Changing JSF prefix to suffix mapping forces me to reapply the mapping on CSS background images

前端 未结 1 2010
隐瞒了意图╮
隐瞒了意图╮ 2020-11-29 09:49

I\'ve been using prefix mapping for years and decided to switch to suffix mapping, just to get rid of the /faces in the url really. I just wanted to check I\'m

相关标签:
1条回答
  • 2020-11-29 10:01

    and then I see that everything going through FacesServlet has .xhtml appended to it, so that the browser is requesting .png.xhtml files, .css.xhtml file - is this right?

    This only applies to resources included by <h:outputStylesheet> and <h:outputScript>. This is not related to the change in the URL mapping. This is related to the change from JSF 1.x to JSF 2.x and the change from <link rel="stylesheet"> and <script> to the aforementioned JSF2 tags.

    For your own scripts, stylesheets and other static stuff which is to be served from the public webcontent, you should not manually add the .xhtml extension. You should not need to change anything with regard to existing static resources.

    Only for CSS background images and other url() references in CSS files which is to be included using the <h:outputStylesheet> tag (and thus not for <link rel="stylesheet>), you would need to change the url() location to be dynamically resolved by EL. You would need to use the following syntax instead:

    body {
        background-image: url("#{resource['libraryname:path/to/image.png']}");
    }
    

    Imagine that you have the following /resources folder structure:

    WebContent
     |-- META-INF
     |-- resources
     |    `-- default
     |         |-- images
     |         |    `-- background.png
     |         `-- css
     |              `-- style.css
     |-- WEB-INF
     `-- test.xhtml
    

    and that you're including the style.css in test.xhtml as follows

    <h:outputStylesheet library="default" name="css/style.css" />
    

    then you should be defining the background image URL as follows

    body {
        background-image: url("#{resource['default:images/background.png']}");
    }
    

    Or when you're relying on the default library, thus you aren't using the library, then it should rather look like this:

    WebContent
     |-- META-INF
     |-- resources
     |    |-- images
     |    |    `-- background.png
     |    `-- css
     |         `-- style.css
     |-- WEB-INF
     `-- test.xhtml
    

    test.xhtml:

    <h:outputStylesheet name="css/style.css" />
    

    style.css:

    body {
        background-image: url("#{resource['images/background.png']}");
    }
    

    As to the securiry constraint, it is not needed when you're already using the *.xhtml mapping. The security constraint is intended to prevent the enduser from seeing the raw XHTML source code when the FacesServlet is mapped on a pattern other then *.xhtml. The enduser would be able to see the XHTML source code by just removing /faces part from the URL in case of a /faces/* mapping or renaming .jsf to .xhtml in case of a *.jsf mapping. Get rid of the security constraint, it makes in your case things worse as you're already using a *.xhtml mapping which makes it already impossible to see the raw XHTML source code by hacking the URL.

    0 讨论(0)
提交回复
热议问题