Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
StateCache |
|
| 1.0;1 |
1 | /* | |
2 | * Licensed to the Apache Software Foundation (ASF) under one | |
3 | * or more contributor license agreements. See the NOTICE file | |
4 | * distributed with this work for additional information | |
5 | * regarding copyright ownership. The ASF licenses this file | |
6 | * to you under the Apache License, Version 2.0 (the | |
7 | * "License"); you may not use this file except in compliance | |
8 | * with the License. You may obtain a copy of the License at | |
9 | * | |
10 | * http://www.apache.org/licenses/LICENSE-2.0 | |
11 | * | |
12 | * Unless required by applicable law or agreed to in writing, | |
13 | * software distributed under the License is distributed on an | |
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
15 | * KIND, either express or implied. See the License for the | |
16 | * specific language governing permissions and limitations | |
17 | * under the License. | |
18 | */ | |
19 | package org.apache.myfaces.application; | |
20 | ||
21 | import javax.faces.context.FacesContext; | |
22 | import org.apache.myfaces.buildtools.maven2.plugin.builder.annotation.JSFWebConfigParam; | |
23 | ||
24 | /** | |
25 | * This class provides an interface to separate the state caching operations (saving/restoring) | |
26 | * from the renderkit specific stuff that HtmlResponseStateManager should do. | |
27 | * | |
28 | * @author Leonardo Uribe | |
29 | * | |
30 | */ | |
31 | 0 | public abstract class StateCache<K, V> |
32 | { | |
33 | ||
34 | /** | |
35 | * Defines how to generate the csrf session token. | |
36 | */ | |
37 | @JSFWebConfigParam(since="2.2.0", expectedValues="secureRandom, random", | |
38 | defaultValue="none", group="state") | |
39 | public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM | |
40 | = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN"; | |
41 | public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM_DEFAULT = "random"; | |
42 | ||
43 | public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM = "secureRandom"; | |
44 | public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_RANDOM = "random"; | |
45 | ||
46 | /** | |
47 | * Set the default length of the random key used for the csrf session token. | |
48 | * By default is 16. | |
49 | */ | |
50 | @JSFWebConfigParam(since="2.2.0", defaultValue="16", group="state") | |
51 | public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH_PARAM | |
52 | = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH"; | |
53 | public static final int RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH_PARAM_DEFAULT = 16; | |
54 | ||
55 | /** | |
56 | * Sets the random class to initialize the secure random id generator. | |
57 | * By default it uses java.security.SecureRandom | |
58 | */ | |
59 | @JSFWebConfigParam(since="2.2.0", group="state") | |
60 | public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_CLASS_PARAM | |
61 | = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_CLASS"; | |
62 | ||
63 | /** | |
64 | * Sets the random provider to initialize the secure random id generator. | |
65 | */ | |
66 | @JSFWebConfigParam(since="2.2.0", group="state") | |
67 | public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_PROVIDER_PARAM | |
68 | = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_PROVIDER"; | |
69 | ||
70 | /** | |
71 | * Sets the random algorithm to initialize the secure random id generator. | |
72 | * By default is SHA1PRNG | |
73 | */ | |
74 | @JSFWebConfigParam(since="2.2.0", defaultValue="SHA1PRNG", group="state") | |
75 | public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_ALGORITM_PARAM | |
76 | = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_ALGORITM"; | |
77 | ||
78 | /** | |
79 | * Put the state on the cache, to can be restored later. | |
80 | * | |
81 | * @param facesContext | |
82 | * @param serializedView | |
83 | */ | |
84 | public abstract K saveSerializedView(FacesContext facesContext, V serializedView); | |
85 | ||
86 | /** | |
87 | * Get the state from the cache is server side state saving is used, | |
88 | * or decode it from the passed viewState param if client side is used. | |
89 | * | |
90 | * @param facesContext | |
91 | * @param viewId The viewId of the view to be restored | |
92 | * @param viewState A token usually retrieved from a call to ResponseStateManager.getState that will be | |
93 | * used to identify or restore the state. | |
94 | * @return | |
95 | */ | |
96 | public abstract V restoreSerializedView(FacesContext facesContext, String viewId, K viewState); | |
97 | ||
98 | /** | |
99 | * Calculate the token to be used if server side state saving, or encode the view and return the | |
100 | * viewState that can be used by the underlying ResponseStateManager to write the state. | |
101 | * | |
102 | * @param facesContext | |
103 | * @param state The state that will be used to derive the token returned. | |
104 | * @return A token (usually encoded on javax.faces.ViewState input hidden field) that will be passed to | |
105 | * ResponseStateManager.writeState or ResponseStateManager.getViewState to be | |
106 | * output to the client. | |
107 | */ | |
108 | public abstract K encodeSerializedState(FacesContext facesContext, Object serializedView); | |
109 | ||
110 | /** | |
111 | * Indicates if the call to ResponseStateManager.writeState should be done after the view is fully rendered. | |
112 | * Usually this is required for client side state saving, but it is not for server side state saving, because | |
113 | * ResponseStateManager.writeState could render a just a marker and then StateManager.saveState could be called, | |
114 | * preventing use an additional buffer. | |
115 | * | |
116 | * @param facesContext | |
117 | * @return | |
118 | */ | |
119 | public abstract boolean isWriteStateAfterRenderViewRequired(FacesContext facesContext); | |
120 | ||
121 | /** | |
122 | * @since 2.2 | |
123 | * @param context | |
124 | * @return | |
125 | */ | |
126 | public abstract String createCryptographicallyStrongTokenFromSession(FacesContext context); | |
127 | } |