1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
|
12 | |
|
13 | |
|
14 | |
|
15 | |
|
16 | |
|
17 | |
|
18 | |
|
19 | |
package org.apache.myfaces.application.viewstate; |
20 | |
|
21 | |
import java.io.ByteArrayInputStream; |
22 | |
import java.io.ByteArrayOutputStream; |
23 | |
import java.io.IOException; |
24 | |
import java.io.InputStream; |
25 | |
import java.io.ObjectInputStream; |
26 | |
import java.io.ObjectOutputStream; |
27 | |
import java.io.OutputStream; |
28 | |
import java.security.AccessController; |
29 | |
import java.security.PrivilegedActionException; |
30 | |
import java.security.PrivilegedExceptionAction; |
31 | |
import java.util.Map; |
32 | |
import java.util.logging.Level; |
33 | |
import java.util.logging.Logger; |
34 | |
import java.util.zip.GZIPInputStream; |
35 | |
import java.util.zip.GZIPOutputStream; |
36 | |
import javax.faces.FacesWrapper; |
37 | |
import javax.faces.application.StateManager; |
38 | |
|
39 | |
import javax.faces.context.ExternalContext; |
40 | |
import javax.faces.context.FacesContext; |
41 | |
import javax.faces.lifecycle.ClientWindow; |
42 | |
|
43 | |
import org.apache.myfaces.application.StateCache; |
44 | |
import org.apache.myfaces.buildtools.maven2.plugin.builder.annotation.JSFWebConfigParam; |
45 | |
import org.apache.myfaces.shared.config.MyfacesConfig; |
46 | |
import org.apache.myfaces.shared.renderkit.RendererUtils; |
47 | |
import org.apache.myfaces.shared.util.MyFacesObjectInputStream; |
48 | |
import org.apache.myfaces.shared.util.WebConfigParamUtils; |
49 | |
import org.apache.myfaces.spi.ViewScopeProvider; |
50 | |
import org.apache.myfaces.spi.ViewScopeProviderFactory; |
51 | |
import org.apache.myfaces.view.ViewScopeProxyMap; |
52 | |
|
53 | |
class ServerSideStateCacheImpl extends StateCache<Object, Object> |
54 | |
{ |
55 | 0 | private static final Logger log = Logger.getLogger(ServerSideStateCacheImpl.class.getName()); |
56 | |
|
57 | 0 | public static final String SERIALIZED_VIEW_SESSION_ATTR= |
58 | |
ServerSideStateCacheImpl.class.getName() + ".SERIALIZED_VIEW"; |
59 | |
|
60 | 0 | public static final String RESTORED_SERIALIZED_VIEW_REQUEST_ATTR = |
61 | |
ServerSideStateCacheImpl.class.getName() + ".RESTORED_SERIALIZED_VIEW"; |
62 | |
|
63 | 0 | public static final String RESTORED_SERIALIZED_VIEW_ID_REQUEST_ATTR = |
64 | |
ServerSideStateCacheImpl.class.getName() + ".RESTORED_SERIALIZED_VIEW_ID"; |
65 | 0 | public static final String RESTORED_SERIALIZED_VIEW_KEY_REQUEST_ATTR = |
66 | |
ServerSideStateCacheImpl.class.getName() + ".RESTORED_SERIALIZED_VIEW_KEY"; |
67 | |
|
68 | 0 | public static final String RESTORED_VIEW_KEY_REQUEST_ATTR = |
69 | |
ServerSideStateCacheImpl.class.getName() + ".RESTORED_VIEW_KEY"; |
70 | |
|
71 | |
public static final String NUMBER_OF_VIEWS_IN_SESSION_PARAM = MyfacesConfig.INIT_PARAM_NUMBER_OF_VIEWS_IN_SESSION; |
72 | |
|
73 | |
public static final String NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION_PARAM |
74 | |
= MyfacesConfig.INIT_PARAM_NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION; |
75 | |
|
76 | |
public static final int DEFAULT_NUMBER_OF_VIEWS_IN_SESSION = |
77 | |
MyfacesConfig.INIT_PARAM_NUMBER_OF_VIEWS_IN_SESSION_DEFAULT; |
78 | |
|
79 | |
|
80 | |
|
81 | |
|
82 | |
|
83 | |
|
84 | |
|
85 | |
|
86 | |
|
87 | |
|
88 | |
@Deprecated |
89 | |
@JSFWebConfigParam(defaultValue="false",since="1.1", expectedValues="true,false", |
90 | |
group="state", tags="performance", deprecated=true) |
91 | |
public static final String SERIALIZE_STATE_IN_SESSION_PARAM = "org.apache.myfaces.SERIALIZE_STATE_IN_SESSION"; |
92 | |
|
93 | |
|
94 | |
|
95 | |
|
96 | |
|
97 | |
|
98 | |
|
99 | |
|
100 | |
|
101 | |
@JSFWebConfigParam(defaultValue="true",since="1.1", expectedValues="true,false", group="state", tags="performance") |
102 | |
public static final String COMPRESS_SERVER_STATE_PARAM = "org.apache.myfaces.COMPRESS_STATE_IN_SESSION"; |
103 | |
|
104 | |
|
105 | |
|
106 | |
