I have a JSF 2.2 webapp with a contract and several pages, located directly in the WebContent folder. The contract consists of an image, a template file template.xhtml and a css file global.css. So far everything is working as expected.
Now I want to use PicketLink for user authentication and authorization and have followed a tutorial (http://www.ocpsoft.org/security/simple-java-ee-jsf-login-page-with-jboss-picketlink-security/), but when accessing my pages the image and css files are unable to be loaded, only the template applies, so my page has no CSS styles applied at all and in the Firefox Inspector there is a line that reads (translated from German): "Stylesheet http://localhost:8080/MyTestProject/login.xhtml wasn't loaded because its MIME type is "text/html" and not "text/css"".
After replacing
builder.http().allPaths().authenticateWith().form()... and so on
in the HttpSecurityConfiguration class with
builder.http().allPaths().unprotected()
the image and css can be loaded again.
I have tried the following (and some other paths) but it did not solve the problem:
.forPath("/contracts/*").unprotected();
How can I exclude the contracts folder from the PicketLink protection?
Here is my complete HttpSecurityConfiguration class:
#ApplicationScoped
public class HttpSecurityConfiguration {
public void onInit(#Observes SecurityConfigurationEvent event) {
SecurityConfigurationBuilder builder = event.getBuilder();
builder
.http()
.allPaths()
.authenticateWith()
.form()
.loginPage("/login.xhtml")
.errorPage("/loginError.xhtml")
.restoreOriginalRequest()
.forPath("/logout")
.logout()
.redirectTo("/index.xhtml")
.forPath("/index.xhtml")
.unprotected()
// .forPath("/contracts/*")
// .unprotected()
;
}
}
EDIT
In reply to the comment from Kukeltje, I include the CSS in the template with
<h:head>
<title><ui:insert name="title">MyTestProject</ui:insert></title>
<h:outputStylesheet name="global.css" />
</h:head>
and the image with
<h:graphicImage class="feature" name="logo-main.png" width="900" height="270" />
I also tried to include javax.faces.resource as unprotected, still not working though.
EDIT #2
The following is also not working, I got the idea from the documentation (PicketLink Reference Chapter 12.2):
.forPath("/*.png").unprotected()
.forPath("/*.css").unprotected()
I was able to solve my problem with the following security configuration:
.forPath("/javax.faces.resource/*.png.xhtml").unprotected()
I've seen in my Firefox Inspector that the browser tried to load the image from /MyTestProject/javax.faces.resource/logo-main.png.xhtml?con=TemplateBlue, so trying the above seemed logical and it works!
Related
Here's my Dropwizard (0.8.5) app's basic project structure:
myapp/
src/main/groovy/
org/example/myapp/
MyApp.groovy
<lots of other packages/classes>
controllers/
site/
SiteController.groovy
dashboard/
DashboardController.groovy
org/example/myapp/views
site/
SiteView.groovy
dashboard/
DashboardView.groovy
src/main/resources/
assets/
images/
mylogo.png
org/example/myapp/views/
site/
header.ftl
index.ftl
dashboard/
dashboard.ftl
Where the gist of each of those classes is:
class MyApp extends Application<MyAppConfiguration> {
#Override
void initialize(Bootstrap<MyAppConfiguration> bootstrap) {
bootstrap.addBundle(new AssetsBundle('/assets/images', '/images', null, 'images'))
bootstrap.addBundle(new ViewBundle())
}
// etc...
}
#Path('/')
#Produces('text/html')
class SiteController {
#GET
SiteView homepage() {
new SiteView()
}
}
#Path('/app/dashboard')
#Produces('text/html')
class DashboardController {
#GET
DashboardView dashboard() {
new DashboardView()
}
}
header.ftl (dropwizard-views-freemarker)
=========================================
<!DOCTYPE html>
<html>
<head> <!-- lots of stuff omitted here for brevity --> </head>
<body>
<div class="well">
<img src="images/mylogo.png" />
<br/>This is the header!
</div>
index.ftl
=========
<#include "header.ftl">
<p>
Homepage!
</p>
</body>
</html>
dashboard.ftl
=============
<#include "../site/header.ftl">
<p>
Dashboard!
</p>
</body>
</html>
So you can see I'm using DW as an actual web app/UI, and that I'm utilizing both Dropwizard Views (Freemarker binding) as well as Dropwizard Assets.
When I run this, the app starts up just fine and I am able to visit both my homepage (served from / which maps to index.ftl) as well as my dashboard page (served from /app/dashboard which maps to dashboard.ftl).
