Article: JSF Anti-Patterns and Pitfalls

Home

News: Article: JSF Anti-Patterns and Pitfalls

  1. Article: JSF Anti-Patterns and Pitfalls (15 messages)

    "JSF AntiPatterns and Pitfalls" by Dennis Byrne covers anti-patterns and pitfalls of day to day JSF development. Most of these issues have kept the author up at night; some of these are the same old challenges with a new face. These challenges include performance, tight coupling, thread safety, security, interoperability and just plain ugliness. A short excerpt:
    Portlet Issues I feel sorry for Portlet developers. I really do. These people are always on the mailing lists and forums with problem after problem and it’s never their fault. If any group of people has been bent over by the standards bodies, it is Portlet application developers. Some parts of the JSF API behave different when inside a Portlet application. If your code is to run within a Portlet application and a regular Servlet container there are a few assumptions that need to be avoided. Here is some code assuming it will always run in a Servlet container.FacesContext ctx = FacesContext.getCurrentInstance(); ExternalContext externalContext = ctx.getExternalContext(); ServletRequest request = (ServletRequest) externalContext.getRequest(); String id = request.getParameter("id");If your code will run in a Portlet application you must make not make explicit casts to javax.servlet.ServletRequest or javax.servlet.ServletResponse. If this code were used in a Portlet application, ExternalContext.getRequest would return a javax.portlet.PortletRequest, causing a ClassCastException. An interoperable way to obtain a value of a request attribute is to do the following.FacesContext ctx = FacesContext.getCurrentInstance(); ExternalContext externalContext = ctx.getExternalContext(); externalContext.getRequestParameterMap().get("id");
    (It's worth noting that Dennis will be presenting at TheServerSide Java Symposium on this exact subject.)
  2. Nice write up Dennis-- good tips in there for JSF and non-JSF deployments around modeling objects and managing reuse for applications.
  3. good[ Go to top ]

    thnks ------------------------------------ http://www.matlabtutorials.com/ Matlab tutorials
  4. I feel sorry for Portlet developers. I really do. These people are always on the mailing lists and forums with problem after problem and it’s never their fault. If any group of people has been bent over by the standards bodies, it is Portlet application developers.
    +1. Portlets could be a lot more widely adopted than they currently are for a variety of reasons but I blame mostly weaknesses in the spec for the lack of adoption. Actually, the idea of creating reusable, JSF based portlets is pretty attractive. If one can work through all of the idiosyncracies of getting the servlet spec, the portlet spec and JSF to cooperate it kind of works. But it's a pain in the arse at times. For example, I still don't understand at this point why there isn't just a single conversational state object that is defacto for all HTTP communication in JEE. Regardless of whether it's with a servlet, a portlet or a JSF component. Why the conversational state ever got tied to the delivery technology, instead of the protocol, I have no idea.
  5. Actually, the idea of creating reusable, JSF based portlets is pretty attractive. If one can work through all of the idiosyncracies of getting the servlet spec, the portlet spec and JSF to cooperate it kind of works. But it's a pain in the arse at times.
    Thanks to JSR-301 and the JBoss Portlet Bridge worries are eliminated and the developer only needs to worry about their JSF, Seam, or RichFaces application.
  6. Yes, good write up. For what it's worth:
    Because all JSF implementations automatically parse /WEB-INF/faces-config.xml, if it exists, as well as all files specified in the comma separated list of the javax.faces.CONFIG_FILES context parameter. When /WEB-INF/faces-config.xml is specified in the javax.faces.CONFIG_FILES context parameter it can be parsed twice. The PhaseListeners configured in this file are consequently registered twice at startup and invoked twice at runtime.
    Mojarra doesn't have The Déjà vu PhaseListener problem. When we're processing config files, we make sure we don't process this file twice.
  7. View State Encryption[ Go to top ]

    Could you post any more details or links to JSF implementations that allow View State Encryption? My Google search turned up nothing except for some references to ASP.net. Thanks.
  8. Re: View State Encryption[ Go to top ]

    Could you post any more details or links to JSF implementations that allow View State Encryption?
    http://wiki.apache.org/myfaces/Secure_Your_Application Note that this feature is on by default in any 1.2 implementation .
  9. I submit: JSF *is* an anti-pattern. Let the flames begin, it's chilly tonight, I could use it!
  10. JSF *is* an anti-pattern.
    +1 I would have thought minimum requirements for a web layer toolkit would include: - *not* being forward based, e.g. should support Post-Redirect-Get out of the box - *not* baking in view artifacts, like referencing JSP pages. Use logical view names and allow a view resolver to work out what view technology is being used. - Having a halfway decent notion of a conversation as well as rich *navigation*. Its pretty easy to use jQuery + JSP 2.0 tags to build rich pages. What's difficult to do is the rich navigation part, like offered by Spring Webflow. I wonder how long its going to take for JSF to die, i.e. less or more time than J2EE.
  11. JSF *is* an anti-pattern.
    +1
    I would have thought minimum requirements for a web layer toolkit would include:

    - *not* being forward based, e.g. should support Post-Redirect-Get out of the box

    - *not* baking in view artifacts, like referencing JSP pages. Use logical view names and allow a view resolver to work out what view technology is being used.

    - Having a halfway decent notion of a conversation as well as rich *navigation*.

    Its pretty easy to use jQuery + JSP 2.0 tags to build rich pages. What's difficult to do is the rich navigation part, like offered by Spring Webflow.
    Since you've mentioned a plug on Spring, I'll do one of my own :) You get pretty much all of this (and much more) with Seam and as a bonus you can dump JSP (and you can still use Spring because it is integrated).
    I wonder how long its going to take for JSF to die, i.e. less or more time than J2EE.
    I guess WebBeans will be pretty much it for JSF as we know it now...
  12. You get pretty much all of this (and much more) with Seam and as a bonus you can dump JSP (and you can still use Spring because it is integrated).
    I have looked at Seam, although only for about 2 hrs reading the doco / samples. It does look good in that it too, like Spring Webflow (SWF) has the notion of rich navigation / conversations. And yes, I'm working on a JSF app right now as I type this, and able to directly compare it to SWF.
  13. Either Java kills Spring or Spring kills Java.
  14. Hi, Dennis: You wrote "I strongly recommend view state encryption for public facing JSF applications using client side state saving in production because it prevents web clients from being able to tamper with the view state." OK, my English level is not excellent and new to JSF. But I thought using server side state saving to prevents this issue. How do you think? Thanks for any comment.
  15. Hi, Dennis:

    You wrote "I strongly recommend view state encryption for public facing JSF applications using client side state saving in production because it prevents web clients from being able to tamper with the view state."

    OK, my English level is not excellent and new to JSF.
    But I thought using server side state saving to prevents this issue.

    How do you think?
    Thanks for any comment.
    Good question, there are better ways to communicate this. All you need to remember is that with unencrypted client side state saving, the view state can be manipulated by the client. By encrypting it, you prevent this problem.
  16. Hi Dennis, I enjoyed the article and think it is great that someone finally points out what-not-to-do when using JSF. However, I feel that you are missing alternative solutions for some of the anti-patterns. For example, you are mentioning "the Map trick" and "Law of Demeter" anti-pattern without an actual solution (or maybe I'm just not understanding it right). The readability of the anti-patterns could also be improved if they followed the structure used in other literature about anti-patterns (e.g. background, symptoms, consequences, refactorings, variations, and related solutions). Nevertheless, I like the article and glad that you are putting focus on the subject! Perhaps a follow-up article could be "JSF Design Patterns" as there seems to be great confusion about the best way to achieve certain functionality in real-life scenarios. All the best.