dev@javaserverfaces.java.net

Review: JSF RI 84 (JSFSpec Issue 2)

From: Jayashri Visvanathan <Jayashri.Visvanathan_at_Sun.COM>
Date: Tue, 19 Apr 2005 11:52:07 -0700

A ByteArrayGuard.java
  Utility from BluePrints to save state in client in a
  secure manner using JCE.

M ResponseStateManagerImpl.java
  Uses the ByteArrayGuard utility to save state in client.

Diffs are also posted at
https://javaserverfaces.dev.java.net/issues/show_bug.cgi?id=84


Index: ResponseStateManagerImpl.java
===================================================================
RCS file: /cvs/javaserverfaces-sources/jsf-ri/src/com/sun/faces/renderkit/ResponseStateManagerImpl.java,v
retrieving revision 1.15
diff -u -r1.15 ResponseStateManagerImpl.java
--- ResponseStateManagerImpl.java 6 Apr 2005 02:39:47 -0000 1.15
+++ ResponseStateManagerImpl.java 19 Apr 2005 18:40:46 -0000
@@ -56,6 +56,7 @@
     // Instance Variables
     //
     private Boolean compressStateSet = null;
+ private ByteArrayGuard byteArrayGuard = null;
     
     //
     // Ivars used during actual client lifetime
@@ -70,6 +71,7 @@
 
     public ResponseStateManagerImpl() {
         super();
+ byteArrayGuard = new ByteArrayGuard();
     }
 
 
@@ -96,7 +98,8 @@
     }
 
     public boolean isPostback(FacesContext context) {
- boolean result = context.getExternalContext().getRequestParameterMap().containsKey(RIConstants.FACES_VIEW);
+ boolean result = context.getExternalContext().getRequestParameterMap().
+ containsKey(RIConstants.FACES_VIEW);
         return result;
     }
 
@@ -120,9 +123,10 @@
             GZIPInputStream gis = null;
             ObjectInputStream ois = null;
             boolean compress = isCompressStateSet(context);
-
- byte[] bytes = Base64.decode(viewString.getBytes());
+
             try {
+ byte[] bytes = byteArrayGuard.decrypt(context,
+ (Base64.decode(viewString.getBytes())));
                 bis = new ByteArrayInputStream(bytes);
                 if (isCompressStateSet(context)) {
                     if (log.isDebugEnabled()) {
@@ -185,12 +189,14 @@
             if (compress) {
                 zos.close();
             }
+ byte[] securedata = byteArrayGuard.encrypt(context,
+ bos.toByteArray());
             bos.close();
             
             hiddenField = " <input type=\"hidden\" name=\""
                 + RIConstants.FACES_VIEW + "\"" + " value=\"" +
- (new String(Base64.encode(bos.toByteArray()), "ISO-8859-1")) +
- "\" />\n ";
+ (new String(Base64.encode(securedata), "ISO-8859-1"))
+ + "\" />\n ";
         }
         else {
             hiddenField = " <input type=\"hidden\" name=\""




© Oracle | By contributing to this project, you are agreeing to the terms of use described here.