For a testing platform, we a have a typical basic authentication in front of our actual platform. The application server is a WildFly 14 with PrimeFaces as the frontend framework. In order for every JavaScript file not being downloaded separately, we also use the CombinedResourceHandler from OmniFaces. However, on this beta platform we always got a 401 response for the request of  the combined Javascript in Internet Explorer.

This blog post solves an error I encountered while trying to display some data in a PrimeFaces line chart graph (Version 6.2). Each time I opened the page with the graph, the Browser crashed with an “Out of Memory” message in the console. The error always occurred in Primeface’s chart.js

In this article I will describe how to prevent Saxon from parsing external entities to avoid XXE attacks. Basically you should be very careful when parsing XML files from untrusted sources. Otherwise this can lead to serious security issues.

This post describes how to fix the PrimeFaces Expression Language Remote Code Execution bug (CVE-2017-1000486) when an update to the latest / fixed PrimeFaces version is not easily possible. This solution also needs no patching of the PrimeFaces library itself. The preferred / advised solution for fixing the issue is of course to do the update. The bug was already fixed over a year ago. However, only recently (beginning of 2018), more details and public exploits for this vulnerability have been published. See: https://www.primefaces.org/primefaces-el-injection-update/ In one of our projects we build a set of own components with custom design based on Primefaces.…

This article describes how a typical browser file download can be triggered using the Angular HttpClient. Typically you can simply introduce a link to the endpoint of the file download into the page and this will work just fine. However, if you use authentication via bearer token etc. and the download endpoint needs authentication, you probably want to use the HttpClient in order to make that download request.

In this article I will describe how to add a Http Authentication Bearer token to each request done from Angular via HttpClient by implementing a Angular 5 HttpInterceptor. This way the bearer token has not be added to each request separately while doing Ajax request e.g. to a REST api. This is for example useful, if you have some api that is protected by OAuth and you have to sent a JWT token in order to get access.