You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2013/08/30 15:42:50 UTC
svn commit: r1518966 - /myfaces/site/publish/tobago/migration-2.0.html
Author: lofwyr
Date: Fri Aug 30 13:42:50 2013
New Revision: 1518966
URL: http://svn.apache.org/r1518966
Log:
CSP configuration
Modified:
myfaces/site/publish/tobago/migration-2.0.html
Modified: myfaces/site/publish/tobago/migration-2.0.html
URL: http://svn.apache.org/viewvc/myfaces/site/publish/tobago/migration-2.0.html?rev=1518966&r1=1518965&r2=1518966&view=diff
==============================================================================
--- myfaces/site/publish/tobago/migration-2.0.html (original)
+++ myfaces/site/publish/tobago/migration-2.0.html Fri Aug 30 13:42:50 2013
@@ -29,7 +29,7 @@
<div class="date">
- Last Published: 07 Aug 2013
+ Last Published: 30 Aug 2013
</div>
<ul>
<li>
@@ -219,11 +219,13 @@
-
+
<li class="collapsed">
<a href="project-info.html">Project Information</a>
</li>
-
+
+
+
@@ -285,7 +287,7 @@
</div>
<div id="body_column">
<div>
- <!-- Licensed to the Apache Software Foundation (ASF) under one or more --><!-- contributor license agreements. See the NOTICE file distributed with --><!-- this work for additional information regarding copyright ownership. --><!-- The ASF licenses this file to You under the Apache License, Version 2.0 --><!-- (the "License"); you may not use this file except in compliance with --><!-- the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, software --><!-- distributed under the License is distributed on an "AS IS" BASIS, --><!-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. --><!-- See the License for the specific language governing permissions and --><!-- limitations under the License. --><div class="section"><h2>Migration from Tobago 1.5 to 2.0 (work in progress)<a name="Migration_from_Tobago_1.5_to_2.0_work_in_pr
ogress"></a></h2><p>Tobago 2.0 has some API changes compared to Tobago 1.5.</p><p>The most changes are in the tree API, which is more easy to use, but also more flexible.</p></div><div class="section"><h2>Artifacts (JAR-Files)<a name="Artifacts_JAR-Files"></a></h2><p>The following JAR files are no longer needed. They have to be removed from the project (depends on your build system).</p><ul><li>tobago-taglib-extension-<version>.jar</li><li>tobago-facelets-<version>.jar</li></ul></div><div class="section"><h2>Java-API<a name="Java-API"></a></h2><p>The class org.apache.myfaces.tobago.model.TreeState which has been deprecated in 1.5.x is used in 2.0.x with a changed API. Please check the occurrences.</p><p>Class <tt>org.apache.myfaces.tobago.component.UIFileInput</tt> has been renamed to <tt>org.apache.myfaces.tobago.component.UIFile</tt>.</p></div><div class="section"><h2>Facelets<a name="Facelets"></a></h2><p>Tobago 2.0.x is using Facelets 2.0. When still using Facelets 1
.1 in the current application, this must be removed:</p><ul><li>Remove facelets JAR (e.g. jsf-facelets-1.1.14.jar) from the library.</li><li>Remove <view-handler>org.apache.myfaces.tobago.internal.application.ViewHandlerImpl</view-handler> from the faces-config.xml</li><li>Remove param javax.faces.DISABLE_FACELET_JSF_VIEWHANDLER from web.xml</li><li>Remove or replace the facelets.* entries from web.xml</li></ul></div><div class="section"><h2>Deprecated<a name="Deprecated"></a></h2><p>There are also <tt>@Deprecated</tt> annotations in the code and some logging warning when using deprecated code via the <tt>Deprecation</tt> logging category. Before and after migrating you should check your application about that.</p></div><div class="section"><h2>Internal<a name="Internal"></a></h2><p>The <tt>internal</tt> package contains classes that should not be used directly in an application. This classes may change in minor revisions without announcement. Classes in the <tt>renderki
