1.5 to 2.0

The following JAR files are no longer needed. They have to be removed from the project (depends on your build system).

• tobago-taglib-extension-<version>.jar
• tobago-facelets-<version>.jar

Tobago supports Content Security Policy (CSP) to prevent cross-site scripting (XSS) and related attacks. It is specified by W3C. In short: The HTML page doesn't contain any JavaScript or CSS information. All allowed sources for JavaScript, CSS and other resources have to be declared in special header. If you have own renderers or own JavaScript in your application, this code also needs to support CSP, to use this feature.

Warning:

CSP requires a different handling of JavaScript and other resources. If you use own JavaScript in the HTML page or including resources from other sites you may need to adapt your application, (or turn this feature off).

Configuration

To add sites to the CSP headers, add <directive> tags to <content-security-policy> in the tobago-config.xml.

To turn off CSP, add an empty <content-security-policy mode="off"> tag in the configuration. For development, you may also use mode="report-only", which sets the appropriate header.

By default, it no longer possible to use a Tobago application in an HTML frame or iframe. This is to protect against Clickjacking. To disable this feature consult the tobago-config.xml and set <prevent-frame-attacks>false</prevent-frame-attacks>.

The class org.apache.myfaces.tobago.model.TreeState which has been deprecated in 1.5.x is used in 2.0.x with a changed API. Please check the occurrences.

Class org.apache.myfaces.tobago.component.UIFileInput has been renamed to org.apache.myfaces.tobago.component.UIFile.

The set of existing renderers has been repacked from org.apache.myfaces.tobago.renderkit.html.scarborough.standard.tag to org.apache.myfaces.tobago.renderkit.html.standard.standard.tag.

If you have an own theme with own renderer classes implemented, which are extending the Tobago renderer classes, you will need to adapt the package name of the base classes.

Tobago 2.0.x is using Facelets 2.0. When still using Facelets 1.1 in the current application, this must be removed:

• Remove facelets JAR (e.g. jsf-facelets-1.1.14.jar) from the library.
• Remove <view-handler> org.apache.myfaces.tobago.internal.application.ViewHandlerImpl </view-handler> from the faces-config.xml file.
• Remove the parameter javax.faces.DISABLE_FACELET_JSF_VIEWHANDLER from the web.xml file.
• Remove or replace the facelets.* entries from the web.xml file.
• Rename all JSTL declarations from xmlns:c="http://java.sun.com/jstl/core" to xmlns:c="http://java.sun.com/jsp/jstl/core" in the Facelets.
• Ensure the version of the faces-config tag in the faces-config.xml is at least 2.0.

There are also @Deprecated annotations in the code and some logging warning when using deprecated code via the Deprecation logging category. Before and after migrating you should check your application about that.

For the migration phase you may add the tobago-deprecation.jar as dependency to your project. It contains classes that has been moved (e. g. to the new internal package) or removed. So you can resolve any migration steps step by step. It is not recommended to use the tobago-deprecation.jar for production.

The package org.apache.myfaces.tobago.internal contains classes that should not be used directly in an application. This classes may change in minor revisions without announcement. Classes in the package org.apache.myfaces.tobago.renderkit are handled in the same manner.

The main changes in the tag library are that the deprecated facets "resizeAction" and "menupopup" has been removed.

Please use the new <tc:suggest> tag instead of using the inline attribute inside of <tc:in>.

deprecated: <tc:in suggestMethod="#{bean.method}"/> replacement: <tc:in> <tc:suggest suggestMethod="#{bean.method}"/> </tc:in> deprecated: <tx:in suggestMethod="#{bean.method}"/> replacement: <tx:in> <tc:suggest suggestMethod="#{bean.method}"/> </tx:in>

• The Tree now extends a UIData.
• The <tc:treeData> tag shouldn't longer be used.
• The <tc:treeNode> has no longer the attributes: "selected", "expanded", "marked", "treeMarkedListener", "treeExpansionListener"
• The class org.apache.myfaces.tobago.model.TreeState is no longer deprecated, but the functionality has slightly been changed.

The date and time input controls have been refactored. The old (deprecated) functionality can be activated via tobago-config.xml.

If using the new: <tc:date> can do the job of <tc:time>. You only need to set the <f:convertDateTime type="time"> inside the <tc:date>.

Usually you need to set omit="true" in the <tc:toolBarCommand>, to avoid a submit.

To define an own theme, please use now a file tobago-config.xml instead of tobago-theme.xml. The content of tobago-theme.xml is a subset of the tobago-config.xml, you have only to change the root node.

Please use the tobago-config-2.0.xsd to validate the configuration.

Date/Time/Calendar components: The JavaScript for this components has been refactored. All method have now a namespace and are using jQuery. JavaScript code has been removed from the renderers. For data the HTML5 data attribute is used instead of directly coding it into the event handler, or using hidden input fields.

The class tobago-sheet-outer is renamed to tobago-sheet.
The class tobago-sheet-headerSpacerOuter is renamed to tobago-sheet-headerResize.
The class tobago-sheet-headerSpacer is no longer needed.
The class tobago-sheet-headerSpacer-markup-resizable is no longer needed.

The facet name of the picker popup is now named "popup" instead of "pickerPopup".