ICEfaces
  1. ICEfaces
  2. ICE-6024

inputRichText no longer displays/works with suggestions/changes from ICE-5871

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.8.2-EE-GA_P01
    • Fix Version/s: 1.8.3, 1.8.2-EE-GA_P02
    • Component/s: ICE-Components
    • Labels:
      None
    • Environment:
      Container with cookies disabled

      Description

      The suggestion to enable multi-session functionality from ICE-5871 is causing the inputRichText component to not display.

      The following JavaScript errors are thrown and the component does not display/render:
      Ice.FCKeditor is undefined
      [Break on this error] <form action="javascript:;" class="ice...ked" type="hidden" /></div></td></tr>
      main.iface (line 12)
      Ice.FCKeditorUtility is undefined
      [Break on this error] <script id="MHmWFZdkpnZAKpKufSnzSQ:1:d... ('_id10:_id13');//284715392</script>
      main.iface (line 16

      To reproduce this the following parameters are set:

      For Tomcat (context.xml):
      <Context cookies="false">
      For WebLogic (weblogic-application.xml):
      <cookies-enabled>false</cookies-enabled>

      Changing these parameters to true allows the component to display and work properly.


        Issue Links

          Activity

          Hide
          Arran Mccullough added a comment -

          Added simple test case configured to run in Tomcat 6

          Show
          Arran Mccullough added a comment - Added simple test case configured to run in Tomcat 6
          Hide
          Deryk Sinotte added a comment -

          The problem appears to boil down to resource URLs and the addition of the jsessionid as a path parameter. In a normal URL, the jsessionid is added to the end of the path but before the parameters:

          http://host:port/path1/path2/file1.ext;jsessionid=xxx?param1=val1&param2=val2

          When cookies are disabled, session state is maintained by having the jsessionid added to the URL. However, it's important that each URL that has anything to do with the session is properly encoded to include the jsessionid. This is done by processing each URL through the method:

          ExternalContext.encodeResourceURL(originalURL);

          We did this in several places previously to ensure that we could work without cookies. For the InputRichText, there are a few spots where this is still problematic:

          1) The InputRichText component adds the required FCKEditor JS libraries to the head which results in the following URLs:

          <script src="/appContext/block/resource/LTc4NTk0MDYzMQ==/" type="text/javascript"></script>

          Since these URLs contain block/resource, they are processed by the SessionVerifier which makes a call to ensure the session is valid before serving up the resource. So without the jsessionid, it fails. The generated URLs can be fixed by altering the DOMResponseWriter so that all resources output to the <head> include the jsessionid.

          <script src="/appContext/block/resource/LTc4NTk0MDYzMQ==/;jsessionid=6B0264F79334D0ADA43A2A791326886C" type="text/javascript"></script>

          2) Now that the required libraries load, the next problem is that the script that registers and creates a new instance of FCKEditor uses a URL to do so:

          new Ice.FCKeditor('j_id11:j_id14', 'en', '', '/appContext/block/resource/LTQ5MTYyMDg1Mw==/','100%', '200', 'Default', 'null', 'default');

          Same problem as #1. Since it's a block/resource URL, it needs the jsessionid or the SessionVerifier will reject it. Again, it's a relatively easy fix, this time in the InputRichTextRenderer:

          new Ice.FCKeditor('j_id11:j_id14', 'en', '', '/appContext/block/resource/LTQ5MTYyMDg1Mw==/;jsessionid=6B0264F79334D0ADA43A2A791326886C','100%', '200', 'Default', 'null', 'default');

          3) The creation of a new FCKeditor uses this URL to construct a slightly different URL that points the content of the iframe that houses the editor. This is done in fckeditor.js:

          /appContext/block/resource/LTQ5MTYyMDg1Mw==/editor/fckeditor.html?InstanceName=j_id11%3Aj_id14&Toolbar=Default

          unfortunately, by virtue of the way this is built, if the jsessionid is included, the result looks like this:

          /appContext/block/resource/LTQ5MTYyMDg1Mw==/;jsessionid=4F5E6E84022C2322085CF22B12C74497editor/fckeditor.html?InstanceName=j_id11%3Aj_id14&Toolbar=Default

          So the jsessionid is located incorrectly. It should look like this:

          /appContext/block/resource/LTQ5MTYyMDg1Mw==/editor/fckeditor.html;jsessionid=4F5E6E84022C2322085CF22B12C74497?InstanceName=j_id11%3Aj_id14&Toolbar=Default

          4) Editing the fckeditor.js code to move the jsessionid allows it to create the iframe with the starting content, but every other FCK resource that is then loaded into the iframe, then suffers from the original problem - a resource URL without a jsessionid. For example:

          http://host:port/appContext/block/resource/LTQ5MTYyMDg1Mw==/editor/js/fckeditorcode_gecko.js

