0

I have a JSF (Mojarra 2.2.20) that is deployed on Tomcat 8.5 on a clustered environement.

My catalina.out is filled with this error:

ERROR: MAC did not verify!

I've been reading posts like: Getting ViewExpiredException in clustered environment while state saving method is set to client and user session is valid and following the steps indicated.

EDIT: Taking into account BalusC comment I modified my configuration, and now it looks like this. However I keep getting the error in the production environment.

This is my configuration:

public void onStartup(ServletContext servletContext) throws ServletException {
    servletContext.setInitParameter("javax.faces.STATE_SAVING_METHOD", "client");
    servletContext.setInitParameter("javax.faces.DEFAULT_SUFFIX", ".xhtml");
    servletContext.setInitParameter("javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE", "true");
    servletContext.setInitParameter("org.omnifaces.FACES_VIEWS_SCAN_PATHS", "/*.xhtml");
    servletContext.setInitParameter("primefaces.CLIENT_SIDE_VALIDATION", "true");
    servletContext.setInitParameter("primefaces.THEME", "flick");
    servletContext.setInitParameter("primefaces.UPLOADER", "native");
}

And this is my web.xml:

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">

<display-name>app-name</display-name>

<distributable />

<env-entry>
    <env-entry-name>jsf/ClientSideSecretKey</env-entry-name>
    <env-entry-type>java.lang.String</env-entry-type>
    <env-entry-value>[KEY generated with the code in the post linked]</env-entry-value>
</env-entry>

<error-page>
    <error-code>500</error-code>
    <location>/pages/error/error.xhtml</location>
</error-page>
<error-page>
    <error-code>404</error-code>
    <location>/pages/error/notFound.xhtml</location>
</error-page>
<error-page>
    <exception-type>javax.faces.application.ViewExpiredException</exception-type>
    <location>/pages/error/timeout.xhtml</location>
</error-page>

<session-config>
    <session-timeout>15</session-timeout>
</session-config>

</web-app>

According to other posts published in stackoverflow my setup is correct, what am I missing?

Thanks.

maqjav
  • 2,310
  • 3
  • 23
  • 35
  • 1
    Where did you read that you should set `jsf/ClientSideSecretKey` as a servlet context attribute? Set it as JNDI env entry via `web.xml` the same way as in the question you found. – BalusC Jun 29 '21 at 08:48
  • @BalusC thank you. I thought that a servlet context attribute was the equivalent way to add an "env-entry" programmatically. I will change it ASAP and give it a try. – maqjav Jun 29 '21 at 10:26
  • @BalusC I modified the code as you said, but I keep getting the error. I edited my main post. Thanks. – maqjav Jun 30 '21 at 06:53
  • Looks OK to me except for non-standard way of setting servlet context init params. Any chance you're actually building this project as e.g. a Spring Boot based JAR instead of a standard Jakarta EE WAR? – BalusC Jun 30 '21 at 08:44
  • No, it's a standard Jakarta EE WAR. – maqjav Jun 30 '21 at 09:22
  • Okay, sorry then I don't know. There's only a tiny chance left that those errors are actually coming from sessions already saved in servers BEFORE the change was released. In other words, all session storages should be cleaned up after release of change in order to be able to confirm whether it's working as intended. – BalusC Jun 30 '21 at 10:04
  • 1
    @BalusC you might be right!, since yesterday we didn't get more of these errors, only at the beggining, so it's possible that as you said, they were old sessions. I will keep tracking this error, but I think it's already fixed. Thank you very much for your help. – maqjav Jul 02 '21 at 11:08

0 Answers0