description>
             Set this flag to true, if you want the jsf-ri to verify that
             all of the application objects you have configured
             (components, converters, renderers, and validators) can be
             successfully created. Default value is false.
             </description>
             <param-name>com.sun.faces.verifyObjects</param-name>
             <param-value>true</param-value>
             </context-param>
            
             <context-param>
             <param-name>facelets.SKIP_COMMENTS</param-name>
             <param-value>true</param-value>
             </context-param>
            
             <!-- COMMENT THIS OUT FOR SINGLE-SIGNON
            -->
             <login-config>
             <auth-method>FORM</auth-method>
             <realm-name>CVS Application Security Realm</realm-name>
             <form-login-config>
             <form-login-page>/external/login.faces</form-login-page>
             <form-error-page>/external/login-error.faces</form-error-page>
             </form-login-config>
             </login-config>
            
             <welcome-file-list>
             <welcome-file>index.jsp</welcome-file>
             </welcome-file-list>
            
             <!-- absence of auth-constraint means /external/* is unprotected (longer urls override shorter urls)
            -->
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>CVS External Pages</web-resource-name>
             <description>accessible by anyone</description>
             <url-pattern>/external/*</url-pattern>
             <url-pattern>/images/*</url-pattern>
             <url-pattern>/css/*</url-pattern>
             <url-pattern>/js/*</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             </security-constraint>
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>CVS App</web-resource-name>
             <description>accessible by authorised users</description>
             <url-pattern>/*</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
             <description>These are the roles who have access</description>
             <role-name>User</role-name>
             </auth-constraint>
             </security-constraint>
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>Contact Edit pages</web-resource-name>
             <description>accesible by CONTACT_EDIT</description>
             <url-pattern>/internal/contact/edit/*</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
             <role-name>Operations_Manager</role-name>
             </auth-constraint>
             </security-constraint>
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>Contact search/view pages</web-resource-name>
             <description>accesible by CONTACT_VIEW</description>
             <url-pattern>/internal/contact/view/*</url-pattern>
             <url-pattern>/internal/contact/search.faces</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
             <role-name>Owner</role-name>
             <role-name>Partner_Operations_Manager</role-name>
             <role-name>Partner_Field_Inventory_Manager</role-name>
             <role-name>Partner_Field_Inventory</role-name>
             <role-name>Client</role-name>
             </auth-constraint>
             </security-constraint>
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>Company Edit pages</web-resource-name>
             <description>accesible by COMPANY_EDIT</description>
             <url-pattern>/internal/company/edit/*</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
             <role-name>Operations_Manager</role-name>
             <role-name>Customer_Care</role-name>
             <role-name>Claim_Reviewer</role-name>
             <role-name>Sales</role-name>
             <role-name>Client_Executive</role-name>
             </auth-constraint>
             </security-constraint>
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>Company search/view pages</web-resource-name>
             <description>accesible by COMPANY_VIEW</description>
             <url-pattern>/internal/company/view/*</url-pattern>
             <url-pattern>/internal/company/search.faces</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
             <role-name>Owner</role-name>
             <role-name>Partner_Field_Inventory_Manager</role-name>
             <role-name>Partner_Field_Inventory</role-name>
             <role-name>Client</role-name>
             </auth-constraint>
             </security-constraint>
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>Workgroup edit page</web-resource-name>
             <description>accesible by WORKGROUP_EDIT</description>
             <url-pattern>/internal/workgroup/edit.faces</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
             <role-name>Operations_Manager</role-name>
             </auth-constraint>
             </security-constraint>
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>Workgroup search/view page</web-resource-name>
             <description>accesible by WORKGROUP_VIEW</description>
             <url-pattern>/internal/workgroup/search.faces</url-pattern>
             <url-pattern>/internal/workgroup/view.faces</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
             <role-name>Operations_Manager</role-name>
             <role-name>Customer_Care</role-name>
             <role-name>Account_Manager</role-name>
             </auth-constraint>
             </security-constraint>
            
