Plugin:org.tolven.component.tolvenweb

From DOC

Contents 1 Overview 1.1 Avoiding multiple users in one browser session 2 See 3 Version 2.1 Notes 3.1 Version 2.1.29 3.2 Version 2.1.28 3.3 Version 2.1.27 3.4 Version 2.1.26 3.5 Version 2.1.25 3.6 Version 2.1.24 3.7 Version 2.1.23 3.8 Version 2.1.22 3.9 Version 2.1.21 3.10 Version 2.1.20 3.11 Version 2.1.19 3.12 Version 2.1.18 3.13 Version 2.1.17 3.14 Version 2.1.16 3.15 Version 2.1.15 3.16 Version 2.1.14 3.17 Version 2.1.13 3.18 Version 2.1.12 3.19 Version 2.1.11 3.20 Version 2.1.10 3.21 Version 2.1.9 3.22 Version 2.1.8 3.23 Version 2.1.7 3.24 Version 2.1.6 3.25 Version 2.1.5 3.26 Version 2.1.4 3.27 Version 2.1.3 3.28 Version 2.1.2 3.29 Version 2.1.0 4 Version 2 Notes 4.1 Version 2.0.121 4.2 Version 2.0.120 4.3 Version 0.0.67 4.4 Version 0.0.66 4.5 Version 0.0.65 4.6 Version 0.0.63 4.7 Version 0.0.62 4.8 Version 0.0.61 4.9 Version 0.0.60 4.10 Version 0.0.59 4.11 Version 0.0.58 4.12 Version 0.0.57 4.13 Version 0.0.56 4.14 Version 0.0.55 4.15 Version 0.0.54 4.16 Version 0.0.53 4.17 Version 0.0.52 4.18 Version 0.0.51 4.19 Version 0.0.50 4.20 Version 0.0.49 4.21 Version 0.0.48 4.22 Version 0.0.46 4.23 Version 0.0.45 4.24 Version 0.0.44 4.25 Version 0.0.43 4.26 Version 0.0.42 4.27 Version 0.0.41 4.28 Version 0.0.40 4.29 Version 0.0.39 4.30 Version 0.0.38 4.31 Version 0.0.37 4.32 Version 0.0.36 4.33 Version 0.0.35 4.34 Version 0.0.34 4.35 Version 0.0.33 4.36 Version 0.0.32 4.37 Version 0.0.31 4.38 Version 0.0.30 4.39 Version 0.0.29 4.40 Version 0.0.28 4.41 Version 0.0.27 4.42 Version 0.0.26 4.43 Version 0.0.25 4.44 Version 0.0.24 4.45 Version 0.0.23 4.46 Version 0.0.22 4.47 Version 0.0.21 4.48 Version 0.0.20 4.49 Version 0.0.19 4.50 Version 0.0.18 4.51 Version 0.0.17 4.52 Version 0.0.16 4.53 Version 0.0.15 4.54 Version 0.0.14 4.55 Version 0.0.14 4.56 Version 0.0.13 4.57 Version 0.0.12 4.58 Version 0.0.11 4.59 Version 0.0.10 4.60 Version 0.0.9 4.61 Version 0.0.8 4.62 Version 0.0.6 4.63 Version 0.0.5 4.64 Version 0.0.4

Overview

This plugin is one of the more common plugins and is described in more detail here Customize tolvenWEB Plugin

Avoiding multiple users in one browser session

When a user logs out on one browser tab, after a few seconds all other tabs on that browser as well as any other browsers on that client that share the same session will also be logged out of Tolven. If the user quickly switches to another tab prior to it logging out and attempts to take an action involving the server, that tab will be logged out immediately.

After explicit-logout and auto-logout, each window will see the "You are logged out" screen, as usual. This scenario prevents two users from ever being or appearing to be logged in at the same time on the same session. If there is a case where a browser supports multiple sessions, then each session is truly independent - just as if the users had been on separate desktops.

See

• Web UI Control for a description of properties that control the general behavior of the Web UI.

Version 2.1 Notes

Version 2.1.29

• Fixed the broken add new procedure link in the procedure wizard.
• Made a fix in enable/disable action buttons based on user roles.

Version 2.1.28

• Added ability to change filter menu actions based on user role.
• Added ability to enable/disable action buttons based on user roles.
• Moved the patient list xhtml files from org.tolven onc.component.web to org.tolven.component.tolvenweb because onc.component.web is no longer used.
• Fixed to work in regression, removing dependence on onc.component.web and onc.component.ejb code.
• Relocated necessary new patient registration-related scripts to this module due to the removal of the org.tolven.onc.component.web plug-in.
• In order to improve efficiency when caching all *.js files, ResourceServlet's JAVASCRIPT_CACHE is now a synchronized static, and no longer stored in the session.
• As part of efforts to improve performance, moved the lazy creation of the JAVASCRIPT_CACHE from ResourceServlet to EnterVestibuleFilter, so that it is not subject to conflicts when multiple requests attempt to update the session at the same time.

