Login.xhtml提交引发内容安全策略javax.facse.FacesException:缺少
Login.xhtml提交引发内容安全策略javax.facse.FacesException:缺少
提问于 2021-05-12 21:12:38
环境:
- 野生蝇22
- JSF2.3
- 11
- Primefaces 10与CSP
在web.xml上激活的内容安全策略触发了一个javax.faces.Facesexception:缺少CSP登录web加载良好,但当我提交表单时,我会收到缺少的CSP
不知道该怎么做
错误日志
23:10:09,168 SEVERE [javax.enterprise.resource.webcontainer.jsf.application] (default task-8) Error Rendering View[/login.xhtml]: javax.faces.FacesException: Missing CSP nonce
at deployment.app.war//org.primefaces.csp.CspState.validate(CspState.java:76)
at deployment.app.war//org.primefaces.csp.CspState.getNonce(CspState.java:58)
at deployment.app.war//org.primefaces.csp.CspResponseWriter.listenOnEndAttribute(CspResponseWriter.java:185)
at deployment.app.war//org.primefaces.csp.CspResponseWriter.write(CspResponseWriter.java:167)
at java.base/java.io.Writer.write(Writer.java:290)
at java.base/java.io.Writer.write(Writer.java:249)
at deployment.app.war//org.primefaces.renderkit.HeadRenderer.encodeSettingScripts(HeadRenderer.java:203)
at deployment.app.war//org.primefaces.renderkit.HeadRenderer.encodeBegin(HeadRenderer.java:137)
at javax.faces.api@3.0.0.SP04//javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:540)
at javax.faces.api@3.0.0.SP04//javax.faces.component.UIComponent.encodeAll(UIComponent.java:1644)
at javax.faces.api@3.0.0.SP04//javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650)
at com.sun.jsf-impl@2.3.14.SP02//com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:468)
at com.sun.jsf-impl@2.3.14.SP02//com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:170)
at javax.faces.api@3.0.0.SP04//javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:132)
at javax.faces.api@3.0.0.SP04//javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:132)
at com.sun.jsf-impl@2.3.14.SP02//com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:102)
at com.sun.jsf-impl@2.3.14.SP02//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
at com.sun.jsf-impl@2.3.14.SP02//com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:199)
at javax.faces.api@3.0.0.SP04//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:708)
at javax.faces.api@3.0.0.SP04//javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at io.undertow.websocket@2.2.4.Final//io.undertow.websockets.jsr.JsrWebSocketFilter.doFilter(JsrWebSocketFilter.java:173)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.opentracing.contrib.opentracing-jaxrs2//io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:52)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@22.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.2.4.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.2.4.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.2.4.Final//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
at io.undertow.core@2.2.4.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
at io.undertow.core@2.2.4.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.2.4.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.2.4.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.2.4.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@22.0.1.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.2.4.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@22.0.1.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
at io.undertow.core@2.2.4.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@22.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@22.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@22.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@22.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@22.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@22.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at io.undertow.servlet@2.2.4.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
at io.undertow.core@2.2.4.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
at io.undertow.core@2.2.4.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at org.jboss.xnio@3.8.4.Final//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
at java.base/java.lang.Thread.run(Thread.java:834)
23:10:09,169 ERROR [io.undertow.request] (default task-8) UT005023: Exception handling request to /app/login.xhtml: javax.servlet.ServletException: Missing CSP nonce
...
Caused by: javax.faces.FacesException: Missing CSP nonce
... 56 moreweb.xml
...
<context-param>
<param-name>primefaces.CSP</param-name>
<param-value>true</param-value>
</context-param>
...login.xhtml
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://xmlns.jcp.org/jsf/html"
lang="#{localeBean.language}">
<h:head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<meta name="description" content=""/>
<meta name="author" content="Mark Otto, Jacob Thornton, and Bootstrap contributors"/>
<meta name="generator" content="Hugo 0.83.1"/>
<title><h:outputText value="#{msgs.appcode}"/></title>
<!-- Bootstrap core CSS -->
<h:outputStylesheet library="assets" name="css/bootstrap.min.css"/>
<!-- Custom styles for this template -->
<h:outputStylesheet library="assets" name="css/signin.css"/>
</h:head>
<h:body class="text-center">
<main class="form-signin">
<h:form id="frmLogin">
<h:graphicImage library="assets" name="img/logo.png" styleClass="mb-4" width="75"/>
<div class="form-floating">
<h:inputText id="j_username" name="j_username" class="form-control"
value="#{loginBean.username}" autocomplete="off"/>
<h:outputLabel for="j_username" value="#{msgs.username}"/>
</div>
<div class="form-floating">
<h:inputSecret id="j_password" name="j_password" class="form-control" value="#{loginBean.password}"
autocomplete="off"/>
<h:outputLabel for="j_password" value="#{msgs.password}"/>
</div>
<h:commandButton value="#{msgs.login}" class="w-100 btn btn-lg btn-primary"/>
</h:form>
</main>
</h:body>
</html>Stack Overflow用户
发布于 2021-05-13 19:43:22
如果您的页面确实是j_securityCheck登录页面中的登录页面,那么我不使用h:form。我使用像这样的标准表单集和临时f:view,这样它就不会创建一个JSF状态。
我在我所有的PrimeFaces应用程序中都使用CSP,这是成功的。
<f:view transient="true">
<form method="post" action="j_security_check" name="loginForm" id="loginForm" style="margin-top: 20px; width: 400px" enctype="application/x-www-form-urlencoded" accept-charset="UTF-8">
<p:panel id="pnlLogin">
<p:focus for="j_username" />
<p:panelGrid columns="2" cellpadding="5">
<h:outputLabel for="j_username" value="#{webmsg['label.username']}" />
<h:inputText value="" id="j_username" name="j_username" autocomplete="off" required="true" tabindex="1"
styleClass="ui-inputfield ui-widget ui-state-default ui-corner-all" />
<h:outputLabel for="j_password" value="#{webmsg['label.password']}" />
<h:inputSecret id="j_password" tabindex="2" name="j_password" autocomplete="off" required="true"
styleClass="ui-inputfield ui-password ui-widget ui-state-default ui-corner-all" />
<h:commandButton type="submit" value="#{webmsg['label.login']}" tabindex="3"
styleClass="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only login-button"
style="width: 60px;" />
</p:panelGrid>
</p:panel>
</form>
</f:view>页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/67511070
复制相关文章
相似问题
腾讯云开发者
