We Keep Coding

Issue with enabing CORS and solving 403 Forbidden error

I try to solve the error 403 Forbidden that I get when sending requests to my GeoServer. To debug the process, I use Network tab from Inspect option in Chrome (I also tried Firefox). This is the error that I see in the Network tab.
XMLHttpRequest cannot load
http://localhost:8080/geoserver/square/ows?service=WFS&version=1.1.0&requ…ture&typeName=square:InformationStores&outputFormat=application%2Fjson.
Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:5601' is therefore not allowed
access. The response had HTTP status code 403.
My GeoServer 2.10.4 is CORS enabled according to multiple tutorials that I found on this topic. However, the error message that I receive seems to be related to proxy.
I spent so much time trying to solve this issue, so finally, I am absolutely lost. I tried a lot of things, but nothing has worked.
This is the configuration file of GeoServer to which I send request:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app>
<display-name>GeoServer</display-name>
<context-param>
<param-name>serviceStrategy</param-name>
<!-- Meaning of the different values :
PARTIAL-BUFFER2
- Partially buffers the first xKb to disk. Once that has buffered, the the
result is streamed to the user. This will allow for most errors to be caught
early.
BUFFER
- stores the entire response in memory first, before sending it off to
the user (may run out of memory)
SPEED
- outputs directly to the response (and cannot recover in the case of an
error)
FILE
- outputs to the local filesystem first, before sending it off to the user
-->
<param-value>PARTIAL-BUFFER2</param-value> </context-param>
<context-param>
<!-- see comments on the PARTIAL-BUFFER strategy -->
<!-- this sets the size of the buffer. default is "50" = 50kb -->
<param-name>PARTIAL_BUFFER_STRATEGY_SIZE</param-name>
<param-value>50</param-value> </context-param>
<!--Can be true or false (defaults to: false). --> <!--When true the JSONP (text/javascript) output format is enabled --> <!-- <context-param>
<param-name>ENABLE_JSONP</param-name>
<param-value>true</param-value> </context-param> -->
<!--
<context-param>
<param-name>PROXY_BASE_URL</param-name>
<param-value>http://localhost/geoserver</param-value>
</context-param>
-->
<!--
<context-param>
<param-name>GEOSERVER_DATA_DIR</param-name>
<param-value>C:\eclipse\workspace\geoserver_trunk\cite\confCiteWFSPostGIS</param-value>
</context-param> -->
<!-- pick up all spring application contexts -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:/applicationContext.xml classpath*:/applicationSecurityContext.xml</param-value>
</context-param>
<filter>
<filter-name>FlushSafeFilter</filter-name>
<filter-class>org.geoserver.filters.FlushSafeFilter</filter-class>
</filter>
<filter>
<filter-name>Set Character Encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter>
<filter-name>SessionDebugger</filter-name>
<filter-class>org.geoserver.filters.SessionDebugFilter</filter-class>
</filter>
<filter>
<filter-name>filterChainProxy</filter-name>
<filter-class> org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
<filter-name>xFrameOptionsFilter</filter-name>
<filter-class>org.geoserver.filters.XFrameOptionsFilter</filter-class>
</filter>
<filter>
<filter-name>GZIP Compression Filter</filter-name>
<filter-class>org.geoserver.filters.GZIPFilter</filter-class>
<init-param>
<!-- The compressed-types parameter is a comma-separated list of regular expressions.
If a mime type matches any of the regular expressions then it will be compressed.
-->
<param-name>compressed-types</param-name>
<param-value>text/.*,.*xml.*,application/json,application/x-javascript</param-value>
</init-param> </filter>
<filter>
<filter-name>Request Logging Filter</filter-name>
<filter-class>org.geoserver.filters.LoggingFilter</filter-class>
<init-param>
<!-- The 'enabled' parameter is a boolean value, "true" (case-insensitive) for true or
any other value for false. If enabled, then the logging will be performed;
otherwise the logging filter will have no effect. If not specified, this
parameter defaults to false.
-->