Version 2.1.27

• Removed notices-related code.
• Updated the Tolven logo.
• Various fixes were made to the Drug Allergy wizard.
• Fixed a bug in the attachment of files and the association of encounters in Advanced Directives and Discharge Instructions.
• Replaced the <listener>, <filter>, and <servlet> deployment descriptor tags in the web-fragment.xml and web.xml files with @WebListener, @WebFilter, and @WebServlet in cases where order is not important.
• Removed the "classes" extension for contributing classes to a war file's WEB-INF/classes directory to instead use a WEB-INF-LIB extension to contribute a jar containing those classes to the WEB-INF/lib directory of the war file.
• TolvenServletContextListener now registers the following Shiro filters:
  • af,org.tolven.web.security.AccountFilter
  • entervf,org.tolven.web.security.EnterVestibuleFilter
  • exitvf,org.tolven.web.security.ExitVestibuleFilter
  • selectvf,org.tolven.web.security.SelectAccountVestibuleFilter
• Removed references to LDAPBean and redirected calls for LDAP services to Tolven GateKeeper via RESTful API.
• Added to TolvenServletContextListener the shiroRealm: tolven,org.tolven.gatekeeper.client.realm.GatekeeperClientRealm.

Version 2.1.26

• First and Last name as well as *'d required fields of the Address are now required when creating a new patient.
• Removed web-resource-name parameter-def from webDirectory and filter extension-points
• Moved welcome-file-list and session-config from the manifest to the web/WEB-INF/web.xml file
• Removed security-constraint and security-role which are not required for Shiro security
• DocServlet now contains a minor modification to add content type and character set to responses for XML documents. This was done to avoid backend trouble when proxying through the Apache server.
• A fix was made to Cause of Death, which was throwing an error on the drill-down page. This was due to the reference of a wrong attribute in the XHTML page.
• Removed GatekeeperServletContextListener from org.tolven.shiro, in favor of each plug-in's using its own ServletContextListener to more clearly indicate in their logs more detailed information about when those plug-ins come online, and what services they offer.

Version 2.1.25

• Fixed the drill-down so that the patient name always displays.
• In the new patient wizard, moved the Duplicates step after patient to ensure that patient information is collected before checking for duplicates.
• Updated the PQRI measures to have the measure name and NQF number.
• When creating a new account, the time zones in the drop down list are now sorted alphabetically.
• Fix was made to the way a provider appears in an ePHR's provider drop-down list.
• Added content type specification to cchitservlet. This was done because at least two locations DocServlet and AjaxServlet did not put the media type in the HTTP response header. This caused trouble when proxied through Apache server (and possibly other situations).
• Demographics listed with an asterisk (*) are now required. Gender and Preferred Language lists now only include valid elements so one will always be selected. Removed the 'Select' option from Preferred Language. The default is now 'Other'.
• Fixed the JavaScript debug compression. Code was commented out and needed updating.
• Changed page name for encounter placeholder.
• Added extension-point env-entry-adaptor.

Version 2.1.24

• Work continues relating to ONC §170.304 (i) Exchange clinical information and patient summary record.
• Work continues relating to ONC §170.304 (d) Patient reminders. This functionality is not yet complete.
• Work continues relating to ONC §170.306 (i) Calculate and Submit Clinical Quality Measures.
• Work continues relating to ONC §170.304 (j) Calculate and Submit Clinical Quality Measures.

Version 2.1.23

• Work continues for ONC §170.304 (i) Exchange clinical information and patient summary record. This functionality is not yet complete.
• Work continues for ONC §170.304 (e) Clinical decision support. This functionality is not yet complete.

Version 2.1.22

• Work continues for ONC §170.306 (i) Calculate and Submit Clinical Quality Measures. This functionality is not yet complete.
• Work continues for ONC §170.304 (i) Exchange clinical information and patient summary record. This functionality is not yet complete.

Version 2.1.21

• Work continues on ONC §170.304 (j) Calculate and Submit Clinical Quality Measures. This functionality is not yet complete.

Version 2.1.20

• Work continues on ONC §170.304 (b) Electronic prescribing. This functionality is not yet complete.
• Work continues on ONC §170.302 (n) Automated measure calculation. This functionality is not yet complete.
• Work continues on ONC §170.304 (j) Calculate and Submit Clinical Quality Measures. This functionality is not yet complete.

Version 2.1.19

• Work continues on ONC §170.306 (h) Advance directives. This functionality is not yet complete.
• Work continues on ONC §170.306 (i) Calculate and Submit Clinical Quality Measures. This functionality is not yet complete.

Version 2.1.18

• Minor fixes were made due to a compilation error in MUAction.
• Made various fixes to the reference of encounters in lab orders, lab results, and procedures.

Version 2.1.17

• Work continues relating to ONC §170.302 (h) Incorporate laboratory test results. This functionality is not yet complete.

Version 2.1.16

• Work continues relating to ONC §170.306 (i) Calculate and Submit Clinical Quality Measures. This functionality is not yet complete.
• Removed the following unused manifest extension-points that were used to add zip files to tolvenWEB/download which were needed by TPF for RMI library downloads to its remoteLib directory. TPF now uses the RESTful API.
  • downLoadWeb
  • remoteFile
  • remoteProductDir
• All transaction handling has been moved to TransactionFilter, which appears as the first filter in all war files. References to UserTransaction have been removed from elsewhere in Tolven code.
• Work continues relating to ONC §170.306 (h) Advance directives. This functionality is not yet complete.
• Work continues relating to ONC §170.306 (c) Clinical decision support. This functionality is not yet complete.