The problem is that both pages use the header.ftl, which pulls in my assets/images/mylogo.png, but only my homepage actually renders the logo. On my dashboard page, I do see the "This is the header!" message, so I know the header is being resolved and included with my dashboard template. But, I get a failed-to-load-image "X" icon, and when I open my browser's dev tools I see that I'm getting HTTP 404s on the image.
So it seems that DW is unable to find my image asset from a view/URL not directly living under root (/).
On the Dropwizard Assets page (link provided above) there's a peculiar warning:
Either your application or your static assets can be served from the root path, but not both. The latter is useful when using Dropwizard to back a Javascript application. To enable it, move your application to a sub-URL.
I don't entirely understand what this means, but suspect it is the main culprit here. Either way, anyone see where I'm going awry, and what I can do (exact steps!) to fix this?
You need to add / before your URI:
<img src="/images/mylogo.png" />
this can be explained from the examples in RFC 3986 URI Generic Syntax, I pulled out the relevant examples.
5.4. Reference Resolution Examples
Within a representation with a well defined base URI of
http://a/b/c/d;p?q
a relative reference is transformed to its target URI as follows.
5.4.1. Normal Examples
"g" = "http://a/b/c/g"
"g/" = "http://a/b/c/g/"
"/g" = "http://a/g"
"../g" = "http://a/b/g"
"../../g" = "http://a/g"
Putting in the preceding / makes the URI begin from the domain name regardless of the referring URI, which allows you to do precisely what you want.
Load both pages up (the one that works, and the one that doesn't), and use Firebug or Chrome dev tools to inspect the logo element. What path is it trying to get to? I suspect on your index page it's going to http://some.thing/images/mylogo.png whereas on your dashboard it's trying to load http://some.thing/app/dashboard/images/mylogo.png
Try putting an additional / in front of the path in your template, and it should resolve from anywhere.
(Originally answered here: Dropwizard-user Google Group)
I trying to bundle scripts and styles bootstrap for my application. My debug is working But when I publish it, don't load scripts and styles.
I add a BundleConfig (BootstrapBundleConfig)
public static void RegisterBundles(BundleCollection bundles)
{
bundles.Add(new ScriptBundle("~/js").Include(
"~/Scripts/jquery-{version}.js",
"~/Scripts/jquery-ui-1.10.4.custom.js",
"~/Scripts/jquery-migrate-{version}.js",
"~/Scripts/bootstrap.js",
"~/Scripts/gridmvc.js",
"~/Scripts/gridmvc.lang.fa.js",
"~/Scripts/jquery.validate.js",
"~/scripts/jquery.validate.unobtrusive.js",
"~/Scripts/jquery.validate.unobtrusive-custom-for-bootstrap.js",
"~/scripts/entitypicker.js",
"~/scripts/js-persian-cal.js",
"~/scripts/json2.js",
"~/scripts/bootbox.js",
"~/Scripts/jalali.js",
"~/Scripts/calendar.js",
"~/Scripts/calendar-setup.js",
"~/Scripts/lang/calendar-fa.js"
));
bundles.Add(new StyleBundle("~/content/css").Include(
"~/Content/bootstrap.css",
"~/Content/bootstrap-responsive.css",
"~/Content/bootstrap-mvc-validation.css",
"~/Content/themes/ui-lightness/jquery-ui.css",
"~/Content/js-persian-cal.css",
"~/Content/entitypicker.css",
"~/Content/gridmvc.css",
"~/Content/aqua/theme.css",
"~/Content/calendar-system.css"
));
}
add register this in Global
BootstrapSupport.BootstrapBundleConfig.RegisterBundles(System.Web.Optimization.BundleTable.Bundles);
and set styles/script in _layaout
<link href="#Styles.Url("~/content/css")" rel="stylesheet" />
#Scripts.Render("~/js")
But when publish it, and open View Page Source
<link href="/Content/css?v=65vDyivXbF9ucPBBLls9CVnwUcCNass7hOMNUEXbN-I1" rel="stylesheet" />
and when open this file get error in first line.
/* Minification failed. Returning unminified contents.
(962,1): run-time error CSS1019: Unexpected token, found '#charset'
(962,10): run-time error CSS1019: Unexpected token, found '"UTF-8"'
(962,17): run-time error CSS1019: Unexpected token, found ';'
(994,1): run-time error CSS1019: Unexpected token, found '#-webkit-keyframes'
I search in google and used different methods, but the error is not resolved.
add all style to a special path (Content/Them/Bootstrap) and use new StyleBundle("~/content/Them/Bootstrap")
use BundleTable.EnableOptimizations = true;
other..
This usually occurs if your css files are not well formatted, put your css code to test using http://csslint.net/.