t</tt> package a handled in the same manner.</p></div><div class="section"><h2>Tag Library<a name="Tag_Library"></a></h2><p>The main changes in the tag library are</p><p>TODO: What has changed with the tree? The Tree now extends a UIData. The tc:treeData tag should longer used. The tc:treeNode has no longer the attributes: "selected", "expanded", "marked", "treeMarkedListener", "treeExpansionListener"</p><p>Deprecated facets "resizeAction" and "menupopup" was removed.</p></div><div class="section"><h2>Configuration<a name="Configuration"></a></h2><p>To define an own theme, please use now a file tobago-config.xml instead of tobago-theme.xml. The content of tobago-theme.xml is a subset of the tobago-config.xml, you have only to change the root node.</p><p>Please use the tobago-config-2.0.xsd to validate the configuration.</p></div><div class="section"><h2>JavaScript<a name="JavaScript"></a></h2><p>Date/Time/Calendar
components: The JavaScript for this components has been refactored. All method have now a namespace and are using jQuery. JavaScript code has been removed from the renderers. For data the HTML5 data attribute is used instead of directly coding it into the event handler, or using hidden input fields.</p></div><div class="section"><h2>CSS<a name="CSS"></a></h2><p>The class <tt>tobago-sheet-outer</tt> is renamed to <tt>tobago-sheet</tt>. The class <tt>tobago-sheet-headerSpacerOuter</tt> is renamed to <tt>tobago-sheet-headerResize</tt>. The class <tt>tobago-sheet-headerSpacer</tt> is no longer needed. The class <tt>tobago-sheet-headerSpacer-markup-resizable</tt> is no longer needed.</p></div><div class="section"><h2>Internal<a name="Internal"></a></h2><p>The facet name of the picker popup is now named "popup" instead of "pickerPopup".</p></div>
+ <!-- Licensed to the Apache Software Foundation (ASF) under one or more --><!-- contributor license agreements. See the NOTICE file distributed with --><!-- this work for additional information regarding copyright ownership. --><!-- The ASF licenses this file to You under the Apache License, Version 2.0 --><!-- (the "License"); you may not use this file except in compliance with --><!-- the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, software --><!-- distributed under the License is distributed on an "AS IS" BASIS, --><!-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. --><!-- See the License for the specific language governing permissions and --><!-- limitations under the License. --><div class="section"><h2>Migration from Tobago 1.5 to 2.0 (work in progress)<a name="Migration_from_Tobago_1.5_to_2.0_work_in_pr
ogress"></a></h2><p>Tobago 2.0 has some API changes compared to Tobago 1.5.</p><p>The most changes are in the tree API, which is more easy to use, but also more flexible.</p></div><div class="section"><h2>Artifacts (JAR-Files)<a name="Artifacts_JAR-Files"></a></h2><p>The following JAR files are no longer needed. They have to be removed from the project (depends on your build system).</p><ul><li>tobago-taglib-extension-<version>.jar</li><li>tobago-facelets-<version>.jar</li></ul></div><div class="section"><h2>CSP<a name="CSP"></a></h2><p>Tobago supports Content Security Policy (SCP) to prevent cross-site scripting (XSS) and related attacks. Specification link http://www.w3.org/TR/CSP/ In short: The HTML page doesn't contain any JavaScript or CSS information. All allowed sources for JavaScript, CSS and other resources have to be declared in special header. If you have own renderers or own JavaScript in your application, this code also needs to support SCP, to use this feat