<param-name>enabled</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<!-- The 'log-request-bodies' parameter is a boolean value, "true" (case-insensitive) for
true or any other value for false. If enabled, then the logging will include the body
of POST and PUT requests. If not specified, this parameter defaults to false.
Note that this may noticeably degrade responsiveness of your geoserver since it will
not begin to process requests until the entire request body has been received by the
server.
-->
<param-name>log-request-bodies</param-name>
<param-value>false</param-value>
</init-param> </filter>
<filter>
<filter-name>Advanced Dispatch Filter</filter-name>
<filter-class>org.geoserver.platform.AdvancedDispatchFilter</filter-class>
<!--
This filter allows for a single mapping to the spring dispatcher. However using /* as a mapping
in a servlet mapping causes the servlet path to be "/" of the request. This causes problems with
library like wicket and restlet. So this filter fakes the servlet path by assuming the first
component of the path is the mapped path.
--> </filter>
<filter>
<filter-name>Spring Delegating Filter</filter-name>
<filter-class>org.geoserver.filters.SpringDelegatingFilter</filter-class>
<!--
This filter allows for filters to be loaded via spring rather than
registered here in web.xml. One thing to note is that for such filters
init() is not called. INstead any initialization is performed via spring
ioc.
--> </filter>
<filter>
<filter-name>Thread locals cleanup filter</filter-name>
<filter-class>org.geoserver.filters.ThreadLocalsCleanupFilter</filter-class>
<!--
This filter cleans up thread locals Geotools is setting up for concurrency and performance
reasons
--> </filter> <!-- Uncomment following filter to enable CORS --> <filter>
<filter-name>cross-origin</filter-name>
<filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
</filter>
<!--
THIS FILTER MUST BE THE FIRST ONE, otherwise we end up with ruined chars in the input from the GUI
See the "Note" in the Tomcat character encoding guide:
http://wiki.apache.org/tomcat/FAQ/CharacterEncoding
-->
<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Uncomment following filter to enable CORS -->
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>FlushSafeFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SessionDebugger</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>GZIP Compression Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>xFrameOptionsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Request Logging Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
If you want to use your security system comment out this one too
-->
<filter-mapping>
<filter-name>filterChainProxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Advanced Dispatch Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Spring Delegating Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Thread locals cleanup filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- general initializer, should be first thing to execute -->
<listener>
<listener-class>org.geoserver.GeoserverInitStartupListener</listener-class>
</listener>
<!-- logging initializer, should execute before spring context startup -->
<listener>
<listener-class>org.geoserver.logging.LoggingStartupContextListener</listener-class>
</listener>
<!-- spring context loader -->
<listener>
<listener-class>org.geoserver.platform.GeoServerContextLoaderListener</listener-class>
</listener>
<!-- http session listener proxy -->
<listener>
<listener-class>org.geoserver.platform.GeoServerHttpSessionListenerProxy</listener-class>
</listener>
<!-- request context listener for session-scoped beans --> <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener>
<!-- spring dispatcher servlet, dispatches all incoming requests -->
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<!-- single mapping to spring, this only works properly if the advanced dispatch filter is
active -->
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>xsl</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>sld</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>json</extension>
<mime-type>application/json</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>