|
107 | |
public static final boolean DEFAULT_COMPRESS_SERVER_STATE_PARAM = true; |
108 | |
|
109 | |
|
110 | |
|
111 | |
|
112 | |
|
113 | |
public static final boolean DEFAULT_SERIALIZE_STATE_IN_SESSION = false; |
114 | |
|
115 | |
|
116 | |
|
117 | |
|
118 | |
|
119 | |
|
120 | |
@Deprecated |
121 | |
@JSFWebConfigParam(defaultValue="off", expectedValues="off, no, hard-soft, soft, soft-weak, weak", |
122 | |
since="1.2.5", group="state", tags="performance", deprecated = true) |
123 | |
public static final String CACHE_OLD_VIEWS_IN_SESSION_MODE = "org.apache.myfaces.CACHE_OLD_VIEWS_IN_SESSION_MODE"; |
124 | |
|
125 | |
|
126 | |
|
127 | |
|
128 | |
|
129 | |
|
130 | |
|
131 | |
|
132 | |
|
133 | |
@JSFWebConfigParam(since="2.0.6", defaultValue="false", expectedValues="true, false", group="state") |
134 | |
public static final String USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION |
135 | |
= "org.apache.myfaces.USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION"; |
136 | |
|
137 | |
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_NONE = "none"; |
138 | |
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM = "secureRandom"; |
139 | |
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_RANDOM = "random"; |
140 | |
|
141 | |
|
142 | |
|
143 | |
|
144 | |
@JSFWebConfigParam(since="2.1.9, 2.0.15", expectedValues="secureRandom, random, none", |
145 | |
defaultValue="none", group="state") |
146 | |
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM |
147 | |
= "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN"; |
148 | |
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM_DEFAULT = |
149 | |
RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_NONE; |
150 | |
|
151 | |
|
152 | |
|
153 | |
|
154 | |
|
155 | |
@JSFWebConfigParam(since="2.1.9, 2.0.15", defaultValue="8", group="state") |
156 | |
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_PARAM |
157 | |
= "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH"; |
158 | |
public static final int RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_PARAM_DEFAULT = 8; |
159 | |
|
160 | |
|
161 | |
|
162 | |
|
163 | |
|
164 | |
@JSFWebConfigParam(since="2.1.9, 2.0.15", group="state") |
165 | |
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_CLASS_PARAM |
166 | |
= "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_CLASS"; |
167 | |
|
168 | |
|
169 | |
|
170 | |
|
171 | |
@JSFWebConfigParam(since="2.1.9, 2.0.15", group="state") |
172 | |
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_PROVIDER_PARAM |
173 | |
= "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_PROVIDER"; |
174 | |
|
175 | |
|
176 | |
|
177 | |
|
178 | |
|
179 | |
@JSFWebConfigParam(since="2.1.9, 2.0.15", defaultValue="SHA1PRNG", group="state") |
180 | |
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITM_PARAM |
181 | |
= "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITM"; |
182 | |
|
183 | |
|
184 | |
public static final int UNCOMPRESSED_FLAG = 0; |
185 | |
public static final int COMPRESSED_FLAG = 1; |
186 | |
|
187 | 0 | private Boolean _useFlashScopePurgeViewsInSession = null; |
188 | |
|
189 | 0 | private Integer _numberOfSequentialViewsInSession = null; |
190 | 0 | private boolean _numberOfSequentialViewsInSessionSet = false; |
191 | |
|
192 | |
private SessionViewStorageFactory sessionViewStorageFactory; |
193 | |
|
194 | |
private CsrfSessionTokenFactory csrfSessionTokenFactory; |
195 | |
|
196 | |
public ServerSideStateCacheImpl() |
197 | 0 | { |
198 | 0 | FacesContext facesContext = FacesContext.getCurrentInstance(); |
199 | 0 | String randomMode = WebConfigParamUtils.getStringInitParameter(facesContext.getExternalContext(), |
200 | |
RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM, |
201 | |
RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM_DEFAULT); |
202 | 0 | if (RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM.equals(randomMode)) |
203 | |
{ |
