将 JSF 前缀更改为后缀映射迫使我在 CSS 背景图像上重新应用映射 [英] Changing JSF prefix to suffix mapping forces me to reapply the mapping on CSS background images
问题描述
我多年来一直在使用前缀映射,并决定改用后缀映射,只是为了真正摆脱 url 中的 /faces
.我只是想在我给自己挖一个洞之前检查我是否朝着正确的方向前进有一些意想不到的事情正在发生.我改变了这个:
I've been using prefix mapping for years and decided to switch to suffix
mapping, just to get rid of the /faces
in the url really. I just wanted
to check I'm going in the right direction before I dig myself a hole as
there are a few unexpected things going on. I changed from this:
<servlet-mapping>
<servlet-name>FacesServlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
为此:
<servlet-mapping>
<servlet-name>FacesServlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
然后我看到所有通过 FacesServlet
的东西都有 .xhtml
附加到它,以便浏览器请求 background.png.xhtml
文件,style.css.xhtml
文件 - 是这样吗?我想这叫做后缀映射,但对我来说它看起来有点不整洁,我试图说服自己这是要走的路.
And then I see that everything going through FacesServlet
has .xhtml
appended to it, so that the browser is requesting background.png.xhtml
files,
style.css.xhtml
file - is this right? It is called suffix mapping I suppose,
but it looks a bit untidy to me and I'm trying to convince myself it's
the way to go.
在引用 URI 的 CSS 文件中,我还必须附加 .xhtml
:
In my CSS files where an URI is referenced I also have to append .xhtml
:
background-image: url(images/background.png.xhtml);
然后我看到了一个来自 BalusC 的帖子,它提供了一个解决方案来防止无需通过 FacesServlet 下载资源:
Then I saw a post from BalusC that gives a solution to prevent the download of resources without going via FacesServlet:
<security-constraint>
<display-name>Restrict raw XHTML docs</display-name>
<web-resource-collection>
<web-resource-name>XHTML</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
当我添加这个时,只有真正的 .xhtml
文件加载到页面上,所有其他资源(尽管附加了 .xhtml
)不显示.
When I add this then only real .xhtml
files load on the page, all
other resources (despite having .xhtml
appended) do not display.
我只想知道:
这是将
.xhtml
附加到一切正常吗(对不起,如果这些年最愚蠢的问题)
Is this appending
.xhtml
to everything normal (sorry if the years silliest question)
为什么restrict raw xhtml docs"安全约束会阻止资源,例如加载中的 CSS、JavaScript 和图像?
Why does the 'restrict raw xhtml docs' security constraint prevent resource such as CSS, JavaScript and images from loading?
感谢您的任何反馈.我在 Glassfish 3.1 上使用 Mojarra 2.1.2.
Thanks for any feedback. I am using Mojarra 2.1.2 on Glassfish 3.1.
推荐答案
然后我看到通过 FacesServlet 的所有内容都附加了 .xhtml,因此浏览器正在请求 .png.xhtml 文件、.css.xhtml 文件 - 对吗?
and then I see that everything going through FacesServlet has .xhtml appended to it, so that the browser is requesting .png.xhtml files, .css.xhtml file - is this right?
这仅适用于
和
包含的资源.这与网址映射的变化无关.这与从 JSF 1.x 到 JSF 2.x 的变化以及从 和
到的变化有关前面提到的 JSF2 标签.
This only applies to resources included by <h:outputStylesheet>
and <h:outputScript>
. This is not related to the change in the URL mapping. This is related to the change from JSF 1.x to JSF 2.x and the change from <link rel="stylesheet">
and <script>
to the aforementioned JSF2 tags.
对于您自己的脚本、样式表和其他将从公共网络内容提供的静态内容,您应该不要手动添加.xhtml代码> 扩展.您不需要对现有静态资源进行任何更改.
For your own scripts, stylesheets and other static stuff which is to be served from the public webcontent, you should not manually add the .xhtml
extension. You should not need to change anything with regard to existing static resources.
仅用于 CSS 背景图像和其他 url()
引用在 CSS 文件中使用
标记(因此不适用于 <link rel="stylesheet>
),您需要更改 url()
位置以由 EL 动态解析.您将需要使用以下语法:
Only for CSS background images and other url()
references in CSS files which is to be included using the <h:outputStylesheet>
tag (and thus not for <link rel="stylesheet>
), you would need to change the url()
location to be dynamically resolved by EL. You would need to use the following syntax instead:
body {
background-image: url("#{resource['libraryname:path/to/image.png']}");
}
假设您有以下 /resources
文件夹结构:
Imagine that you have the following /resources
folder structure:
WebContent
|-- META-INF
|-- resources
| `-- default
| |-- images
| | `-- background.png
| `-- css
| `-- style.css
|-- WEB-INF
`-- test.xhtml
并且您在 test.xhtml
中包含 style.css
如下
and that you're including the style.css
in test.xhtml
as follows
<h:outputStylesheet library="default" name="css/style.css" />
那么你应该如下定义背景图片网址
then you should be defining the background image URL as follows
body {
background-image: url("#{resource['default:images/background.png']}");
}
或者当你依赖默认库,因此你没有使用library
,那么它应该看起来像这样:
Or when you're relying on the default library, thus you aren't using the library
, then it should rather look like this:
WebContent
|-- META-INF
|-- resources
| |-- images
| | `-- background.png
| `-- css
| `-- style.css
|-- WEB-INF
`-- test.xhtml
test.xhtml
:
<h:outputStylesheet name="css/style.css" />
style.css
:
body {
background-image: url("#{resource['images/background.png']}");
}
<小时>
至于安全约束,当您已经在使用 *.xhtml
映射时,不需要.当 FacesServlet
映射到除 *.xhtml
之外的模式时,安全约束旨在防止最终用户看到原始 XHTML 源代码.在 /faces/*
映射或重命名 .jsf 的情况下,最终用户只需从 URL 中删除
到 /faces
部分即可查看 XHTML 源代码.xhtml
在 *.jsf
映射的情况下.摆脱安全限制,它会使您的情况变得更糟,因为您已经在使用 *.xhtml
映射,这使得通过破解 URL 已经不可能看到原始 XHTML 源代码.
As to the securiry constraint, it is not needed when you're already using the *.xhtml
mapping. The security constraint is intended to prevent the enduser from seeing the raw XHTML source code when the FacesServlet
is mapped on a pattern other then *.xhtml
. The enduser would be able to see the XHTML source code by just removing /faces
part from the URL in case of a /faces/*
mapping or renaming .jsf
to .xhtml
in case of a *.jsf
mapping. Get rid of the security constraint, it makes in your case things worse as you're already using a *.xhtml
mapping which makes it already impossible to see the raw XHTML source code by hacking the URL.
这篇关于将 JSF 前缀更改为后缀映射迫使我在 CSS 背景图像上重新应用映射的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!