Please see my answer to this question.
Instead of adding to the web.xml, simply uncomment the two CORS related blocks that are already in there.

PrimeFaces 4.0 FileUpload works with Mojarra 2.2 but not MyFaces 2.2

I am having an interesting problem with the PrimeFaces 4.0 final FileUpload element.
I am trying to run:
PrimeFaces 4.0 final
Apache MyFaces 2.2.0-beta
Tomcat 7.0.27
I have a very simple setup right now,
XHTML page:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui">
<h:head>
</h:head>
<h:body>
<h:form>
<p:fileUpload
fileUploadListener="#{fileUploadController.handleFileUpload}"
mode="advanced" update="messages" sizeLimit="100000"
allowTypes="/(\.|\/)(gif|jpe?g|png)$/" />
<p:growl id="messages" showDetail="true" />
</h:form>
</h:body>
</html>
With this backing bean:
import javax.faces.application.FacesMessage;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.RequestScoped;
import javax.faces.context.FacesContext;
import org.primefaces.event.FileUploadEvent;
#ManagedBean
#RequestScoped
public class FileUploadController
{
public void handleFileUpload(FileUploadEvent event)
{
FacesMessage msg = new FacesMessage("Succesful", event.getFile()
.getFileName() + " is uploaded.");
FacesContext.getCurrentInstance().addMessage(null, msg);
}
}
When selecting a file and uploading it, nothing happens.
The upload submit succeeds with the following response:
<?xml version="1.0" encoding="UTF-8"?><partial-response><changes><update id="j_id__v_0:javax.faces.ViewState:1"><![CDATA[2C7ZmtwSmrlbgI/wJLI2CLBaMOQP9R/pYkIXpHlXkhSKIhtfFM0sx0HmL8o9MQY2MdHXg4t1vUjJbUYkAdFBmOQUaFy7hFhPr34Za4hOuLW4CPNx]]></update></changes></partial-response>
but no message is displayed, and if I set a breakpoint, it does not get hit.
If, however, I pull out MyFaces 2.2.0-beta and put in Mojarra 2.2.0, everything works as expected.
I would prefer to continue to use MyFaces as it is what I've used in the past, so if anyone has any ideas as to a patch to get this to work, it would be much appreciated.
Thank you
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>UploadTest</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>resources.application</param-value>
</context-param>
<context-param>
<description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<description>
This parameter tells MyFaces if javascript code should be allowed in
the rendered HTML output.
If javascript is allowed, command_link anchors will have javascript code
that submits the corresponding form.
If javascript is not allowed, the state saving info and nested parameters
will be added as url parameters.
Default is 'true'</description>
<param-name>org.apache.myfaces.ALLOW_JAVASCRIPT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<description>
If true, rendered HTML code will be formatted, so that it is 'human-readable'
i.e. additional line separators and whitespace will be written, that do not
influence the HTML code.
Default is 'true'</description>
<param-name>org.apache.myfaces.PRETTY_HTML</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>org.apache.myfaces.DETECT_JAVASCRIPT</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>
If true, a javascript function will be rendered that is able to restore the
former vertical scroll on every request. Convenient feature if you have pages
with long lists and you do not want the browser page to always jump to the top
if you trigger a link or button action that stays on the same page.
Default is 'false'
</description>
<param-name>org.apache.myfaces.AUTO_SCROLL</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
<!-- <listener-class>com.sun.faces.config.ConfigureListener</listener-class> -->
</listener>
Update
It seems that Myfaces 2.2.0-beta has problems using the Part API present in servlet 3.x.
udaykiran pulipati has part of a solution with using web the web.xml filters that PrimeFaces 3.x required and the commons file upload & commons io jars, however, we also need to add the following context-param to the web.xml or the filters get ignored :
<context-param>
<param-name>primefaces.UPLOADER</param-name>
<param-value>commons</param-value>
</context-param>
This will force PrimeFaces to use the commons library which fixes the problem
That being said, I would still like to know why MyFaces can't seem to use the servlet Part API if anyone has any ideas. I suspect it may have to do with my Tomcat version as I am only on 7.0.27, but I doubt that.

