src/main/java/com/mousetech/gourmetj/AdminMainBean.java

@@ -12,22 +12,27 @@ import com.mousetech.gourmetj.persistence.model.Recipe;
 import com.mousetech.gourmetj.persistence.service.RecipeService;
 
 import jakarta.annotation.PostConstruct;
+import jakarta.enterprise.context.RequestScoped;
 import jakarta.faces.event.AjaxBehaviorEvent;
 import jakarta.faces.model.DataModel;
 import jakarta.faces.model.ListDataModel;
-import jakarta.faces.view.ViewScoped;
 import jakarta.inject.Inject;
 import jakarta.inject.Named;
 
 /**
  * Main control panel backing bean.
  * 
+ * The rare and fabled RequestScope, which is otherwise
+ * useless 90% of the time. Here we maintain no session
+ * state. so we can better support the session timeout
+ * for editing functions.
+ * 
  * @author timh
  * @since Jun 28, 2012
  */
 
 @Named
-@ViewScoped
+@RequestScoped
 public class AdminMainBean implements Serializable {
 
 	/**
@@ -44,6 +49,9 @@ public class AdminMainBean implements Serializable {
 	private static final Logger log =
 			LoggerFactory.getLogger(AdminMainBean.class);
 
+	/** Cookie delimiter */
+	private static final String CKDLM = ",";
+
 	/**
 	 * Persistency service for Recipes.
 	 */
@@ -281,9 +289,4 @@ public class AdminMainBean implements Serializable {
 										// items.
 		return "recipeDetails?faces-redirect=true";
 	}
-	
-	public String doLogout() {
-		JSFUtils.logout();
-		return null;
-	}
 }

src/main/java/com/mousetech/gourmetj/JSFUtils.java

@@ -164,9 +164,5 @@ public class JSFUtils {
 			log.warn("Session did not exist.");
 		}
 		
-	}
-
-	public static HttpSession getSession(boolean create) {
-		return (HttpSession) getExternalContext().getSession(create);
 	}		
 }

src/main/java/com/mousetech/gourmetj/RecipeDetailBean.java

@@ -14,10 +14,12 @@ import jakarta.faces.model.ListDataModel;
 import jakarta.faces.view.ViewScoped;
 import jakarta.inject.Inject;
 import jakarta.inject.Named;
+import jakarta.servlet.http.Part;
 import jakarta.faces.event.AjaxBehaviorEvent;
 
 import org.apache.commons.lang3.StringUtils;
 import org.primefaces.event.FileUploadEvent;
+import org.primefaces.model.file.UploadedFile;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -978,7 +980,7 @@ public class RecipeDetailBean implements Serializable {
 
 	public String editDescription() {
 		this.setDetailTab(0);
-		return "detailEdit.xhtml?faces-redirect=true";
+		return "detailEdit?faces-redirect=true";
 	}
 
 	public String editIngredients() {

src/main/java/com/mousetech/gourmetj/SpringPrimeFacesApplication.java

@@ -21,11 +21,10 @@ import org.springframework.http.HttpStatus;
 		"com.mousetech.gourmetj.persistence.model" })
 public class SpringPrimeFacesApplication {
 
-	final String homePage = "/main.jsf?viewExpired=true";
 	final String errorPage = "/error/error.html";
-	final String error404Page = "/error/error404.jsp";
+	final String error404Page = "/error/error404.html";
 	final String error400Page = "/error/error400.jsp";	
-	final String expiredPage = "/error/viewExpired.xhtml";
+	final String expiredPage = "/main.xhtml";
 
 	public static void main(String[] args) {
 		SpringApplication.run(SpringPrimeFacesApplication.class,

src/main/java/com/mousetech/gourmetj/SpringSecurityConfig.java

@@ -20,7 +20,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 
 import jakarta.servlet.DispatcherType;
 
@@ -100,24 +99,24 @@ public class SpringSecurityConfig {
 		return ocreds;
 	}
 
-	@Bean
+    @Bean
-	SecurityFilterChain securityFilterChain(HttpSecurity http)
+    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			throws Exception {
 
-		http.csrf(AbstractHttpConfigurer::disable)
+        http
-			.cors(AbstractHttpConfigurer::disable)
+                .csrf(AbstractHttpConfigurer::disable)
-			.formLogin(login -> login.loginPage("/login.jsf")
+                .cors(AbstractHttpConfigurer::disable)
-				.permitAll()
+                .formLogin(formLogin ->
-				.failureUrl("/login.jsf?error=true"))
+                	formLogin
-			.logout(logout -> logout
+                	.loginPage("/login.xhtml")
-				.logoutSuccessUrl("/login.jsf"))
+                	.permitAll())
-			.httpBasic(Customizer.withDefaults())
+                .authorizeHttpRequests((authorize)-> authorize
-			.authorizeHttpRequests((authorize) -> authorize
+                		.dispatcherTypeMatchers(DispatcherType.FORWARD, DispatcherType.ERROR).permitAll()
-				.anyRequest().authenticated());
+                        .anyRequest().authenticated()
-
+                );
-		return http.build();
-	}
 
