Develop Reference

Spring Multipart/Form-data csrf issue

i've been having issues with csrf validation with a multipart/form-data type of form, since it didnt let me authenticate nor upload my files, returning a 403 when trying to execute the call.
After some reseach i've found that supposedly, "multipart/form-data" forms have trouble with csrf, and thus i had to add the
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
annotation to each form in my .xhtml file.
(Also tried the form action='', variation)
And yet it kept returning that my csrf value was null
after some more research, i've tried adding the SpringMultipartFilter
<filter>
<display-name>springMultipartFilter</display-name>
<filter-name>springMultipartFilter</filter-name>
<filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>springMultipartFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
and also stated the filterMultipartResolver bean in the application context of the presentation part:
<bean id="filterMultipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="-1" />
</bean>
and after doing that, Chrome did let me validate my user, and did let me press the upload button, returning a 200 (OK) code
but, the file is not getting uploaded and debugging shows that my methods are not being called, consoles are not returning an error both Java nor Chrome Debug console, so im a little lost any help to solve or to get actual knowledge of what is happening would be appreciated, thanks.
Im using Spring+Primefaces+Maven.
Upload form in .xhtml:
<h:form id="uploadForm" enctype="multipart/form-data">
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" />
<p:fieldset id="uploadBlock"
legend="#{message['cmb.title1.text.label']}">
<br />
<h:panelGroup layout="block"
style="float : left; margin-right : 10%;">
<h:panelGrid id="display1">
<p:fileUpload update=":tableForm:comparisonTable #this"
fileUploadListener="#{ComparisonCSVController.upload}"
allowTypes="/(\.|\/)(csv)$/i" mode="advanced" fileLimit="1"
description="Select a csv file">
</p:fileUpload>
</h:panelGrid>
</h:panelGroup>
</p:fieldset>
<br />
</h:form>
Im certain its not a problem with the actual methods of my beans or my beans, since everything was working till i enabled spring security, and if i turn it off, everything runs smooth, but i need it enabled, so im facing this problem.

Fixed after messing with the order of the filters in the web.xml.
The order has to be:
- Primefaces filter- (i did edit out a FORWARD tag)
- MultiPart filter-
- Spring Filter -
- Prettyfaces filter, with ASYNC tag on-
Thank you.

Custom JwtSecurityTokenHandler not being invoked

I have a .NET MVC application that uses Azure Active Directory for Auth.
I'm trying to add a custom JWTSecurityTokenHandler to authenticate a console app that performs some basic GET requests against the app. However every request just gets redirected to the Azure AD login page instead of being passed to the JWT handler (my breakpoints and logging statements in the handler are not being hit). Any ideas?
Web.config:
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://localhost:44300/" />
</audienceUris>
<securityTokenHandlers>
<add type="QS.Admin.Infrastructure.MyJwtHandler, QS.Admin" />
<securityTokenHandlerConfiguration>
<certificateValidation certificateValidationMode="None" />
</securityTokenHandlerConfiguration>
</securityTokenHandlers>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="https://[myaccessdomain].accesscontrol.windows.net/">
<keys>
<add thumbprint="[thumbprint]" />
</keys>
<validIssuers>
<add name="https://[myaccessdomain].accesscontrol.windows.net/" />
</validIssuers>
</authority>
</issuerNameRegistry>
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" />
<wsFederation passiveRedirectEnabled="true" issuer="https://[myaccessdomain].accesscontrol.windows.net/v2/wsfederation" realm="https://localhost:44300/" requireHttps="false" />
</federationConfiguration>
</system.identityModel.services>

in addition to the above advice,
the jwtsecuritytokenhandlers responsibility is to validate a jwt and serve claims upstream. I don't see session management anywhere in your config, if that is missing, each call to the host will require obtaining a new token from ACS.

The settings in web.config look right.
Couple of things to check :
Make sure ACS is configured to issue JWT tokens for your realm.
If you plug in the JwtSecurityTokenHandler from MS - is it getting hit? This will help in isolating the issue to your custom handler versus settings in ACS or web.config.

How to add Kendo UI HTML helpers to my ASP.net MVC 4 project?

Simple question: I've installed Telerik DevCraft Ultimate on my workstation. I've looked at the examples showing the use of the Kendo UI HTML helpers.
What reference do I add to my project to be able to use them?

Configure your ASP.NET MVC layout page to include the Kendo UI Web JavaScript and CSS files:
<link rel="stylesheet" href="#Url.Content("~/Content/kendo.common.min.css")">
<link rel="stylesheet" href="#Url.Content("~/Content/kendo.default.min.css")">
<script src="#Url.Content("~/Scripts/jquery.min.js")"></script>
<script src="#Url.Content("~/Scripts/kendo.web.min.js")"></script>
<script src="#Url.Content("~/Scripts/kendo.aspnetmvc.min.js")"></script>
Add a reference to the Kendo.Mvc.UI namespace to your web.config. Then the Kendo HtmlHelper extension would be availble in your views. Rebuild your project after adding the namespace to the web.config (required for Visual Studio to show intellisense for Kendo.Mvc.UI).
<system.web.webPages.razor>
<pages pageBaseType="System.Web.Mvc.WebViewPage">
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="Kendo.Mvc.UI" />
</namespaces>
</pages>
</system.web.webPages.razor>
Use any Kendo UI HtmlHelper extension
#(Html.Kendo().DatePicker().Name("Birthday"))
more details at http://docs.kendoui.com/getting-started/using-kendo-with/aspnet-mvc/introduction

"input-validation-error" class will not added to that text box

I have registered below javascript in my view of mvc3 application.
jquery.validate.js
jquery.validate.unobtrusive.js
I have also added below keys to my web.config.
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
I have also added required attribute with error message above the text box but when I submit the form with blank value in text box "input-validation-error" class will not added to that text box.
Please tell me the reason why "input-validation-error" class will not added while submit the form.???
Thanks in advance.
Jayesh Ginoya

What is Microsoft.MvcValidation used for in ASP.NET MVC 3 projects?

I'm new to ASP.NET MVC and don't understand the purpose of all the JavaScript files that are added to the project by default.
What's the purpose of MicrosoftMvcValidation.js? Whatever it's used for, can it be swapped out for a jquery-based implementation? If so, how?

MicrosoftMvcValidation.js will be used if you decide that you do not want to use the new unobtrusive jQuery validation on the client side.
You can make this choice for you entire applicastion in the web.config file here:
<appSettings>
<add key="ClientValidationEnabled" value="true"/>
<add key="UnobtrusiveJavaScriptEnabled" value="true"/>
</appSettings>
So in the above example the jQuery validation will be used.