Gary Jackson wrote:
I have an issue when STATE_SAVING_METHOD is set to client. If I
undeploy and redeploy the application while the application is being
used, I get a "javax.crypto.BadPaddingException: Given final block not
properly padded". Presumably this is happening because MyFaces is
attempting to recover invalid state from a session that is no longer
valid. Is this a common problem? How do people normally get around this?
Yes, I've been having this problem too and have just got to the bottom
of it. It has been mentioned a few times on this list going back to early
2007 but I never saw a solution before.
The problem is a bug in the StateUtils class. Encryption of client-side
state saving is supposed to be off unless you enable it, but is in fact
ON unless you DISABLE it!
The problem is that if you don't specify a secret (because you think
you're not using encryption), MyFaces will generate one and place it
in application context; but this will change when you redeploy, and
the secret used in pages in users' browsers from before the redeploy
will then fail.
I've logged this as a bug in the ASF JIRA (it is issue
MYFACES-1786), but the workaround is either to explicitly
disable encryption, like this:
<context-param>
<param-name>org.apache.myfaces.USE_ENCRYPTION</param-name>
<param-value>false</param-value>
</context-param>
(note that "false" must be in lower case!) or to set a secret.
Jonathan.
--
.....................................................................
Dr Jonathan Harley .
. Email: [EMAIL PROTECTED]
Zac Parkplatz Ltd . Office Telephone: 024 7633 1375
www.parkplatz.net . Mobile: 079 4116 0423