+        return http.build();
+    }
+    
     /**
      * Replaces old antMatchers for determining secured URLs.
      * @return customizer
@@ -125,19 +124,14 @@ public class SpringSecurityConfig {
     @Bean
     public WebSecurityCustomizer webSecurityCustomizer() {
         return (web) -> web.ignoring().requestMatchers(
-        	"/jakarta.faces.resource/**",
+			"/jakarta.faces.resource/**",
+			"/index.xhtml",
 			"/",
-			"/index.html",
+			"/index.jsf",
-//			"/login",
+			"/login",
-//			"/login.jsf", // Leave them for the authenticator!
-//			"/login.xhtml",
 			"/main.jsf",
-			"/main.xhtml",
 			"/img/**",
-			"/error/**",
-			"/RES_NOT_FOUND",
 			"/recipeDetails.jsf",
-			"/recipeDetails.xhtml",
 			"/shoppingList.jsf",
 			"/recipePrint.jsf");
     }

src/main/java/com/mousetech/gourmetj/UserSession.java

@@ -5,8 +5,10 @@ import java.util.ArrayList;
 import java.util.List;
 
 import jakarta.enterprise.context.SessionScoped;
+import jakarta.faces.model.SelectItem;
 import jakarta.inject.Named;
 
+import org.primefaces.PrimeFaces;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

src/main/resources/META-INF/resources/WEB-INF/faces-config.xml

@@ -25,7 +25,7 @@
         <navigation-case>
             <description>Go Home</description>
             <from-outcome>home</from-outcome>
-            <to-view-id>/main.xhtml?faces-redirect=true</to-view-id>
+            <to-view-id>/main</to-view-id>
             <redirect />
         </navigation-case>
     </navigation-rule>

src/main/resources/META-INF/resources/detailEdit.xhtml

@@ -398,7 +398,7 @@
                     />
                     <p:commandButton id="doHome" value="Home"
                         icon="ui-icon-home" ajax="false"
-                        immediate="true" action="home"
+                        immediate="true" action="main.jsf"
                     />
                 </h:form>
             </p:panel>

src/main/resources/META-INF/resources/error/error404.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<head>
+<title>ERROR - Page Not Found</title>
+</head>
+<body>
+    <h1>Page Not Found</h1>
+    <p>This URL is invalid.</p>
+    <p><a href="/main.jsf">Return to Main Page</a></p>
+</body>
+</html>

src/main/resources/META-INF/resources/error/error404.jsp

@@ -1,12 +0,0 @@
-<%@ page language="java" contentType="text/html; charset=US-ASCII"
-    pageEncoding="US-ASCII" isErrorPage="true"%>
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "https://www.w3.org/TR/html4/loose.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>ERROR - Page Not Found</title>
-</head>
-<body>
-    <h1>Page Not Found</h1>
-    <p><a href="/main.jsf">Return to Main Page</a></p>
-</body>
-</html>

src/main/resources/META-INF/resources/error/viewExpired.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>ERROR - Page Expired</title>
+</head>
+<body>
+    <h1>Page Expired</h1>
+    <p>The page state could not be restored because it was
+        left idle too long.</p>
+    <p>
+        <a href="/main.jsf">Return to Main Page</a>
+    </p>
+</body>
+</html>

src/main/resources/META-INF/resources/index.html

@@ -1,8 +1,13 @@
 <?xml version="1.0"  encoding="UTF-8"?>
 <!DOCTYPE html>
-<html>
+<html xmlns="http://www.w3.org/1999/xhtml"
-<head><title>Gourmet Recipe Manager</title><head>
+    xmlns:h="http://xmlns.jcp.org/jsf/html"
-<body>
+    xmlns:f="http://xmlns.jcp.org/jsf/core"
+    xmlns:ui="http://java.sun.com/jsf/facelets"
+    xmlns:p="http://primefaces.org/ui"
+>
+<h:head>Gourmet Recipe Manager</h:head>
+<h:body>
     <h1>Gourmet Recipe Manager</h1>
             <p>This is an implementation of Thomas Hinkle's
                 Gourmet Recipe Manager, originally a desktop
@@ -15,5 +20,5 @@
             <p>This is an open-source application under the 
             Common Development and Distribution License (CDDL).
             </p>
-<body>
+</h:body>
 </html>