Version 2.1.15

• Removed sun-jaxws.xml which causes ActivationBean to be treated as a WebService in Glassfish v3.1.1, although ignored in v3.0.1.
• Removed openssoclientsdk.jar, which is not used in Shiro.
• Changes were made relating to e-prescribing functionality required for ONC §170.306.a Computerized Provider Order Entry (Lab & Medication Orders). This functionality is not yet complete.
• Fixes were made for ONC §170.302 (d) Maintain active medication list functionality including to the display of active medications on the Overview tab and to the broken links for Hospital Medication Orders and Office Medications Orders tabs.

Version 2.1.14

• Various changes were made to support §170.302.k Submission to Immunization Registries.
• Work continues on §170.306(f) Exchange clinical information and patient summary record functionality. This functionality is not yet complete.

Version 2.1.13

• When a direct request for an account URL is made, and the userContext has not been set, the request is now redirected to the vestibule.
• A change was made as follows to fix the Switch Account function:
  • Added a request parameter called switchAccount which can take values of true | false. During a switchAccount, the a value of true is detected by the SelectAccountFilter, and the vestibule is then not bypassed, even though the user has a default account. When set to false, if the user does have a default account, they bypass the vestibule.
  • Added more logging to indicate the activity of a user with respect to login/logout, as well as entering and exiting the vestibule.

Version 2.1.12

• Modified transitions in the medications document trim.
• Development continues for support for ONC §170.304 (f) Electronic copy of health information. This functionality is not yet complete.
• The Procedures wizard was re-written to follow the other document wizards. Added nullified list and related rules for procedures. 644
• Development continues for support for ONC §170.302 (k) Submission to Immunization Registries. This functionality is not yet complete.

Version 2.1.11

• Various fixes and enhancements were made to functionality for ONC §170.306 (b) Record demographics and ONC §170.304 (c) Record demographics.
• Changed the reference from activityTime to availabilityTime for problems, drug allergies, and death details.
• Removed the reference to activityTime in the application.xml files as well as one xhtml file for drug allergies, problems and death details.

Version 2.1.10

• Added dosage selection section to the medication wizard.
• Fixed medication document drilldown for showing consumable product and correct format for time.
• Corrected time format display for documentation date.
• Changed medicationDoc trim to use patientAct.
• Product selection is now required in the medication wizard.
• Added shiro jars to project classpath.
• Now uses patientAct for medication document instead of patientDet trim.
• Added ephr metadata.

Version 2.1.9

• Updates were made to ONC §170.302 (p) Emergency Access functionality.
• Functionality was added to support ONC §170.302 (l) Public Health Surveillance.
• Decoupled drug allergies from eprescription and added additional allergic reactions.

Version 2.1.8

• Replaced references of SessionResourceBundleFactory with TolvenRequest, which now has the TolvenResourceBundle.

Version 2.1.7

• Removed references to org.tolven.api.schemas.
• Vestibule functionality has been moved from the vestibule classes (now unused and removed) to EnterVestibuleFilter, SelectAccountFilter, ExitVestibuleFilter, and AccountFilter.
• Replaced GeneralSecurityFilter with AccountSecurityFilter and VestibuleSecurityFilter, which are Shiro chain filters.
• Removed ConfigureListener, in favor of GatekeeperServletContextListener which is provided by org.tolven.shiroweb.
• Updated the war services section of the manifest.

Version 2.1.6

• The ability to set screen blanking and automatic logout timers was added back into the relevant JavaScript code. cvBlank should be lower than cvLogout. Set cvBlank and cvLogout in number of seconds (nnn) using the tpf commands shown below. See Web UI Control for details.

Linux

./tpf.sh -plugin org.tolven.appserverproperties -set tolven.web.cvBlank  nnn
./tpf.sh -plugin org.tolven.appserverproperties -set tolven.web.cvLogout  nnn

Windows

tpf -plugin org.tolven.appserverproperties -set tolven.web.cvBlank  nnn
tpf -plugin org.tolven.appserverproperties -set tolven.web.cvLogout  nnn

Version 2.1.5

• Added the TolvenRequest class to provide request scope access to tolvenNow, TolvenUser, AccountUser, timezone and locale.
• When signing a document with the wrong password or no password, an HTTP error of 599 was triggered, which lead to a blank screen. The former is now 401 (unauthenticated) and the latter is 403 (forbidden).
• Various enhancements and fixes were made for ONC §170.302 (f)(3) Plot and display growth charts.

Version 2.1.4

• Allow an invited user to be added by user ID. If the user has not yet logged into the application (no TolvenUser), but does have an entry in LDAP (TolvenPerson), then the TolvenUser is created to allow the invite to proceed.
• Added redirects to GeneralSecurityFilter, which not only checks whether the user is in the vestibule or not (userContext=vestibule|account), but also checks the incoming page request to ensure that it matches the user's context.
• The following directories are no longer intercepted by the GenearalSecurityFilter: images, sctripts and styles.
• Made enhancements to the capabilities for compliance with §170.302(e) Maintain active medication allergy list, which allows you to record, modify, and retrieve a patient’s active medication allergy list as well as medication allergy history for longitudinal care. Now, when you inactivate a drug allergy there is a button to allow you to activate it again. Allergic reaction labeling and selection has also been enhanced with changes to naming and SNOMED codes. The Current, Active, and Inactive allergy tabs now display the Reaction in a separate column.

Version 2.1.3

• An issue with creating new immunizations and diagnosis was resolved.
• There was a bug in portalTemplate.xml that prevented the Tolven application from completely rendering. This happened because accountUser.openmeFirst had an empty string value. A condition was added to check for string length in portalTemplate.xhtml.

