https://javaserverfaces.dev.java.net/issues/show_bug.cgi?id=211
Issue: 211
Add init parameter for client side state password.
SECTION: Impl Changes
M jsf-ri/src/com/sun/faces/RIConstants.java
- new constant
M jsf-ri/src/com/sun/faces/renderkit/ByteArrayGuard.java
- leverage new constant
M jsf-ri/systest-per-webapp/command-link-back-button/web/WEB-INF/web.xml
- make this test run with client side state saving and the password
set as a way to exercise this new feature.
SECTION: Impl Diffs
Index: jsf-ri/src/com/sun/faces/RIConstants.java
===================================================================
RCS file: /cvs/javaserverfaces-sources/jsf-ri/src/com/sun/faces/RIConstants.java,v
retrieving revision 1.77
diff -u -r1.77 RIConstants.java
--- jsf-ri/src/com/sun/faces/RIConstants.java 26 Aug 2005 15:26:56 -0000 1.77
+++ jsf-ri/src/com/sun/faces/RIConstants.java 23 Dec 2005 18:47:40 -0000
@@ -157,5 +157,7 @@
}
+ public static final String CLIENT_STATE_PASSWORD = FACES_PREFIX + "ClientStatePassword";
+
}
Index: jsf-ri/src/com/sun/faces/renderkit/ByteArrayGuard.java
===================================================================
RCS file: /cvs/javaserverfaces-sources/jsf-ri/src/com/sun/faces/renderkit/ByteArrayGuard.java,v
retrieving revision 1.8
diff -u -r1.8 ByteArrayGuard.java
--- jsf-ri/src/com/sun/faces/renderkit/ByteArrayGuard.java 26 Aug 2005 15:27:09 -0000 1.8
+++ jsf-ri/src/com/sun/faces/renderkit/ByteArrayGuard.java 23 Dec 2005 18:47:40 -0000
@@ -29,6 +29,7 @@
package com.sun.faces.renderkit;
+import com.sun.faces.RIConstants;
import java.io.IOException;
import java.security.Key;
import java.security.MessageDigest;
@@ -93,6 +94,11 @@
this.ivLength = ivLength;
// generate random password in memory
+ FacesContext context = FacesContext.getCurrentInstance();
+ assert(null != context); // This ctor should happen lazily on the first
+ // run through the lifecycle. Therefore, we must have a FacesContext
+ passwordFromConfig = context.getExternalContext().
+ getInitParameter(RIConstants.CLIENT_STATE_PASSWORD);
this.password = getRandomString(DEFAULT_PASSWORD_LENGTH);
}
@@ -211,6 +217,9 @@
* </ol>
*/
private String getPasswordToSecureState(FacesContext context) {
+ if (null != passwordFromConfig) {
+ return passwordFromConfig;
+ }
// default is to use application scoped password
String statePwd = this.password;
@@ -379,5 +388,6 @@
private final int macLength;
private final int ivLength;
private final String password;
+ private final String passwordFromConfig;
private static SecureRandom prng = null;
}
Index: jsf-ri/systest-per-webapp/command-link-back-button/web/WEB-INF/web.xml
===================================================================
RCS file: /cvs/javaserverfaces-sources/jsf-ri/systest-per-webapp/command-link-back-button/web/WEB-INF/web.xml,v
retrieving revision 1.3
diff -u -r1.3 web.xml
--- jsf-ri/systest-per-webapp/command-link-back-button/web/WEB-INF/web.xml 22 Aug 2005 22:10:48 -0000 1.3
+++ jsf-ri/systest-per-webapp/command-link-back-button/web/WEB-INF/web.xml 23 Dec 2005 18:47:41 -0000
@@ -49,6 +49,10 @@
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
+ <context-param>
+ <param-name>com.sun.faces.ClientStatePassword</param-name>
+ <param-value>command-link-back-button</param-value>
+ </context-param>
<!-- Faces Servlet -->
<servlet>
--
| ed.burns_at_sun.com | {home: 407 869 9587, office: 408 884 9519 OR x31640}
| homepage: | http://purl.oclc.org/NET/edburns/
| aim: edburns0sunw | iim: ed.burns_at_sun.com