Also instead of using this line
<link href="#Styles.Url("~/content/css")" rel="stylesheet" />
you could use this
#Styles.Render("~/content/css")
If you want to debug this without publishing you could add this line to your RegisterBundles method of your BundleConfig:
BundleTable.EnableOptimizations = true;
This is the culprit #charset "UTF-8". Search through your css files and see if you can find it. This needs to be at the top of the bundled css file. i.e. At the top of the first CSS file in the bundle list. If it is not it will fail to minify.
It is often used when there are Unicode characters in the CSS file. And this is normally because of the use of an icon font like font awesome. But if you don't need it in your CSS file, then just take it out.
Your css has some 'problems' when minifying. this can be because of bad css or bad optimization.
Try to validate your CSS and see if you can spot the culprit.
For a workaround use BundleTable.EnableOptimizations = false which won't minify the css.
To 'debug' this on local host, change your web config and remove the attribute debug=true (this will make your css minify on your dev machine)
Also having different folder base on your bundle will make any relative url (like a background image) on your stylesheet to not work.
https://stackoverflow.com/a/19544226/2440976 -This is a dup question I believe - Here is likely the simple answer (It worked for me!)
(From answer) IIS Config>Authentication>RightClickOn Anonymous Auth>Click Edit> Check Application pool identity
I'm using Grails 1.3.7 and I want to use both resources plugin as well as jquery ui, the problem comes when I want to switch to a different jquery ui theme. I cannot give the theme argument.
I use this tag:
<r:use module="jquery" />
<r:use module="jquery-ui" theme="smoothness" />
but doesn't work, also tried with themeCSS attribute and no effect.
Thanks.
You can override the default jquery-theme resource in your own local resources definition (like /conf/AppResources.groovy). To do that add overrides section like:
modules = {
...
overrides {
// this overrides the default ui-lightness theme from jquery-ui plugin
'jquery-theme' {
resource id:'theme', url:'/css/themes/my-theme/jquery-ui.custom.css', attrs: [media: 'screen, projection']
}
}
...
}
Adjust the url accordingly to point to your theme css downloaded from a ThemeRoller. Then simply use
<r:require module="jquery-ui" />
jquery-ui module depends on jquery-theme and will pull it according to your overridden definition.
I don't know why this plugin makes it so hard but anyway, if you want to change the theme you need to specify (inside of head tag):
<jqui:resources themeCss="${g.resource(dir:'/css/jquery-ui/theme/smoothness', file:'jquery-ui-1.4.4.custom.css')}" />
Than you need to place your template files (css file and also images folder) into your application css folder (web-app/css). This should work
So I was reading this stackoverflow post about "autoversioning" in ASP.NET MVC for CSS/JS files and was wondering what the "best" strategy is to do this.
The solution provided inserts an assembly number - which means everytime you publish - it will change EVERY SINGLE file which is not ideal because if you make modifications to just 1 *.css or *.js then it will change each and every file.
1) How can it be done just for "single files" instead of using site wide assembly using modification date or something on IIS7 ?
2) Also if I have some sort of "static" asset like - http://static.domain.com/js/123.js - how can I use rewrite to send the latest file for a request if someone has integrated this static link onto their site ?
i.e. http://static.domain.com/js/123.js is the link and when a request comes for this - check and send latest file ?
ASP.NET 4.5+ comes with a built-in bundling & minification framework
which is designed to solve this problem.
If you absolutely need a simple roll-your-own solution you can use the answer below, but I would always say the correct way is to use a bundling & minification framework.
You can modify the AssemblyInfo.cs file like so:
Change
[assembly: AssemblyVersion("1.0.0.0")]
to
[assembly: AssemblyVersion("1.0.*")]
This means that every time the project is built, it will have a new assembly version which is higher than the previous one. Now you have your unique version number.
Create an UrlHelperExtension class that will help get this information when needed in the views:
public static class UrlHelperExtensions
{
public static string ContentVersioned(this UrlHelper self, string contentPath)
{
string versionedContentPath = contentPath + "?v=" + Assembly.GetAssembly(typeof(UrlHelperExtensions)).GetName().Version.ToString();
return self.Content(versionedContentPath);
}
}
You can now easily add a version number to your views in the following manner:
<link href="#Url.ContentVersioned("style.css")" rel="stylesheet" type="text/css" />
When viewing your page source you will now have something that looks like
<link href="style.css?v=1.0.4809.30029" rel="stylesheet" type="text/css" />
UPDATE: The previous version did not work on Azure, I have simplified and corrected below. (Note, for this to work in development mode with IIS Express, you will need to install URL Rewrite 2.0 from Microsoft http://www.iis.net/downloads/microsoft/url-rewrite - it uses the WebPi installer, make sure to close Visual Studio first)
If you would like to change the actual names of the files, rather than appending a querystring (which is ignored by some proxies / browsers for static files) You can follow the following steps: (I know this is an old post, but I ran across it while developing a solution:
How to do it: Auto-increment the assembly version every time the project is built, and use that number for a routed static file on the specific resources you would like to keep refreshed. (so something.js is included as something.v1234.js with 1234 automatically changing every time the project is built) - I also added some additional functionality to ensure that .min.js files are used in production and regular.js files are used when debugging (I am using WebGrease to automate the minify process) One nice thing about this solution is that it works in local / dev mode as well as production. (I am using Visual Studio 2015 / Net 4.6, but I believe this will work in earlier versions as well.