ure.</p><div class="section"><h3>Warning:<a name="Warning:"></a></h3><p>CSP requires a different handling of JavaScript and other resources. If you use own JavaScript in the HTML page or including resources from other sites you may need to adapt your application, (or turn this feature off).</p></div><div class="section"><h3>Configuration<a name="Configuration"></a></h3><p>To add sites to the CSP headers, add <tt><directive></tt> tags to <tt><content-security-policy></tt> in the <tt>tobago-config.xml</tt>.</p><p>To turn off CSP, add an empty <tt><content-security-policy extension-mode="replace"></tt> tag in the configuration. This will reset the list of directive entries. If there is no entry, the feature is disabled.</p></div></div><div class="section"><h2>Java-API<a name="Java-API"></a></h2><p>The class org.apache.myfaces.tobago.model.TreeState which has been deprecated in 1.5.x is used in 2.0.x with a changed API. Please check the occurrences.</p><p>Cla
ss <tt>org.apache.myfaces.tobago.component.UIFileInput</tt> has been renamed to <tt>org.apache.myfaces.tobago.component.UIFile</tt>.</p></div><div class="section"><h2>Facelets<a name="Facelets"></a></h2><p>Tobago 2.0.x is using Facelets 2.0. When still using Facelets 1.1 in the current application, this must be removed:</p><ul><li>Remove facelets JAR (e.g. <tt>jsf-facelets-1.1.14.jar</tt>) from the library.</li><li>Remove <view-handler>org.apache.myfaces.tobago.internal.application.ViewHandlerImpl</view-handler> from the faces-config.xml file.</li><li>Remove the parameter <tt>javax.faces.DISABLE_FACELET_JSF_VIEWHANDLER</tt> from the <tt>web.xml</tt> file.</li><li>Remove or replace the <tt>facelets.*</tt> entries from the <tt>web.xml</tt> file.</li><li>Rename all JSTL deklarations from <tt>xmlns:c="http://java.sun.com/jstl/core"</tt> to <tt>xmlns:c="http://java.sun.com/jsp/jstl/core"</tt> in the Facelets.</li></ul></div><div class="section"><h2>Depreca
ted<a name="Deprecated"></a></h2><p>There are also <tt>@Deprecated</tt> annotations in the code and some logging warning when using deprecated code via the <tt>Deprecation</tt> logging category. Before and after migrating you should check your application about that.</p></div><div class="section"><h2>Internal<a name="Internal"></a></h2><p>The package <tt>org.apache.myfaces.tobago.internal</tt> contains classes that should not be used directly in an application. This classes may change in minor revisions without announcement. Classes in the package <tt>org.apache.myfaces.tobago.renderkit</tt> are handled in the same manner.</p></div><div class="section"><h2>Tag Library<a name="Tag_Library"></a></h2><p>The main changes in the tag library are</p><p>TODO: What has changed with the tree? The Tree now extends a UIData. The tc:treeData tag should longer used. The tc:treeNode has no longer the attributes: "selected", "expanded", "marked", "treeMarkedListen
er", "treeExpansionListener"</p><p>Deprecated facets "resizeAction" and "menupopup" was removed.</p></div><div class="section"><h2>Configuration<a name="Configuration"></a></h2><p>To define an own theme, please use now a file tobago-config.xml instead of tobago-theme.xml. The content of tobago-theme.xml is a subset of the tobago-config.xml, you have only to change the root node.</p><p>Please use the tobago-config-2.0.xsd to validate the configuration.</p></div><div class="section"><h2>JavaScript<a name="JavaScript"></a></h2><p>Date/Time/Calendar components: The JavaScript for this components has been refactored. All method have now a namespace and are using jQuery. JavaScript code has been removed from the renderers. For data the HTML5 data attribute is used instead of directly coding it into the event handler, or using hidden input fields.</p></div><div class="section"><h2>CSS<a name="CSS"></a></h2><p>The class <tt>tobago-sheet-outer</tt> is renam
ed to <tt>tobago-sheet</tt>. The class <tt>tobago-sheet-headerSpacerOuter</tt> is renamed to <tt>tobago-sheet-headerResize</tt>. The class <tt>tobago-sheet-headerSpacer</tt> is no longer needed. The class <tt>tobago-sheet-headerSpacer-markup-resizable</tt> is no longer needed.</p></div><div class="section"><h2>Internal<a name="Internal"></a></h2><p>The facet name of the picker popup is now named "popup" instead of "pickerPopup".</p></div>
</div>
</div>
<div class="clear"></div>