public final class StateUtils extends Object
This Class exposes a handful of methods related to encryption, compression and serialization of the view state.
The secret is interpretted as base 64 encoded. In other words, if your secret is "76543210", you would put "NzY1NDMyMTA=" in the deployment descriptor. This is needed so that key values are not limited to just values composed of printable characters.
If you are using CBC mode encryption, you must specify an initialization vector.
If you are using the AES algorithm and getting a SecurityException complaining about keysize, you most likely need to get the unlimited strength jurisdiction policy files from a place like http://java.sun.com/j2se/1.4.2/download.html .
org.apache.myfaces.webapp.StartupServletContextListener
Modifier and Type | Field and Description |
---|---|
static String |
COMPRESS_STATE_IN_CLIENT
Indicate if the view state should be compressed before encrypted(optional) and encoded
|
static String |
DEFAULT_ALGORITHM |
static String |
DEFAULT_ALGORITHM_PARAMS |
static String |
DEFAULT_MAC_ALGORITHM |
static String |
INIT_ALGORITHM
Indicate the encryption algorithm used for encrypt the view state.
|
static String |
INIT_ALGORITHM_IV
Defines the initialization vector (Base64 encoded) used for the encryption algorithm
|
static String |
INIT_ALGORITHM_PARAM
Defines the default mode and padding used for the encryption algorithm
|
static String |
INIT_MAC_ALGORITHM
Indicate the algorithm used to calculate the Message Authentication Code that is
added to the view state.
|
static String |
INIT_MAC_SECRET
Define the initialization code that are used to initialize the secret key used
on the Message Authentication Code algorithm
|
static String |
INIT_MAC_SECRET_KEY_CACHE
If is set to "false", the secret key used for MAC algorithm is not cached.
|
static String |
INIT_PREFIX |
static String |
INIT_SECRET
Defines the secret (Base64 encoded) used to initialize the secret key
for encryption algorithm.
|
static String |
INIT_SECRET_KEY_CACHE
If is set to "false", the secret key used for encryption algorithm is not cached.
|
static String |
SERIAL_FACTORY
Defines the factory class name using for serialize/deserialize the view state returned
by state manager into a byte array.
|
static String |
USE_ENCRYPTION
Indicate if the view state is encrypted or not.
|
static String |
ZIP_CHARSET |
Modifier and Type | Method and Description |
---|---|
static byte[] |
compress(byte[] bytes) |
static String |
construct(Object object,
ExternalContext ctx)
This fires during the Render Response phase, saving state.
|
static byte[] |
decode(byte[] bytes) |
static byte[] |
decompress(byte[] bytes) |
static byte[] |
decrypt(byte[] secure,
ExternalContext ctx) |
static boolean |
enableCompression(ExternalContext ctx) |
static byte[] |
encode(byte[] bytes) |
static byte[] |
encrypt(byte[] insecure,
ExternalContext ctx) |
static byte[] |
getAsByteArray(Object object,
ExternalContext ctx)
Performs serialization with the serialization provider created by the
SerialFactory.
|
static Object |
getAsObject(byte[] bytes,
ExternalContext ctx)
Performs deserialization with the serialization provider created from the
SerialFactory.
|
static void |
initSecret(javax.servlet.ServletContext ctx)
Does nothing if the user has disabled the SecretKey cache.
|
static boolean |
isSecure(ExternalContext ctx) |
static void |
main(String[] args)
Utility method for generating base 64 encoded strings.
|
static Object |
reconstruct(String string,
ExternalContext ctx)
This fires during the Restore View phase, restoring state.
|
public static final String ZIP_CHARSET
public static final String DEFAULT_ALGORITHM
public static final String DEFAULT_ALGORITHM_PARAMS
public static final String INIT_PREFIX
@JSFWebConfigParam(name="org.apache.myfaces.USE_ENCRYPTION", since="1.1", defaultValue="true", expectedValues="true,false", group="state") public static final String USE_ENCRYPTION
@JSFWebConfigParam(name="org.apache.myfaces.SECRET", since="1.1", group="state") public static final String INIT_SECRET
@JSFWebConfigParam(name="org.apache.myfaces.ALGORITHM", since="1.1", defaultValue="DES", group="state", tags="performance") public static final String INIT_ALGORITHM
@JSFWebConfigParam(name="org.apache.myfaces.SECRET.CACHE", since="1.1", group="state") public static final String INIT_SECRET_KEY_CACHE
@JSFWebConfigParam(name="org.apache.myfaces.ALGORITHM.IV", since="1.1", group="state") public static final String INIT_ALGORITHM_IV
@JSFWebConfigParam(name="org.apache.myfaces.ALGORITHM.PARAMETERS", since="1.1", defaultValue="ECB/PKCS5Padding", group="state") public static final String INIT_ALGORITHM_PARAM
@JSFWebConfigParam(name="org.apache.myfaces.SERIAL_FACTORY", since="1.1", group="state", tags="performance") public static final String SERIAL_FACTORY
@JSFWebConfigParam(name="org.apache.myfaces.COMPRESS_STATE_IN_CLIENT", since="1.1", defaultValue="false", expectedValues="true,false", group="state", tags="performance") public static final String COMPRESS_STATE_IN_CLIENT
public static final String DEFAULT_MAC_ALGORITHM
@JSFWebConfigParam(name="org.apache.myfaces.MAC_ALGORITHM", defaultValue="HmacSHA1", group="state", tags="performance") public static final String INIT_MAC_ALGORITHM
@JSFWebConfigParam(name="org.apache.myfaces.MAC_SECRET", group="state") public static final String INIT_MAC_SECRET
@JSFWebConfigParam(name="org.apache.myfaces.MAC_SECRET.CACHE", group="state") public static final String INIT_MAC_SECRET_KEY_CACHE
public static boolean enableCompression(ExternalContext ctx)
public static boolean isSecure(ExternalContext ctx)
public static final String construct(Object object, ExternalContext ctx)
public static final byte[] getAsByteArray(Object object, ExternalContext ctx)
object
- ctx
- public static byte[] encrypt(byte[] insecure, ExternalContext ctx)
public static final byte[] compress(byte[] bytes)
public static final byte[] encode(byte[] bytes)
public static final Object reconstruct(String string, ExternalContext ctx)
public static final byte[] decode(byte[] bytes)
public static final byte[] decompress(byte[] bytes)
public static byte[] decrypt(byte[] secure, ExternalContext ctx)
public static final Object getAsObject(byte[] bytes, ExternalContext ctx)
bytes
- ctx
- public static void main(String[] args) throws UnsupportedEncodingException
args
- UnsupportedEncodingException
public static void initSecret(javax.servlet.ServletContext ctx)
Copyright © 2020 The Apache Software Foundation. All rights reserved.