java.lang.StringIndexOutOfBoundsException Exception on ELTools.java when Update Bootsfaces from 1.1.2 to 1.2.0

[paulohva]

After update Bootsfaces version from 1.1.2 to 1.2.0 this problem comes up:

java.lang.StringIndexOutOfBoundsException: String index out of range: -3
	at java.lang.String.substring(String.java:1967)
	at net.bootsfaces.beans.ELTools.evaluteBaseForMojarra(ELTools.java:366)
	at net.bootsfaces.beans.ELTools.readAnnotations(ELTools.java:337)
	at net.bootsfaces.beans.ELTools.readAnnotations(ELTools.java:408)
	at net.bootsfaces.render.CoreRenderer.getErrorAndRequiredClass(CoreRenderer.java:190)
	Truncated. see log file for complete stacktrace

The method evaluteBaseForMojarra in ELTools class is trying to substring a invalid position from the Expression String:

private static Object evaluteBaseForMojarra(ELContext elContext, ValueExpression p_expression) {
    String exp = p_expression.getExpressionString();
    int endOfBaseName = exp.lastIndexOf('.');
    int mapDelimiterPos = exp.lastIndexOf('[');
    if (mapDelimiterPos >= 0) {
        int mapEndDelimiterPos = exp.lastIndexOf(']');
        if (endOfBaseName < mapEndDelimiterPos) {
            endOfBaseName = mapDelimiterPos; // treat the [...] as field
        }
    }
    String basename = exp.substring(2, endOfBaseName);

There is no negative value check for endOfBaseName variable. The current exp variable value is:

#{customValue}

So, the endOfBaseName variable gets a less than zero value.

Before the update to the version 1.2.0, using the 1.1.2 version, instead of the exception, I had this warning messages in my console:

jan 24, 2018 5:29:35 PM net.bootsfaces.beans.ELTools getGetter
WARNING: There's no getter to access: #{#{customValue}}
jan 24, 2018 5:29:35 PM net.bootsfaces.beans.ELTools getField
WARNING: There's no field to access: #{#{customValue}}
jan 24, 2018 5:29:35 PM net.bootsfaces.beans.ELTools getGetter
WARNING: There's no getter to access: #{#{customValue}}

The 1.1.2 version of ELTools class checks the delimiterPos variable preventing the java.lang.StringIndexOutOfBoundsException:

if (p_expression.startsWith("#{") && p_expression.endsWith("}")) {
    int delimiterPos = p_expression.lastIndexOf('.');
    if (delimiterPos < 0) {
    LOGGER.log(Level.WARNING, "There's no getter to access: #{" + p_expression + "}");
    return null;
}

This problem occurs when I'm using JSF 2.2 CustomTags passing values as parameters to the Tag. The example defined above describes a parameter called "customValue":

<ui:composition>
	<b:inputText id="#{id}" value="#{customValue}" label="#{label}" />
...
</ui:composition>

When a page that uses this sample Tag is rendered, the ELTools class method evaluteBaseForMojarra is called passing p_expression with the value #{customValue} that causing the java.lang.StringIndexOutOfBoundsException.

Without the solution of this bug it's not possible to use JSF CustomTags with Bootsfaces components.

[stephanrauh]

Your bug description reads like we need to publish BootsFaces 1.2.1 ASAP.

[stephanrauh]

I've uploaded a BootsFaces 1.2.1-SNAPSHOT on Maven Central. Please check if the bug is fixed now.

[paulohva]

Hi @stephanrauh ! I tried to get the new snapshot dependency from from Maven Central and I had this error:

Downloading: http://repo1.maven.org/maven2/net/bootsfaces/bootsfaces/1.2.1-SNAPSHOT/maven-metadata.xml
Downloading: http://repo1.maven.org/maven2/net/bootsfaces/bootsfaces/1.2.1-SNAPSHOT/bootsfaces-1.2.1-SNAPSHOT.pom
[WARNING] The POM for net.bootsfaces:bootsfaces:jar:1.2.1-SNAPSHOT is missing, no dependency information available
Downloading: http://repo1.maven.org/maven2/net/bootsfaces/bootsfaces/1.2.1-SNAPSHOT/bootsfaces-1.2.1-SNAPSHOT.jar

From the Maven Central URL I got this list from the maven-metadata.xml:

<metadata>
<groupId>net.bootsfaces</groupId>
<artifactId>bootsfaces</artifactId>
<versioning>
<latest>1.2.0</latest>
<release>1.2.0</release>
<versions>
<version>0.6.0</version>
<version>0.6.5</version>
<version>0.6.6</version>
<version>0.8.0</version>
<version>0.8.1</version>
<version>0.8.5</version>
<version>0.8.6</version>
<version>0.9.0</version>
<version>0.9.1</version>
<version>1.0.0</version>
<version>1.0.1</version>
<version>1.0.2</version>
<version>1.1.0-RC1</version>
<version>1.1.0</version>
<version>1.1.1</version>
<version>1.1.2</version>
<version>1.1.3</version>
<version>1.2.0</version>
</versions>
<lastUpdated>20171231094913</lastUpdated>
</versioning>
</metadata>

[chongma]

add this to pom <repositories> <repository> <id>central</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> <releases> <enabled>true</enabled> </releases> <snapshots> <enabled>true</enabled> </snapshots> </repository> </repositories> to get it from sonatype?

[paulohva]

Thank you @chongma !

@stephanrauh The solution works well! The bug is fixed in the 1.2.1-SNAPSHOT version.

[stephanrauh]

@paulohva Sorry I forgot to mention how to get the snapshot. I've described this in #369, and I've mentioned it so often I tend to assume everybody must know it - but of course, that's nonsense :). I'm glad Matthew helped you to get it and to confirm the bug fix!

[stephanrauh]

I've assigned this bug fix to version 1.5.0, but I'm positive it'll be part of 1.2.1, which should be published a lot earlier.