Mention below filters in web.xml file for uploading a file using PrimeFaces
<!-- PrimeFaces FileUpload Filter -->
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
and add jars to lib folder. PrimeFaces needs below jars for fileuploading.
commons-fileupload-1.3.jar,
commons-io-2.4.jar

Recently it was found a similar issue with a better description in MYFACES-3835. It was a problem related to webkit browsers that only appears when the ajax response is large enough. It has been already fixed.

udaykiran pulipati's answer motivated me to replace commons-fileupload-1.2.2.jar with commons-fileupload-1.3.jar in my project, but that didn't solve the issue for me, as I'm using MyFaces 2.2, PrimeFaces Elite 4.0.8, and TomEE 1.6.1-snapshot.
Also, per udaykiran pulipati's answer, I already added PrimeFaces FileUpload filter config to my web.xml, many months ago.
So, I looked at PrimeFaces 4.0 user guide, and recognized something 'new' that could be specified in web.xml. So, I added the following to my web.xml,
<context-param>
<param-name>primefaces.UPLOADER</param-name>
<param-value>commons</param-value>
</context-param>
and finally, PrimeFaces (Elite) 4.0.x FileUpload works with MyFaces 2.2.

CAS authentication for a glassfish 3.1 web app. What about authorization?

I'm trying to set up a web application based on glassfish 3.1 + JSF2. The authorization is performed using a CAS server installing the jasig cas client in the web app as suggested here:
Configuring the JA-SIG CAS Client for Java in the web.xml
and I'm able to catch the principal object inside an EJB when the user is authenticated.
CAS principal attributes comes from LDAP on Active Directory. Now how can I add authorization?
How can I enable the access of certain web pages only to specific groups of users defined in AD?
The purpose is just to let users access different web pages according to their LDAP roles.
I've tried to follow Securing Web Applications from the Java EE tutorial and my web.xml is
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://casserver:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://casserver:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<!--
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
-->
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Production</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>Pagina di user</display-name>
<web-resource-collection>
<web-resource-name>index1</web-resource-name>
<description>ristretto a user</description>
<url-pattern>/faces/index.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>user only</description>
<role-name>AMP-User</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Pagina di profile</display-name>
<web-resource-collection>
<web-resource-name>index2</web-resource-name>
<description>risretto a profile</description>
<url-pattern>/faces/index_2.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>profile only</description>
<role-name>AMP-Profile</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>utente generico</description>
<role-name>AMP-User</role-name>
</security-role>
<security-role>
<description>Utente di alto profilo</description>
<role-name>AMP-Profile</role-name>
</security-role>
I've then assigned the roles to my LDAP groups in glassifh-web.xml
<glassfish-web-app error-url="">
<security-role-mapping>
<role-name>AMP-Profile</role-name>
<group-name>AMP-Profile</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>AMP-User</role-name>
<group-name>AMP-User</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</glassfish-web-app>
The problem is that when I access to the page index.xhtml a form is asking me to authenticate but the authentication should be done by the CAS server. Anyway I cannot authenticate.
How can I use CAS authentication and map LDAP groups to roles?

You can use the security annotations (JSR 250, javax.security.annotations), to define role based access control:
#Stateless
#DeclareRoles({"admin", "users"})
public class HelloEJB implements Hello {
#PermitAll
public String hello(String msg) {
return "Hello, " + msg;
}
#RolesAllowed("admin")
public String bye(String msg) {
return "Bye, " + msg;
}
}
Slightly adapted example from the first link below
Here I declared the roles first, using #DeclareRoles. #PermitAll grants access to all authenticated users, while #RolesAllowed only grants access to the mentioned roles.
You will need to set up roles in your deployment descriptors and in glassfish as well. I found this article very helpful. The Glassfish Server Security Guide goes through the details. You also might want to check out this question. If you run into some problems, ask back here on SO.