Version 2.1.2

• Changes were made to both of the wizards that are used to record cause of death, and relate the cause of death to the patient's problem(s).
• Changed method signatures that involve the triple: userId, password, and realm, so that the signature has the order shown here, where possible, to foster a more consistent order of parameters to prevent confusion.
• While testing with JMeter, it was determined that there is a subtle difference in the way a page is redirected when using the following, which JMeter misses, but Firefox seems to manage:

<meta http-equiv="refresh" content="0; url=./vestibule/selectAccount.jsf" />

A switch was made from using meta refresh, to instead use the following scriptlet:

<% response.sendRedirect(request.getContextPath() + "/vestibule/selectAccount.jsf"); %>

Version 2.1.0

• DTR §170.302(c) - Electronically record, modify, and retrieve a patient’s problem list in accordance with the standard specified in §170.207(a)(1).
• DTR §170.302(d) - Electronically record, modify, and retrieve a patient’s active medication list as well as medication history in an ambulatory setting. Must be used in conjunction with org.tolven.fdb.
• DTR §170.302 (e) - Electronically record, modify, and retrieve a patient’s active medication allergy list as well as medication allergy history, including entries provided over an extended period of time in an ambulatory setting or for an entire inpatient duration. FDB allergy codes are required.
• DTR §170.302(f)(1) - Electronically record, modify, and retrieve a patient’s vital signs including height, weight, and blood pressure.
• DTR §170.302(f(2) - Automatically calculate and display body mass index (BMI) based on a patient’s height and weight.*CCHIT
• Swapped jndi look-ups starting with java:global/tolven TO: java:app, in order to prevent the application name from being locked in the code.
• imagesDirectory, publicDirectory, scriptsDirectory and stylesDirectory are now unprotected data as per V0.
• Logout page now resurrected: /public/logout.xhtml, which results in a Shiro session logout.
• Moved TransactionFilter, so that it can be included as part of the main openam filter or Shiro filter depending on which security framework is chosen.
• Added env-entry-webContextId of tolvenweb to identify functionality provided by the tolvenWEB.war file.
• Added extention-points:
  • warModule-declaration
  • WEB-INF-LIB-adaptor
  • WEB-INF-CLASSES-adaptor
  • WEB-ROOT-FILES-adaptor
  • webDirectory-adaptor

Version 2 Notes

Version 2.0.121

• Update was made to fix the ability to allow the setting of roles and restricting of access to Tolven UI pages based on the roles that you set through Preferences.

Version 2.0.120

• In tolven.js's checkVersions function, removed the updateFailed function and removed system logouts related to menu data versions from tolven.js.
• In GeneralSecurityFilter.java removed the entire catch(Exception ex).
• In tolven.js's updateVersions function, replaced:

if (req.status==0 || req.getResponseHeader("Content-Type").indexOf("text/html") == 0) { window.location.replace('/Tolven/loggedOut.jsf'); return; }

With the following:

if (req.status==0 || req.getResponseHeader("Content-Type").indexOf("text/html") == 0) { resetCountdown("updateVersions error"); return; }
</pre

===Version 2.0.119 ===
*Added redirects to GeneralSecurityFilter, which not only checks whether the user is in the vestibule or not (userContext=vestibule|account), but also checks the incoming page request to ensure it matches the user's context.
*In order to resolve GUI display issues, the overflow text in the grid was truncated to fit in the respective column and was be appended with '...'. A tool tip was added to the truncated text that contains the full form of the text.
*Because information was sometimes hidden when the browser window size was minimized or adjusted, a scroll bar was added to allow the user to view the hidden content.

===Version 2.0.118 ===

*Inter-war file RESTful API calls from tolvenWEB to tolvenAPI were returned to their V0 counterpart of using Local interface calls. That means vestibule code handled by tolvenAPI on behalf of tolvenWEB was moved back to tolvenWEB. Also, TolvenResourceBundle is no longer stored in the session. It can be retrieved anywhere in the Web tier using the SessionResourceBundleFactory. The TolvenResouceBundle is valid only for the session in which it was obtained. The tolvenCommon.jar is no longer deployed to the Glassfish lib directory, and should be removed by users after they upgrade to this snapshot's version of the org.tolven.library.common.

===Version 2.0.117 ===
#The project was organized to show files that were in zips in the repository, but the same plug-in zip organization is built.
#Changed config.properties to use SSL by default.
#Combined pre-tolven-glassfish3-postgresql.zip & post-tolven-glassfish3-postgresql.zip contents into the glassfish directory in the main zip.
#DEPRECATED

=== Version 2.0.116 ===
#Converters has been added to <h:inputText> fields in wizards.

=== Version 2.0.115 ===
#Issues with timeline and calendar widgets on IE8 are fixed.