          Show
          Deryk Sinotte added a comment - The problem appears to boil down to resource URLs and the addition of the jsessionid as a path parameter. In a normal URL, the jsessionid is added to the end of the path but before the parameters: http://host:port/path1/path2/file1.ext;jsessionid=xxx?param1=val1&param2=val2 When cookies are disabled, session state is maintained by having the jsessionid added to the URL. However, it's important that each URL that has anything to do with the session is properly encoded to include the jsessionid. This is done by processing each URL through the method: ExternalContext.encodeResourceURL(originalURL); We did this in several places previously to ensure that we could work without cookies. For the InputRichText, there are a few spots where this is still problematic: 1) The InputRichText component adds the required FCKEditor JS libraries to the head which results in the following URLs: <script src="/appContext/block/resource/LTc4NTk0MDYzMQ==/" type="text/javascript"></script> Since these URLs contain block/resource, they are processed by the SessionVerifier which makes a call to ensure the session is valid before serving up the resource. So without the jsessionid, it fails. The generated URLs can be fixed by altering the DOMResponseWriter so that all resources output to the <head> include the jsessionid. <script src="/appContext/block/resource/LTc4NTk0MDYzMQ==/;jsessionid=6B0264F79334D0ADA43A2A791326886C" type="text/javascript"></script> 2) Now that the required libraries load, the next problem is that the script that registers and creates a new instance of FCKEditor uses a URL to do so: new Ice.FCKeditor('j_id11:j_id14', 'en', '', '/appContext/block/resource/LTQ5MTYyMDg1Mw==/','100%', '200', 'Default', 'null', 'default'); Same problem as #1. Since it's a block/resource URL, it needs the jsessionid or the SessionVerifier will reject it. Again, it's a relatively easy fix, this time in the InputRichTextRenderer: new Ice.FCKeditor('j_id11:j_id14', 'en', '', '/appContext/block/resource/LTQ5MTYyMDg1Mw==/;jsessionid=6B0264F79334D0ADA43A2A791326886C','100%', '200', 'Default', 'null', 'default'); 3) The creation of a new FCKeditor uses this URL to construct a slightly different URL that points the content of the iframe that houses the editor. This is done in fckeditor.js: /appContext/block/resource/LTQ5MTYyMDg1Mw==/editor/fckeditor.html?InstanceName=j_id11%3Aj_id14&Toolbar=Default unfortunately, by virtue of the way this is built, if the jsessionid is included, the result looks like this: /appContext/block/resource/LTQ5MTYyMDg1Mw==/;jsessionid=4F5E6E84022C2322085CF22B12C74497editor/fckeditor.html?InstanceName=j_id11%3Aj_id14&Toolbar=Default So the jsessionid is located incorrectly. It should look like this: /appContext/block/resource/LTQ5MTYyMDg1Mw==/editor/fckeditor.html;jsessionid=4F5E6E84022C2322085CF22B12C74497?InstanceName=j_id11%3Aj_id14&Toolbar=Default 4) Editing the fckeditor.js code to move the jsessionid allows it to create the iframe with the starting content, but every other FCK resource that is then loaded into the iframe, then suffers from the original problem - a resource URL without a jsessionid. For example: http://host:port/appContext/block/resource/LTQ5MTYyMDg1Mw==/editor/js/fckeditorcode_gecko.js
          Hide
          Ted Goddard added a comment -

          inputRichText verified working with attached test case.

          A new ServeStaticResource dispatcher has been added that will serve any resources found under

          com/icesoft/faces/resources/ice-static/

          Serving arbitrary files from a resource path could be a security risk in general, however, these files must be deliberately added to the ice-static directory, hence the risk is slightly less than recursively adding resources through an API.

          File upload has not been investigated.

          Show
          Ted Goddard added a comment - inputRichText verified working with attached test case. A new ServeStaticResource dispatcher has been added that will serve any resources found under com/icesoft/faces/resources/ice-static/ Serving arbitrary files from a resource path could be a security risk in general, however, these files must be deliberately added to the ice-static directory, hence the risk is slightly less than recursively adding resources through an API. File upload has not been investigated.
          Hide
          Ted Goddard added a comment -

          Note that testing this modification in component-showcase is difficult because ice:inputRichText dynamically adds script resources to the <head> resulting in a reload directive to the bridge. The URL used in the reload does not contain the ;jsessionid parameter and the application context is lost (since the reload results in a new session).

          Show
          Ted Goddard added a comment - Note that testing this modification in component-showcase is difficult because ice:inputRichText dynamically adds script resources to the <head> resulting in a reload directive to the bridge. The URL used in the reload does not contain the ;jsessionid parameter and the application context is lost (since the reload results in a new session).
          Hide
          Ted Goddard added a comment -

          Fix checked in for inputFile and verified in component-showcase with and without session cookies.

          Show
          Ted Goddard added a comment - Fix checked in for inputFile and verified in component-showcase with and without session cookies.
          Hide
          Ken Fyten added a comment - - edited

          All test run on tomcat6 withFF3.6, IE8 & Opera10.6
          Icefaces Trunk revision#22314
          Browser cookies disabled:

          Notable failures:

          File upload:
          ICE-2009 Fails on FF & Opera( cannot upload files)
          inputfile Fails on FF & Opera( cannot upload files)

          Component-showcase fileupload: FF does not work reliably, sometimes http status 500 displayed on browser. Works fine on IE browser.

          Show
          Ken Fyten added a comment - - edited All test run on tomcat6 withFF3.6, IE8 & Opera10.6 Icefaces Trunk revision#22314 Browser cookies disabled: Notable failures: File upload: ICE-2009 Fails on FF & Opera( cannot upload files) inputfile Fails on FF & Opera( cannot upload files) Component-showcase fileupload: FF does not work reliably, sometimes http status 500 displayed on browser. Works fine on IE browser.
          Hide
          Ken Fyten added a comment -

          Firefox failures with inputFile cannot be reproduced independently.

          Show
          Ken Fyten added a comment - Firefox failures with inputFile cannot be reproduced independently.

            People

            • Assignee:
              Ted Goddard
              Reporter:
              Arran Mccullough
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: