August 3rd, 2016 by Team

Rewrite 3.4.0.Final Release Announcement

We are pleased to announce the latest version of the Rewrite Servlet Toolkit, and PrettyFaces libraries. It’s been quite a while since our last release, but we promise you this new version has been worth the wait.

Release notes:

You might notice we skipped a few version numbers, which we’ve done for several reasons:

  • This is a major update, so we incremented from major version 2 to version 3.
  • The deprecated (original) prettyfaces-jsf library, which is now several years obsolete was versioned 3.3.3, and has been confusing new users for some time. We are now resolving this issue by skipping directly to Rewrite version 3.4.0.Final.

This release includes several major new features as well as a plethora of bug-fixes, including:

  • Support for JDK6 has been dropped, JDK7 is the new minimum requirement
  • Improved compatibility with JDK8 for the annotation scanning
  • Major performance improvements in the logging subsystem
  • Major performance improvements with the URLBuilder
  • Fixed some concurrency issues which occurred in high load scenarios
  • Many improvements for the LocaleTransposition feature
  • Support conditional parameters with JSF’s <f:param>
  • Fault tolerant percent decoding for path and query parameters
  • Simpler condition trees when binding query parameters using annotations, results in better faster evaluation performance
  • Fixes handling of context path for applications deployed to the root context
  • Improved error reporting. Exception stack traces now display the rule that errored and the location where that rule was defined (including file and line number)
  • Strict RuleBuilder ordering and structure enforcement

Thank you for continuing to support us, provide valuable feedback, and use our technologies.

And of course, please get involved in the project at http://github.com/ocpsoft/rewrite
February 24th, 2015 by Matyas Danter

SEO-friendly AngularJS with HTML5 pushState(), Rewrite, and twelve lines of code

ng_logo

While migrating an e-commerce application (piqchocolates.com) from Grails and Tomcat to an AngularJS, Java EE (JAX-RS), and JBoss WildFly stack, I had to make sure that the new platform has feature parity in all areas that are valuable to our business. Search Engine Optimization (SEO) is crucial for us because we primarily market our business on-line. In short, we need search engine optimized URLs, and deep linking; this article will show you how to implement both.

January 16th, 2015 by Lincoln Baxter III

Simple Java EE (JSF) Login Page with JBoss PicketLink Security

Several years ago I wrote a tutorial about using Acegi/Spring Security with JavaServer Faces (JSF) to create a simple authentication / Login page; however, times have changed and Java EE is back in action. I would no longer consider Spring a “requirement” when building a Java EE application. More specifically, if you are using the core Contexts and Dependency Injection (CDI) framework that serves as the backbone for the entire Java EE framework, Spring Security becomes less attractive (because it’s not compatible without using Spring itself, and Spring is a replacement for CDI).

This article will explore how to create a JSF login backed by the standards-compliant CDI framework (that is included with Java EE), and the PicketLink security framework (an open-source project from JBoss). Examples for this article were sourced from the very comprehensive, and quite understandable quick-start application from the PicketLink project itself.

October 3rd, 2013 by Lincoln Baxter III

Create a dynamic Logout URL without a Servlet or JSP, using Rewrite

The code below implements a simple command mapping that binds logout functionality to a URL. To use this example, you must include the following [[Rewrite]] dependency in your project:

<dependency>
   <groupId>org.ocpsoft.rewrite</groupId>
   <artifactId>rewrite-servlet</artifactId>
   <version>${rewrite.version}</version>
</dependency>

Once your project is set up to include Rewrite, just paste the following code into your application source folder.

@RewriteConfiguration
public class LogoutConfiguration extends HttpConfigurationProvider
{

   @Override
   public Configuration getConfiguration(ServletContext context)
   {
      return ConfigurationBuilder.begin()
               .addRule()
               .when(Direction.isInbound().and(Path.matches("/logout")))
               .perform(new HttpOperation() {
                  @Override
                  public void performHttp(HttpServletRewrite event, EvaluationContext context)
                  {
                     event.getRequest().getSession().invalidate();
                  }
               }.and(Redirect.temporary(context.getContextPath() + "/")));
   }

   @Override
   public int priority()
   {
      return Integer.MIN_VALUE;
   }
}
September 30th, 2013 by Lincoln Baxter III

Rewrite 2.0.8.Final Released – Fixes critical parameterization bug

Bug Fixes

If you experienced problems with rule parameterization in Rewrite 2.0.7.Final, then sorry about that, and this release of [[Rewrite]] is for you: https://github.com/ocpsoft/rewrite/issues/133

Erroneous failures such as the following exception should be fixed by this release:

org.ocpsoft.rewrite.exception.ParameterizationException: The value of required parameter [s] was null.
	at org.ocpsoft.rewrite.param.RegexParameterizedPatternBuilder.extractBoundValues(RegexParameterizedPatternBuilder.java:262)
	at org.ocpsoft.rewrite.param.RegexParameterizedPatternBuilder.build(RegexParameterizedPatternBuilder.java:136)
	at org.ocpsoft.rewrite.servlet.config.Forward.performHttp(Forward.java:85)
	at org.ocpsoft.rewrite.servlet.config.HttpOperation.perform(HttpOperation.java:42)
	at org.ocpsoft.rewrite.servlet.config.rule.Join.perform(Join.java:264)

New Features

August 22nd, 2012 by Lincoln Baxter III

[video] Enhance developer productivity, usability, and security

Java EE is already the perfect solution for complex business/enterprise systems and provides all the tools and foundations required to deliver scalable, performant applications for a wide variety of customers and clients.

But how does the end user experience stack up? How easy is it to navigate through your Website? Is your code full of nasty navigation logic? Are your links clear, transparent, and informative? Do you find yourself adding ‘?query=parameters’ in order to serve dynamic content from your application? Can you ensure that you are not leaking information in your URLs, and that your applications are secure from URL-based attacks? Are your old links making it difficult to migrate or integrate a legacy application to a new one?

These are all things that URL rewriting can help with, and if you are uncertain about any of these questions, this talk is for you. Watch this session from JAXConf 2012 and see what’s possible with the power of URL-rewriting.

For more information on the [[Rewrite]] project, visit the project homepage at [[Rewrite | OCPsoft]], and be sure to check out all of the other cool Java open-source projects while you’re here.
March 29th, 2012 by Lincoln Baxter III

Is your web application secure? HTTP attacks are real, and dangerous

According to a recent research paper by the Aspect Security Group, entitled The Unfortunate Reality of Insecure Libraries, “Eighty percent of the code in today’s applications comes from libraries and frameworks, but the risk of vulnerabilities in these components is widely ignored and under appreciated. A vulnerable library can allow an attacker to exploit the full privilege of the application, including accessing any data, executing transactions, stealing files, and communicating with the Internet. Organizations literally trust their business to the libraries they use.” When validating user input from forms and exposed services, we often ignore the URL or think to ourselves, “that information is validated later, it’ll be fine,” but when hacks like the following start turning up – in common web-frameworks – it’s time to start thinking seriously about URL validation. Fortunately, it’s easy to accomplish using a number of methods, but first, let’s look at how these attacks work.