=== Version 2.0.114 ===
#Added a new property tolven.security.user.keysOptional [true | false] (defaulted to false).
#When false, users cannot create Accounts unless they have userPKCS12 and userCertificate in LDAP.
#When false, users cannot invite other users to Accounts unless those users have userPKCS12 and userCertificate in LDAP.
#The property is useful for development environments, but keeping it false is still recommended for testing

=== Version 2.0.113 ===
#Debug and exception message updates
#Redirect requires a starting forward slash (according to Glassfish)
#Fixed bug in navigation when login to an Account is clicked
#Fixed the breadcrumbs link in editUserPreferences.xhtml when in the Vestibule

=== Version 2.0.112 ===
#ExitVestibule no longer needed, now the exit is achieved at the selectAccount stage (with one less redirect required)

=== Version 2.0.111 ===
#Allow access to the Preferences Link before an Account is selected (i.e. in the Vestibule)

=== Version 2.0.110 ===
#Placed XFacadeAccountUsers in HttpSession to improve performance

=== Version 2.0.109 ===
#Alphabetical ordering of the createAccount page's account types drop-down

=== Version 2.0.108 ===
#Fix for constructing image URL is not needed in IE8
#opacity in IE8 was handled using CSS attribute 'filter: progid:DXImageTransform.Microsoft.Alpha(Opacity=75);'

=== Version 2.0.107 ===
#Changes to refresh the message area automatically after adding allergy.

=== Version 2.0.106 ===
#Changes to refresh the message area automatically after adding allergy.

=== Version 2.0.105 ===
#Added fix for handling userIds containing uppercase

=== Version 2.0.104 ===
#Removed class org.tolven.server.RESTfulClient. The Jersey client is now accessible directly from in the ServletContext

=== Version 2.0.103 ===
#Added converter for non-string input fields.

=== Version 2.0.102 ===
#Added missing taglib inclusions in wizards.

=== Version 2.0.101 ===
#Added converter for non-string input fields.
#Fixed typo in error message

=== Version 2.0.100 ===
#Removed XAccountUserSWAPUtil
#For performance, AccountUser properties are now only updated when notified via tolvenAPI

=== Version 2.0.99 ===
#Added converter for non-string input fields.Example is in provider.xhtml.

=== Version 2.0.97 ===
#Removed XAccountUser

=== Version 2.0.96 ===
#Moved TolvenPropertiesMap from tolvenEJB to tolvenCommon, and upgraded it to have the user's default properties, and allow them to be updated or added to directly as part of a transactional call to tolvenAPI

=== Version 2.0.95 ===
#Fixed bug in update user preferences

=== Version 2.0.93 ===
#Moved document signature verification method from TolvenSSO class to InstantiateServlet
#LDAP profile attributes now accessible from all xhtml pages
#Removed password.xhtml, since vestibule password entry now handled by OpenAM

=== Version 2.0.92 ===
#Fixed bug in setting default account
#GeneralSecurityFilter now only ensures user enters Vestibule when user has no Vestibule pass
#Removed pages no longer used: notice.xhtml, welcomeJSF.jsp
#Moved swithAccount.xhtml to the private directory

=== Version 2.0.91 ===
#Fixed bug which allowed application.jsf to be selected while in the Vestibule

=== Version 2.0.90 ===
#Bug fix in ValidatePast validator

=== Version 2.0.89 ===
#XAccountUser is sent from tolvenAPI to tolvenWeb in the Jersey response as an XML as opposed to storing it in the SSO session. It is stored in the HttpSession in tolvenWeb
#System properties, account user properties, etc are sent from tolvenAPI to tolvenWeb in a Jersey response as an XML
#All properties in tolvenWeb are now part of TolvenResourceBundle which is stored in the HttpSession, and can be accessed via JSF or Java POJOs

=== Version 2.0.88 ===
#Fixed bug in MiscUtils for resource bundle lookup

=== Version 2.0.87 ===
#GeneralSecurityFilter targets only secure pages (not images, scripts etc)

=== Version 2.0.86 ===
#Fixed backward compatibility issue between Faces 1.2 and 2.0
#Fixed bug in account switching functionality

=== Version 2.0.85 ===
#Fixed logout URL

=== Version 2.0.84 ===
#Removed @Singleton beans in favor or simple Java singleton classes, since no caching is taking place, which will reduce the resource overhead

=== Version 2.0.83 ===
#XAccountUser is now passed between tolvenAPI and tolvenWeb instead of AccountUser
#Consolidated Vestibule by moving vestibule functionality from tolvenWeb to tolvenAPI
#Split out some GeneralSecurityFilter into LogoutFilter, ExitVestibuleFilter and SwitchAccountFilter
#Fixed URL error: http://java.sun.com/jstl/core changed to http://java.sun.com/jsp/jstl/core

=== Version 2.0.82 ===
#XAccountUser and XFacadeAccountUser are now passed between tolvenAPI and tolvenWeb instead of AccountUser

=== Version 2.0.81 ===
#Now allows Security constraint's http-method to be configured

=== Version 2.0.80 ===
#Adding code to propagate the swap from Entity Beans to XML objects in tolvenWeb.war
#Corrected typo in facelet library filename (existed in V0)

=== Version 2.0.79 ===
#XAccountUser and XFacadeAccountUser are now passed between tolvenAPI and tolvenWeb instead of AccountUser

=== Version 2.0.78 ===
#Session is now invalidated via the SSO session as opposed to the HttpSession
#Vestibule processing code clarified

=== Version 2.0.77 ===
#System.getProperty replaced with tolvenPropertiesBean.getProperty, which ensures properties are initialized

=== Version 2.0.76 ===
#GeneralSecurityFilter only looks at pages in secure web security contraint. The images, scripts and styles directories are no longer https.

=== Version 2.0.75 ===
#Users are now activated (TovenUser created), when they first login into Tolven, as per version V0

== Version Notes ==

=== Version 0.0.76 ===
#Changes to disable submit button when no diagnosis is added to the diagnosis wizard.