src/main/resources/META-INF/resources/login.xhtml

@@ -1,36 +1,31 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml"
-    xmlns:h="http://java.sun.com/jsf/html"
+  xmlns:h="http://java.sun.com/jsf/html"
-    xmlns:f="http://xmlns.jcp.org/jsf/core"
+  xmlns:f="http://xmlns.jcp.org/jsf/core"
-    xmlns:p="http://primefaces.org/ui"
+  xmlns:p="http://primefaces.org/ui"
-    xmlns:pe="http://primefaces.org/ui/extensions"
+  xmlns:pe="http://primefaces.org/ui/extensions">
->
+
 <h:head>
-    <title>Login</title>
+  <title>Login</title>
+  <h:outputStylesheet name="/css/login.css" />
 </h:head>
+
 <h:body>
-    <h:form prependId="false" style="width:100%">
+  <h:form prependId="false">
-        <p:panelGrid columns="3" style="width:100%"
+
-            styleClass="ui-fluid center ui-noborder"
+    <p:panelGrid columns="1" styleClass="ui-fluid center ui-noborder">
-        >
+      <h2>Please login</h2>
-            <h:outputText style="width:33%;" value=" " />
+
-            <p:panelGrid columns="1" id="grid1">
+      <p:outputLabel value="Login failed!" styleClass="red"
-                <h2>Please login</h2>
+        rendered="${!empty param['error']}" />
-                <p:outputLabel value="Login failed!"
+
-                    styleClass="red"
+      <p:inputText id="username" placeholder="User name" />
-                    rendered="${!empty param['error']}"
+      <p:password id="password" placeholder="Password" />
-                />
+
-                <p:outputLabel for="username">User ID</p:outputLabel>
+      <p:commandButton value="Login" ajax="false" />
-                <p:inputText id="username"
+    </p:panelGrid>
-                    placeholder="User name"
+
-                />
+  </h:form>
-                <p:outputLabel for="password">Password</p:outputLabel>
-                <p:password id="password" placeholder="Password" />
-                <p:commandButton value="Login" ajax="false" />
-            </p:panelGrid>
-            <h:outputText style="width:33%;" value=" " />
-        </p:panelGrid>
-    </h:form>
 </h:body>
-</html>
+</html>

src/main/resources/META-INF/resources/main.xhtml

@@ -20,7 +20,13 @@
                         listener="#{adminMainBean.ajaxUpdateList}"
                     />
                 </p:autoComplete>
-                <p:outputLabel for="@next" value=" In " />
+                <p:defaultCommand target="find" />
+                <p:commandButton id="find" value="Find"
+                    icon="ui-icon-search"
+                    action="#{adminMainBean.doFind}"
+                    update=":form2:table1"
+                />
+                <p:outputLabel for="@next" value="Search for " />
                 <p:selectOneMenu id="ctlSearchType"
                     value="#{cookieBean.searchType}"
                 >
@@ -31,12 +37,6 @@
                         listener="#{adminMainBean.resetSuggestions}"
                     />
                 </p:selectOneMenu>
-                <p:defaultCommand target="find" />
-                <p:commandButton id="find" value="Find"
-                    icon="ui-icon-search"
-                    action="#{adminMainBean.doFind}"
-                    update=":form2:table1"
-                />                
                 <p:commandButton id="ctlClear" value="Clear"
                     icon="ui-icon-close"
                     update="@form:searchFor :form2:table1"
@@ -55,9 +55,6 @@
                 <h:outputLabel for="slistSize"
                     value=" Recipes in Shopping List"
                 />
-                <p:commandButton id="logout" value="Logout"
-                    action="#{adminMainBean.doLogout}"
-                />
             </div>
         </h:form>
         <h:form id="form2">

src/main/resources/application.yml

@@ -21,13 +21,10 @@ spring:
       ddl-auto: none
     database-platform: org.hibernate.dialect.MySQLDialect
 
-# Tracking-modes prevent URL rewrite jsessionid on Primecases
-# resources. Which causes "400" errors on initial main.jsf fetch.
 server:
     servlet:
         session:
             timeout: '30m'
-            tracking-modes: 'cookie'            
 # Theme here overrides joinfaces theme            
 #        context-parameters:
 #            primefaces:
@@ -41,14 +38,3 @@ gourmet:
 joinfaces:
   primefaces:
     theme: bluesky
-  faces:
-    project-stage: Production
-    facelets-libraries: /tags/tags.taglib.xml
-
-#logging:
-#   level:
-#     org.springframework.security: TRACE
-#     org.apache.catalina: TRACE
-#     jakarta.faces: TRACE
-#     com.sun.faces: TRACE
-#     jakarta.servlet: TRACE