Category Archives: JavaEE

JSF ViewState Hack Attempt: java.lang.StringIndexOutOfBoundsException: String index out of range: -1 – com.sun.faces.renderkit.ServerSideStateHelper.getState (ServerSideStateHelper.java:313)

Hack Attempt on JSF ViewState

This article explains why the error java.lang.StringIndexOutOfBoundsException: String index out of range: -1 in the class ServerSideStateHelper in the method getState (313) might be someone trying to hack your application server. It is getting quite technical in here… but bear with me… it’s really interesting. I also break down the actual attack to demonstrate what the attacker was trying to do.

Continue reading

WildFly 10 with Apache and AJP

This article demonstrates how inbound request from a webserver (Apache) can be proxied to an application server (WildFly 10) using the Apache JServ Protocol (AJP). For more information on what AJP actually is, take a look at https://en.wikipedia.org/wiki/Apache_JServ_Protocol .

WildFly 10 Configuration

First you have to add an ajp-listener to the undertow subsystem (line 4).

standalone.xml –  undertow subsystem:

Then you also have to add a socket-binding (line 4).

Continue reading