=== Version 0.0.75 ===
#Issues with timeline and calendar widgets on IE8 are fixed.

=== Version 0.0.74 ===
#Changes to refresh the message area automatically after adding allergy.

=== Version 0.0.73 ===
#Changes to refresh the message area automatically after adding allergy.

=== Version 0.0.72 ===
#Fix date display in medicationDocument
=== Version 0.0.71 ===
#Html entity "&nbsp" is removed from innerHTML to fix a script error from Chrome browser.

=== Version 0.0.70 ===
#Switched com.sun.faces.verifyObjects from true to false.
#Fix problem in auto-logout on registration pages (where there is no logged in user): Cannot load a new page while in the handler of an Ajax request. Therefore, the one-second timer in tolven5.js no longer checks to see if the server is up before attempting a logout.

=== Version 0.0.69 ===
* Improve exception display for errors detected by PaneDispatch.xhtml
* Fix a harmless error that would occur sometimes when a submit occurs. This error was due to a race condition in Javascript (tolvenwiz.js).
* Add "now" to submit function call so that it can be used in the underlying Document entity.

=== Version 0.0.68 ===
*Add mechanism to get the value of a system property from EL. For example: 
<pre>
#{top.properties['tolven.web.createAccount']!='false'}

• Add mechanism to get access to roles assigned to the logged-in user. For example:

#{top.permission['tolvenAdminConsole']}

Returns true if the user has the tolvenAdminConsole role.

• Add an elapse server-time accumulator in the session context. The session attribute, elapsedMilli, continues to accumulate until cleared. This allows a session to accumulate elapsed time over multiple interactions. Also, this new accumulator occurs around the begin-transaction and commit. This provides a more accurate value that methods used within the transaction. A separate transaction used to access this value means that the accumulated elapsed time of the preceding transactions is excluded from the total. The total does not include client-time (browser-time).

Version 0.0.67

1. Moved the vestibule navigation rules from org.tolven.component.tolvenweb to org.tolven.web.vestibule

Version 0.0.66

Bug fix: Email address was lost during demo registration.

Version 0.0.65

Small change to transactionFilter to avoid wrapping a ServletException in a ServletException.

Version 0.0.63

1. TransactionFilter now intercepts all URL patterns
2. The transaction parameter is no longer required, since all URL patterns are part of a transaction

Version 0.0.62

• Allow resourceServlet to fallback to a non-Faces servlet environment. A new getSessionProperty method is added to TopAction to support this.

Version 0.0.61

• Remove the word Tolven from logFail page, making branding easier

Version 0.0.60

1. Changed preference page link name from rsaSecurIDAdminLink to adminExt

Version 0.0.59

1. Added an RSA admin link to the preferences page for RSA capable plugins

Version 0.0.58

1. Vestibule code has been moved to a new plugin: org.tolven.web.vestibule
2. Changed the to-view-id from "/private/dispatch.xhtml to /private/application.xhtml (dispatch.xml now forwards to application.xhtml)

Version 0.0.57

• Fix provider selection servlet to work with FF and IE.
• Remove the word Tolven from loggedOut page, making branding easier

Version 0.0.56

• Remove the word "Tolven" from title in defaultLogin.xhtml, selectAccount.xhtml and createAccount.xhtml. This may reduce the need to customize these pages when branding.
• Externalize literals in AccountUsers.xhtml
• Allow separate userId and email address when tolven.register.separateUID is set true

Version 0.0.55

• Also allow branding when sending a test message

Version 0.0.54

• Support branding when sending mail
• Add property tolven.web.xml to control the display of underlying trim XML in a wizard.
• Timeline: Add NL locale

Version 0.0.53

• Fix to medication wizard - add product selection

Version 0.0.52

• Externalize strings for localization in AccountUsers.xhtml and EditAccountUser.xhtml forms.
• Prevent a user from adding a user that is already a user of the account. Note that technically, the same user can have two accountUser entries. In fact, the administrator can manipulate accountUser status so that the same user can have more than one active entry.
• In EditAccountUser.xhtml, do not allow the administrator (this user) to be disabled.
• Remove the ability to edit AccountUser entries in the AccountUser list. Instead, the administrator must actually open that AccountUser entry to edit it.
• Added method to TopAction to get at "globalGlobal" resource bundles rather than accountTypeGlobal.

Version 0.0.51

Use new method in trim to get list of valueSets. Previously: valueSet::getBindsAndCVSAndCDS which is now removed, replaced by: valueSet::values.

Version 0.0.50

1. Moved jsf-facelets.jar from root in tolven.ear into tolvenWEB.war/WEB-INF/lib

Version 0.0.49

1. <from-action> tags in the faces-config.xml must follow the #{.*} pattern and also the methodValue pattern

Version 0.0.48

• Fix per-act sharing so that it works got ePHR as well as eCHR.

Version 0.0.46

1. Removed faces-config reference to non-existent class: org.tolven.web.UMLSAction, which was referred to in the manifest.

Version 0.0.45

1. Fix to problem in non-hierarchial provider selection page.

Version 0.0.44

1. Moved password recovery classes from the tolvenejb/tolvenweb plugin to the password recovery plugin. Moved performance classes from the tolvenejb/tolvenweb plugin to the performance plugin.

