users@javaserverfaces-spec-public.java.net

[jsr344-experts mirror] Re: [jsr344-experts] Re: ClientWindow API review

From: Edward Burns <edward.burns_at_oracle.com>
Date: Fri, 15 Mar 2013 14:25:30 -0700

>>>>> On Fri, 15 Mar 2013 01:17:26 +0100, arjan tijms <arjan.tijms_at_gmail.com> said:

AT> Hi,
AT> On Mar 13, 2013, at 11:53 PM, Edward Burns wrote:

AS> What should the JSF implementation do with a value that it does not
AS> recognize?
>> I have modified the text to say that "none" is assumed in that case.

AT> It might be an implementation issue, but the current implementation in
AT> Mojarra seems to default to "url" in that case.

AT> E.g. in ClientWindowFactoryImpl#postConstructApplicationInitialization, the
AT> variable isClientWindowEnabled is set to true if the value is anything
AT> other than the default (which is "none"):

AT> isClientWindowEnabled = (null != optionValue) &&
AT> !optionValue.equals(WebConfiguration.WebContextInitParameter.ClientWindowMode.getDefaultValue());

AT> Then in e.g. ClientWindowFactoryImpl#getClientWindow(), if
AT> isClientWindowEnabled is true, the code is executed that implements the
AT> requirements for "url".

Thank you very much. I've fixed this.

AT> Talking about getClientWindow, I'm wondering about another issue. The
AT> Javadoc in ClientWindowFactory#getClientWindow says:

AT> * If no value is found, fabricate an id that uniquely identifies this
AT> * <code>ClientWindow</code> within the scope of the current session.
AT> This
AT> * value must be encrypted with a key stored in the http session and
AT> made
AT> * available to return from the {_at_link ClientWindow#getId} method. The
AT> value must be
AT> * suitable for inclusion as a hidden field or query parameter.
AT> * If a value is found, decrypt it using the key from the session and
AT> * make it available for return from {_at_link ClientWindow#getId}.

AT> The Javadoc here talks about encrypting and decrypting the id, but the
AT> current implementation is not doing that, nor could I find any reference to
AT> this in the PRD.

AT> I also don't fully understand the text. If a new value is created,
AT> ClientWindow#getId returns an encrypted value, but if no new value is
AT> created (e.g. one was provided in the request), then ClientWindow#getId
AT> returns a decrypted value?

AT> Is this something that still needs to be implemented?

Yes, it's not currently implemented.

I'm going to remove the mention of encryption here. r11752.

Great catch, and thank you for your diligence.

Ed 

--
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.