Step 1: Enable auto-increment on the assembly when built
In the AssemblyInfo.cs file (found under the "properties" section of your project change the following lines:
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]
to
[assembly: AssemblyVersion("1.0.*")]
//[assembly: AssemblyFileVersion("1.0.0.0")]
Step 2: Set up url rewrite in web.config for files with embedded version slugs (see step 3)
In web.config (the main one for the project) add the following rules in the <system.webServer> section I put it directly after the </httpProtocol> end tag.
<rewrite>
<rules>
<rule name="static-autoversion">
<match url="^(.*)([.]v[0-9]+)([.](js|css))$" />
<action type="Rewrite" url="{R:1}{R:3}" />
</rule>
<rule name="static-autoversion-min">
<match url="^(.*)([.]v[0-9]+)([.]min[.](js|css))$" />
<action type="Rewrite" url="{R:1}{R:3}" />
</rule>
</rules>
</rewrite>
Step 3: Setup Application Variables to read your current assembly version and create version slugs in your js and css files.
in Global.asax.cs (found in the root of the project) add the following code to protected void Application_Start() (after the Register lines)
// setup application variables to write versions in razor (including .min extension when not debugging)
string addMin = ".min";
if (System.Diagnostics.Debugger.IsAttached) { addMin = ""; } // don't use minified files when executing locally
Application["JSVer"] = "v" + System.Reflection.Assembly.GetExecutingAssembly().GetName().Version.ToString().Replace('.','0') + addMin + ".js";
Application["CSSVer"] = "v" + System.Reflection.Assembly.GetExecutingAssembly().GetName().Version.ToString().Replace('.', '0') + addMin + ".css";
Step 4: Change src links in Razor views using the application variables we set up in Global.asax.cs
#HttpContext.Current.Application["CSSVer"]
#HttpContext.Current.Application["JSVer"]
For example, in my _Layout.cshtml, in my head section, I have the following block of code for stylesheets:
<!-- Load all stylesheets -->
<link rel='stylesheet' href='https://fontastic.s3.amazonaws.com/8NNKTYdfdJLQS3D4kHqhLT/icons.css' />
<link rel='stylesheet' href='/Content/css/main-small.#HttpContext.Current.Application["CSSVer"]' />
<link rel='stylesheet' media='(min-width: 700px)' href='/Content/css/medium.#HttpContext.Current.Application["CSSVer"]' />
<link rel='stylesheet' media='(min-width: 700px)' href='/Content/css/large.#HttpContext.Current.Application["CSSVer"]' />
#RenderSection("PageCSS", required: false)
A couple things to notice here: 1) there is no extension on the file. 2) there is no .min either. Both of these are handled by the code in Global.asax.cs
Likewise, (also in _Layout.cs) in my javascript section: I have the following code:
<script src="~/Scripts/all3bnd100.min.js" type="text/javascript"></script>
<script src="~/Scripts/ui.#HttpContext.Current.Application["JSVer"]" type="text/javascript"></script>
#RenderSection("scripts", required: false)
The first file is a bundle of all my 3rd party libraries I've created manually with WebGrease. If I add or change any of the files in the bundle (which is rare) then I manually rename the file to all3bnd101.min.js, all3bnd102.min.js, etc... This file does not match the rewrite handler, so will remain cached on the client browser until you manually re-bundle / change the name.
The second file is ui.js (which will be written as ui.v12345123.js or ui.v12345123.min.js depending on if you are running in debug mode or not) This will be handled / rewritten. (you can set a breakpoint in Application_OnBeginRequest of Global.asax.cs to watch it work)
Full discussion on this at: Simplified Auto-Versioning of Javascript / CSS in ASP.NET MVC 5 to stop caching issues (works in Azure and Locally) With or Without URL Rewrite (including a way to do it WITHOUT URL Rewrite)
1)
Use file modification time instead. Here's an example:
public static string GeneratePathWithTime(string cssFileName)
{
var serverFilePath = server.MapPath("~/static/" + cssFileName);
var version = File.GetLastWriteTime(serverFilePath).ToString("yyyyMMddhhmmss");
return string.Format("/static/{0}/{1}", version, cssFileName);
}
This will generate a path like "/static/201109231100/style.css" for "style.css" (assuming the your style.css is located in the static directory).