Version 0.0.43

1. tolvenRemoteClient is now assembled during configPhase1, and placed in the public/download directory of the /Tolven context, where it can be automatically downloaded from the server via http to the installDir/remoteLib directory for use during the execution of configPhase3

Version 0.0.42

• Add specialty checkboxes when editing or creating a provider.
• Fix bug in chartlink.xhtml that caused a pink-screen when creating a new patient.
• Add provider selection query to generic servlet. This query is based on endorsements and will return options suitable for use in an HTML select.

Version 0.0.41

1. web.xml and faces-config.xml are now fully auto-generated (e.g. using extensions in tolvenweb manifest)

Version 0.0.40

Allow a user to select which "staff member" to open automatically when entering the application.

Version 0.0.39

• Remove Getting started step from more wizards
• Favorites fixes
• Enhanced Provider setup and selection
• Allergies,Medications and Problems will use the new wizard type.
• page to list attachments for a menudata item is added.
• Add userId to the Edit Account User page
• Fix problem removing a role from an account user in preferences
• Add email notification on error feature in Account preferences
• Add a buffer so that browser times out before server session times out (GeneralSecurityFilter)
• Set gridType properly on a default list in AjaxServlet
• Add additional try-catch in AjaxServlet
• Use real-world column names in five/chartLink page (eg lastName instead of string01)
• Add missing popup grid div in fax.xhtml
• See Output element article

Version 0.0.38

• Internationalize preferences in various menu bars.
• Send an email to the named email address in property org.tolven.error.email.to if an exception occurs.
• Remove obsolete (old-style) certificate code
• Added AnalysisAdmin link to admin preferences

Version 0.0.37

• Bug fix in GenericServlet::createGrid
• Clean up getting generic field list from trim
• Bug fix: Editing account users kills session. Fix: must pass selectedAccountUserId rather than accountUserId. Cause: accountUserId parameter is "verified" to be equal to logged-in accountUser and if not, session is invalidated.

Page affected: accountUsers.xhtml

• Bug fix: Add missing div tag in PatientList.xtrml which disabled the patient menu options menu from displaying.

Version 0.0.36

• Improve <output> handling: Omit type for a normal list. Javascript can still set type via "gridType" request parameter in Livegrid setup to be passed to AjaxServlet. This includes some fixes and full support in Javascript.
• In order to select a patient from a wizard:

<output type="selectPatient"><a href="javascript:selectPatient('#{path}','#{First}','#{Last}')">#{Name}</a></output>

• In login.xhtml, use a template rahter than direct include of the named login page.

Version 0.0.35

• Fix wizard date handling so that it always displays and handles 4-digit years. Without this fix, date of birth can be mis-stated for older people.
• Add experimental <output> element to <column> which allows complete freedom in generated HTML (or other formats). The type is specified in the type attribute. For example:

<column name="Name" ...>
   <output type="mygrid"><a href="#">#{patient.lastName}</a></output>
</column>

The content in the <column> element is un-constrained except that it must be well-formed XML.

• Expression language variables within the <output> tag include:
  • Now - the current transaction time
  • accountUser - accountUser (which also provides access to accountProperties)
  • account - Same as accountUser.account
  • All fields in the row
  • All request parameters

Version 0.0.34

1. Changes to show the menu options in a popup grid.
2. Minor security fix: Servlet session timeout is now synchronized with Ajax-based session timeout (tolven.web.cvLogout=seconds). For example, if user navigates to a non-tolven page, the Ajax countdown stops. However, with this fix, the server countdown will still invalidate the session due to inactivity per this value.
3. The session timeout described above as well as tolven.web.cvNextCheck, tolven.web.cvLongest, tolven.web.cvBlank can now be overridden per the rules defined in Account Properties. For example, per accountType, per account or per accountUser. These properties are not currently exposed to end-users in the standard configuration.
4. Minor security fix: If two or more browser windows share the same session, which is normal in most browsers, Tolven will now ensure that only one Tolven user (accountUser) is active at any one time. See #Avoiding multiple users in one browser session.
5. Minor security fix: There is no restriction on the number of browser windows open for a single user/account. However, if one of those windows is logged out, then all other windows sharing the same session (according to the browser) will also be logged out. In this way, a user is less likely to forget to completely log out of Tolven.
6. Minor and very subtle security fix: The "You are now logged out" page can also be displayed by a bad guy as if to suggest that the user is logged out even though the user is still logged in. This might be used by a bad guy (who has to be physically present to pull this off) to fool the user into thinking they are logged out. This change adds two new features: First, the /loggedOut.jsf page now forces the user to in fact be logged out. Second, if not displayed as the result of an explicit- or auto-logout, the page displays a new message indicating that the page was used improperly thus providing a hint to the user that this may have been a deception or simply confusion. In any case, the user is logged out.

Version 0.0.33

1. Honor editable (new) and displayable attributes if instance identifier (II) in Trim. As a result, the internal identifier is no longer editable (changing it would cause the submit to crash).
2. Added SETII tag that properly displays a list of IIs
3. Added an Identifier section to ePHR new person (newPatient.xhtml) so that things like SSN can be acquired.

Version 0.0.32

1. Add TrimHandler plugin which allows custom code to intercept Trims at key points.
2. Internationalize age display
3. Add SETIISlot.getDisplayableIDs method which returns only IDs that are marked as displayable (or displayable is null)

Version 0.0.31

• Added an "action" selection to wizard/weight.xhtml which sets <statusCode> in the weight.trim.xml.
• Remove 10YearRiskEstimate - it is now part of pathology plugin.