p:fileupload doesnt work on Websphere 8

I wonder if anyone managed to get Primefaces' p:fileupload component work on Websphere Application Server 8.
I use Primefaces 2.2.1 version.
JSF code:
<h:form enctype="multipart/form-data">
<p:fileUpload
fileUploadListener="#{mailBean.handleFileUpload}"
multiple="true"
label="choose"
allowTypes="*.jpg;*.png;*.gif;"
description="Images"/>
</h:form>
Managed Bean code:
public void handleFileUpload(FileUploadEvent event)
{
files.add(event.getFile());
logger.info("File uploaded into MailBean: " + event.getFile());
System.out.println("File uploaded into MailBean: " + event.getFile());
}
Web.xml filter: (Servlet 3.0)
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
<init-param>
<param-name>thresholdSize</param-name>
<param-value>51200</param-value>
</init-param>
<init-param>
<param-name>uploadDirectory</param-name>
<param-value>c:/temp/pf</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
The component says HTTP error and turns into red, on the console I get a ViewExpiredException by Myfaces:
Caused by: javax.faces.application.ViewExpiredException: /createmail.xhtml
No saved view state could be found for the view identifier: /createmail.xhtml
at org.apache.myfaces.lifecycle.RestoreViewExecutor.execute(RestoreViewExecutor.java:128)
at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:171)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:189)
I even tried with two other versions of Mojarra instead of Myfaces, but I got errors (2.1: handler doesnt get invoked, 2.0.3: viewexpired)

Did u have the .jars and the web.xml config (remove "c:", the default is that route) ? I had the same problem but then i restarted my WAS 8.5 and it worked.

I'm using Websphere 7 with JSF 2.0 with Mojarra 2 and PrimeFaces 3.4.2 (common-fileupload-1.2.2.jar and common-io-1.3.2.jar)
I see the fileUpload don't call the bean in WebSphere.
I see the bar that load the file but don't arrive the event on the managedBean.
It seems as if some other filter in Websphere capture the HTTP request and you can't get data sent by fileUpload because are just consumed :(

Spring Webflow Application + Primefaces, Fileupload does not work, HTTP Error or/and IO Error

we are developing a JSF spring webflow web application and we are trying to use the primefaces fileupload widget. primefaces works fine, the widgets get rendered correctly. however the fileupload is not working. the handlefileupload function in the backingbean FileUploadController is never called. other primefaces components for example a button can call functions in that bean, so it gets initialized correctly. below you find our configuration. currently we are developing in eclipse and deploying the web app with maven and run the app with a jetty server directly in eclipse. deploying the .war on tomcat didnt work either.
Problem:
after file selection and clicking on upload the widget is giving either the error 'IO Error' or 'HTTP Error'
some data is transfered to the server (we sniffed the network traffic)
handlefileupload() function in the backingbean FileUploadController is never called
Dependencies
org.primefaces 2.2.RC2
org.springframework.webflow, webflow and faces 2.2.1.RELEASE
commons-fileupload 1.2.2
commons-io 2.0
com.sun.faces, api and impl 2.0.3
org.springframework.security
web.xml
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
</filter><filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
start.xhtml
<h:form id="mainForm" enctype="multipart/form-data" prependid="false" >
<p:fileUpload id="fileUp" fileUploadListener="#fileUploadController.handleFileUpload}"
description="Images" /></h:form>
FileUploadController.java
public void handleFileUpload(FileUploadEvent event) {
System.out.println("FileUpload Test");
FacesMessage msg = new FacesMessage("ok", event.getFile().getFileName() + " is uploaded.");
FacesContext.getCurrentInstance().addMessage(null, msg);
}
beans-config.xml
<bean id="fileUploadController" class="de.hsrm.mi.media.FileUploadController" scope="session"></bean>
Thanks in advance. We hope someone can help us :)

use this filter instead
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>
org.primefaces.webapp.filter.FileUploadFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
</filter-mapping>

There is and error or you have copied it wrong from your's xhtml file
<h:form id="mainForm" enctype="multipart/form-data" prependid="false" >
<p:fileUpload id="fileUp" fileUploadListener="#fileUploadController.handleFileUpload}"
description="Images" /></h:form>
The "{" is missing before "fileUploadController.handleFileUpload}" should be:
<h:form id="mainForm" enctype="multipart/form-data" prependid="false" >
<p:fileUpload id="fileUp" fileUploadListener="#{fileUploadController.handleFileUpload}"
description="Images" /></h:form>