             <!-- security constraints for claim processing -->
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>Claim Transcription</web-resource-name>
             <description>Accessible to Transcribe Role</description>
             <url-pattern>/internal/claim/transcription.faces</url-pattern>
             <url-pattern>/internal/claim/details.faces</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
             <role-name>Owner</role-name>
             <role-name>Partner</role-name>
             <role-name>Client_Manager</role-name>
             <role-name>Client_Claim_Package_Review</role-name>
             </auth-constraint>
             </security-constraint>
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>Claim Appraisal</web-resource-name>
             <description>Accessible to Appraise Role</description>
             <url-pattern>/internal/claim/appraisal.faces</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
             <role-name>Operations_Manager</role-name>
             <role-name>Customer_Care</role-name>
             <role-name>Claim_Package_Review</role-name>
             <role-name>Claim_Package_Review_Trainee</role-name>
             <role-name>Claim_Reviewer</role-name>
             <role-name>Appraise</role-name>
             <role-name>Appraise_Trainee</role-name>
             <role-name>Field_Inventory</role-name>
             <role-name>Sales</role-name>
             <role-name>Partner_Operations_Manager</role-name>
             <role-name>Partner_Appraise</role-name>
             <role-name>Partner_Field_Inventory_Manager</role-name>
             <role-name>Partner_Field_Inventory</role-name>
             <role-name>Client_Manager</role-name>
             <role-name>Client_Claim_Package_Review</role-name>
             </auth-constraint>
             </security-constraint>
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>Claim Package Review</web-resource-name>
             <description>Accessible to CPR Role</description>
             <url-pattern>/internal/claim/cpr.faces</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
             <role-name>Operations_Manager</role-name>
             <role-name>Customer_Care</role-name>
             <role-name>Claim_Package_Review</role-name>
             <role-name>Claim_Package_Review_Trainee</role-name>
             <role-name>Claim_Reviewer</role-name>
             <role-name>Field_Inventory</role-name>
             <role-name>Sales</role-name>
             <role-name>Partner</role-name>
             <role-name>Client_Manager</role-name>
             <role-name>Client_Claim_Package_Review</role-name>
             </auth-constraint>
             </security-constraint>
            
             <security-constraint>
             <web-resource-collection>
             <web-resource-name>Claim Summary</web-resource-name>
             <description>Accessible to CPR Role</description>
             <url-pattern>/internal/claim/summary.faces</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
             </web-resource-collection>
             <auth-constraint>
             <role-name>Operations_Manager</role-name>
             <role-name>Customer_Care</role-name>
             <role-name>Claim_Package_Review</role-name>
             <role-name>Claim_Package_Review_Trainee</role-name>
             <role-name>Claim_Reviewer</role-name>
             <role-name>Field_Inventory</role-name>
             <role-name>Sales</role-name>
             <role-name>Partner_Operations_Manager</role-name>
             <role-name>Partner_Appraise</role-name>
             <role-name>Client_Manager</role-name>
             <role-name>Client_Claim_Package_Review</role-name>
             </auth-constraint>
             </security-constraint>
            
            </web-app>
            
            


            Could I be missing some config information in the web.xml for richfaces?

            Thanks,
            Sarah[/img]

            • 3. Re: problem with 3.2 upgrade - prompted to download skinning
              Nick Belaevski Master

              Sarah,

              Can you please try to remove security-constraint elements? I suspect this particular one is causing the issue:

               <security-constraint>
               <web-resource-collection>
               <web-resource-name>CVS App</web-resource-name>
               <description>accessible by authorised users</description>
               <url-pattern>/*</url-pattern>
               <http-method>GET</http-method>
               <http-method>POST</http-method>
               </web-resource-collection>
               <auth-constraint>
               <description>These are the roles who have access</description>
               <role-name>User</role-name>
               </auth-constraint>
               </security-constraint>