You'll then add a rewrite rule in IIS to rewrite "/static/201109231100/style.css" to "/static/style.css". The version number will only be changed when the css file has been modified and only applies to modified files.
2)
You can handle the request to 123.js via an HttpModule and send the latest content of it, but I don't think you can guarantee the request gets the latest version. It depends on how the browser handles its cache. You can set an earlier expiration time (for example, one minute ago) in your response header to tell the browsers to always re-download the file, but it's all up to the browser itself to decide whether to re-download the file or not. That's why we need to generate a different path for our modified files each time we updated our files in your question 1), the browser will always try to download the file if the URL has never been visited before.
I wrote a Url Helper which does the CacheBusting for me.
public static string CacheBustedContent(this UrlHelper helper, string contentPath)
{
var path = string.Empty;
if (helper.RequestContext.HttpContext.Cache["static-resource-" + contentPath] == null)
{
var fullpath = helper.RequestContext.HttpContext.Server.MapPath(contentPath);
var md5 = GetMD5HashFromFile(fullpath);
path = helper.Content(contentPath) + "?v=" + md5;
helper.RequestContext.HttpContext.Cache.Add("static-resource-" + contentPath, path, null, System.Web.Caching.Cache.NoAbsoluteExpiration, new TimeSpan(24, 0, 0), System.Web.Caching.CacheItemPriority.Default, null);
}
else
{
path = helper.RequestContext.HttpContext.Cache["static-resource-" + contentPath].ToString();
}
return path;
}
You could replace the GetMD5HashFromFile() with CRC or any other sort of call which generates a unique string based on the contents or last-modified-date of the file.
The downside is this'll get called whenever the cache is invalidated. And if you change the file on live somehow, but don't reset the application pool, you'll probably need to touch the web.config to get it to reload correctly.
You might want to have a look at Dean Hume's Blogpost MVC and the HTML5 Application Cache. In that post, he points out an elegant way of automatically handling versioning per request, using a class library of #ShirtlessKirk:
#Url.Content("~/Content/Site.css").AppendHash(Request)
This question is really old now, but if anyone stumbles upon it, here's to my knowledge the current state of the art:
In ASP.NET Core you can use TagHelpers and simply add the asp-append-version attribute to any <link> or <script> tag:
<script src="~/js/my.js" asp-append-version="true"></script>
For both ASP.NET Core and Framework there is a NuGet Package called WebOptimizer (https://github.com/ligershark/WebOptimizer). It allows for both bundling and minification, and will also append a content-based version string to your file.
If you want to do it yourself, there is the handy IFileVersionProvider interface, which you can get from your IServiceProvider in .NET Core:
// this example assumes, you at least have a HttpContext
var fileVersionProvider = httpContext.RequestServices.GetRequiredService<IFileVersionProvider>();
string path = httpContext.Content("/css/site.css");
string pathWithVersionString = fileVersionProvider.AddFileVersionToPath(httpContext.Request.PathBase, path);
For .NET Framework, you can get the FileVersionProvider source from here: https://github.com/dotnet/aspnetcore/blob/main/src/Mvc/Mvc.Razor/src/Infrastructure/DefaultFileVersionProvider.cs
You will have to do some work, like replacing the Cache with MemoryCache.Default or a ConcurrentDictionary or something, but the 'meat' is there.
I am not able to display images from the file system in the xhtmls using <h:graphicImage> tag. I am using Spring webflow 2.0 and Richfaces 3.3.3
Should I write a separate servlet to serve the images from the file system ?
I looked into <a4j:mediaOutput> tag . Can I use this ? since createContent requires us to specify a method that will be used for content creating. I am unsure if we can use the flow variables/beans to execute methods in the tag.
You can always fetch the images placing under Web Pages folder
<h:graphicImage url="#{facesContext.externalContext.requestContextPath}\your_img_path_under_Web_pages" id="img" />
If you use <a4j:mediaOutput> tag, then yes you should give method in createContent which will draw the image.
<a4j:mediaOutput element="img" createContent="#{serviceBean.method}" value="#{dataBean}" mimeType="image/jpg" />
public void userImage(OutputStream out, Object data) throws IOException {/*your method body*/}