Version 0.0.30

1. Rename wizard/inshare.xhtml to wizard/inShare.xhtml

Version 0.0.29

1. Replace the attributeValidator that was earlier removed.

Version 0.0.28

1. Provided an error page extension to all error pages to be added to the web.xml based on error codes

Version 0.0.27

1. Fix wrap problem in bar1
2. Allow auto-update to be suspended (when the wizard must be refreshed from server)
3. Improve error handling in Javascript AJAX methods.
4. Fix appointment behavior in ePHR (which does not have staff).

Version 0.0.26

1. Added AttributeValidator to validate DirectoryService attributes in Faces UI

Version 0.0.25

• Remove need for placeholder to have a negative sequence number. This allows placeholders to be placed anywhere instead of always to the right of the list.
• Right-justify sequence number column in customize metadata page

Version 0.0.24

• Major: Fix error closing a tab when using Internet Explorer
• Move Preferences from account preferences to User preferences
• Add proper tab "link" for provider tab
• In TRIMAction::List, allow lists that don't have a placeholder underneath by using the listItem itself.
• Minor: Use proper isVisible() instead of string compare in GridBuilder.
• The newShare.xhrml file is changed to correct a long-standing (but very unlikely encountered) problem. Previously, it would display all possible computes, looking for which ones to enable. It should only display the computes that match forFromName and now forAccountType attributes when present. A new TrimAction.java method is provided to accomplish this: getActiveComputes(). For example:

<c:forEach var="comp" items="#{trim.activeComputes}">
  <c:if test="#{comp.type=='org.tolven.process.Harvest'}">
    <tr><td>
      <h:selectBooleanCheckbox id="#{comp.property['relationship']}X" value="#{comp.property['enabled']}">
        <h:outputLabel for="#{comp.property['relationship']}X">#{comp.property['title']}</h:outputLabel>
      </h:selectBooleanCheckbox>
    </td></tr>
  </c:if>
</c:forEach>

• In ProviderAction.java, display the account id and title of a provider so we know where the provider is from.
• A feature for editing user level preference(Expert/Standard) is added to the application.

Version 0.0.23

Fix timing condition with property access during DocServlet init. Move property get methods to the methods that needs them.

Version 0.0.22

1. Fix image upload
2. Make login with and without default account selection update metadata and set last login.

Version 0.0.21

Add ability to extend customizeMenuItem.xhtml by including customizeMenuItemExt.xhtml which by default does nothing. Other plugins can then override this empty page.(For example, dataextract extends this page to add a link to the data extract page for the selected menu path).

Version 0.0.20

Consolidate actual menustructure determination and decision about which menuStructure item that columns should be extracted from.

Version 0.0.19

1. Link for New action on the portal view is aligned to right.
2. Fix execution of list query when query attribute is used - which redirects the query to another existing list.
3. Fix customize page so that Update does not fail (on visible attribute)

Version 0.0.18

1. Performance is now located in its own plugin org.tolven.performance

Version 0.0.17

Add phone, attending, admiitting as computed fields thus making list reflect these values live instead of when the list item was created or updated. This is dependent on Plugin:org.tolven.component.tolvenejb version 0.0.14.

Version 0.0.16

1. getActionOptions() is fixed to have a custom context path
2. new action can be triggered from portal view
3. PQ tag has been fixed. It's showing the unit twice when originalText is not empty.
4. Instantiate the wizard when there is one action option for menu
5. return popup dialog when asked for
6. Help in wizard is a popup now.

Version 0.0.15

Send test email message using new message sender

Version 0.0.14

1. The wizard and drilldown pages and java scirpt for pathology wizard has been moved to pathology plugin.
2. Code related to pathology application in InstantiateServlet has been moved to pathology plugin.
3. Pathology trims are moved to pathology plugin.
4. Metadata changes and rules have been moved to pathology plugin.
5. Using new web.xml extensions for web resources. Depends on changes released in org.tolven.assembler.war 0.0.7, org.tolven.assembler.webxml 0.0.3, Plugin:org.tolven.component.war 0.0.3

Version 0.0.14

1. Entries for filters and servlets now moved from web.xml to the tolvenweb manifest
2. The function plugin imports are no longer required

Version 0.0.13

1. Fixed the default login account functionality

Version 0.0.12

1. Moved password recovery managed-bean and navigation-rules to org.tolven.passwordrecovery

Version 0.0.11

1. <managed-bean> and <navigation-rule> tags have been added for all beans and rules default to tolvenweb. They are now assembled into the faces-config.xml during configPhase1.
2. validator and converter definitions are now tags in tolvenweb, where they are considered as default to tolvenweb. They are now assembled into the faces-config.xml during configPhase1.

Version 0.0.10

1. The order of script includes for the calendar is important, so they are now in on include file.

Version 0.0.9

1. Added the AttributeConveter class to handle additional TolvenPerson attributes from the web tier.
2. ManagedBeans are no longer hard-coded in the faces-config.xml file, but are defined in the tolvenweb manifest.
3. The login page is now defined in the RegisterAction bean.

Version 0.0.8

Added the extension-point called "portalScriptInclude", which allows plugins to add java scripts to the portal template.

Version 0.0.6

Added the extension-point called "property", which allows plugins to add property files for use by war classes.

Version 0.0.5

To contribute classes to a war file, users can now refer to the instance of the war plugin e.g. org.tolven.component.tolvenweb.

Version 0.0.4

Added an extension which allows files to be added to the ajax folder.