If you are manipulating any FacesContext when doing any kind of Sevlet Forwards – such as from a filter – you MUST release() any FacesContext you’ve created. The consequences of forgetting this are potentially dire.

So you’ve got Spring Security up and running. Great! Now you’ve got a login page, and you just added a form on the global page menu to allow users to Login from any public page. There’s just one problem. When they log-in from a public page, they’re redirected to the default-login-url! Your users will have to re-navigate to the page they were already viewing when they logged in, or maybe they’ll just use the much dreaded “Back” button. That’s not a good interaction, but we have a solution.

So, this is going to be a short-relatively non-technical post, but having just run into the problem of exposing a subdirectory when WordPress is installed into the root directory of a typical DreamHost or GoDaddy style account, I found the need, so here’s the answer if anyone else needs it.

PrettyFaces:

New versions of PrettyFaces for JSF1.2 and JSF2.0 are now available for download:

Several things that make life painful with Facelets are fixed with JSF2 & EzComp. Take a look at some of the nicer things to come:

When developers choose to enforce Static Analysis tools (i.e. JTest or PMD) they might have the best intentions at heart, but are actually making the code worse in the long run.  The value of the programmer’s experience and expertise on the code is not considered. Static analysis tools are automated programs that run a set of rules against source code to produce metrics, and give advice on best practices. So why does using these tools lead to bad code? 

A correction has been made to the post: http://ocpsoft.com/java/acegi-spring-security-jsf-login-page/, fixing an issue where FacesMessages were not being displayed on failed authentications.

PrettyFaces:

Version 1.2.3_GA: binary, source, documentation (stable) Minor Release: 20090415

1. Added optional <action onPostback=”false”> boolean flag to prevent action methods from being called on form postback. Defaults to true;
2. Added optional <query-param decode=”false”> to prevent java.net.URLDecode.decode() from being called on a specific managed query-parameter. Defaults to true;
3. Added unit tests for several critical classes.
4. Minor to moderate refactoring of PrettyFilter/PrettyContext

PrettyFaces:

Version 1.2.3_RC2: binary, source, documentation (stable) Minor Release: 20090331

1. Servlet forwards are working

PrettyFaces:

Version 1.2.3_RC1: binary, source, documentation (stable) Minor Release: 20090319

1. Managed query-params now accept multiple parameters of the same name: E.g.: String[] names — would accept a list of parameters (with the same name) from the request
2. Enhanced configuration loading — PrettyFaces now looks for /META-INF/pretty-config.xml by default, in addition to accepting a comma-separated list of user config-files in the web.xml init param: com.ocpsoft.pretty.CONFIG_FILES — submitted by Aleksei Valikov
3. JSP support for standard attributes on the pretty:link tag has been fixed. The pretty link will now accept style=’mystyle’ and other attributes — from Derek Hollis at OcpSoft