204 | 0 | sessionViewStorageFactory = new RandomSessionViewStorageFactory( |
205 | |
new SecureRandomKeyFactory(facesContext)); |
206 | |
} |
207 | 0 | else if (RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_RANDOM.equals(randomMode)) |
208 | |
{ |
209 | 0 | sessionViewStorageFactory = new RandomSessionViewStorageFactory( |
210 | |
new RandomKeyFactory(facesContext)); |
211 | |
} |
212 | |
else |
213 | |
{ |
214 | 0 | sessionViewStorageFactory = new CounterSessionViewStorageFactory(new CounterKeyFactory()); |
215 | |
} |
216 | |
|
217 | 0 | String csrfRandomMode = WebConfigParamUtils.getStringInitParameter(facesContext.getExternalContext(), |
218 | |
RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM, |
219 | |
RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM_DEFAULT); |
220 | 0 | if (RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM.equals(csrfRandomMode)) |
221 | |
{ |
222 | 0 | csrfSessionTokenFactory = new SecureRandomCsrfSessionTokenFactory(facesContext); |
223 | |
} |
224 | |
else |
225 | |
{ |
226 | 0 | csrfSessionTokenFactory = new RandomCsrfSessionTokenFactory(facesContext); |
227 | |
} |
228 | 0 | } |
229 | |
|
230 | |
|
231 | |
|
232 | |
protected Object getServerStateId(FacesContext facesContext, Object state) |
233 | |
{ |
234 | 0 | if (state != null) |
235 | |
{ |
236 | 0 | return getKeyFactory(facesContext).decode((String) state); |
237 | |
} |
238 | 0 | return null; |
239 | |
} |
240 | |
|
241 | |
protected void saveSerializedViewInServletSession(FacesContext context, |
242 | |
Object serializedView) |
243 | |
{ |
244 | 0 | Map<String, Object> sessionMap = context.getExternalContext().getSessionMap(); |
245 | 0 | SerializedViewCollection viewCollection = (SerializedViewCollection) sessionMap |
246 | |
.get(SERIALIZED_VIEW_SESSION_ATTR); |
247 | 0 | if (viewCollection == null) |
248 | |
{ |
249 | 0 | viewCollection = getSessionViewStorageFactory().createSerializedViewCollection(context); |
250 | 0 | sessionMap.put(SERIALIZED_VIEW_SESSION_ATTR, viewCollection); |
251 | |
} |
252 | |
|
253 | 0 | Map<Object,Object> attributeMap = context.getAttributes(); |
254 | |
|
255 | 0 | SerializedViewKey key = null; |
256 | 0 | if (getNumberOfSequentialViewsInSession(context.getExternalContext()) != null && |
257 | |
getNumberOfSequentialViewsInSession(context.getExternalContext()) > 0) |
258 | |
{ |
259 | 0 | key = (SerializedViewKey) attributeMap.get(RESTORED_VIEW_KEY_REQUEST_ATTR); |
260 | |
|
261 | 0 | if (key == null ) |
262 | |
{ |
263 | |
|
264 | |
|
265 | |
|
266 | 0 | ClientWindow clientWindow = context.getExternalContext().getClientWindow(); |
267 | 0 | if (clientWindow != null) |
268 | |
{ |
269 | 0 | key = (SerializedViewKey) viewCollection. |
270 | |
getLastWindowKey(context, clientWindow.getId()); |
271 | |
} |
272 | 0 | else if (isUseFlashScopePurgeViewsInSession(context.getExternalContext()) && |
273 | |
Boolean.TRUE.equals(context.getExternalContext().getRequestMap() |
274 | |
.get("oam.Flash.REDIRECT.PREVIOUSREQUEST"))) |
275 | |
{ |
276 | 0 | key = (SerializedViewKey) |
277 | |
context.getExternalContext().getFlash().get(RESTORED_VIEW_KEY_REQUEST_ATTR); |
278 | |
} |
279 | |
} |
280 | |
} |
281 | |
|
282 | 0 | SerializedViewKey nextKey = getSessionViewStorageFactory().createSerializedViewKey( |
283 | |
context, context.getViewRoot().getViewId(), getNextViewSequence(context)); |
284 | |
|
285 | 0 | ViewScopeProxyMap viewScopeProxyMap = null; |
286 | 0 | Object viewMap = context.getViewRoot().getViewMap(false); |
287 | 0 | if (viewMap != null) |
288 | |
{ |
289 | 0 | while (viewMap != null) |
290 | |
{ |
291 | 0 | if (viewMap instanceof ViewScopeProxyMap) |
292 | |
{ |
293 | 0 | viewScopeProxyMap = (ViewScopeProxyMap)viewMap; |
294 | 0 | break; |
295 | |
} |
296 | 0 | else if (viewMap instanceof FacesWrapper) |
297 | |
{ |
298 | 0 | viewMap = ((FacesWrapper)viewMap).getWrapped(); |
299 | |
} |
300 | |
} |
301 | |
|
302 | |
} |
303 | 0 | if (viewScopeProxyMap != null) |
304 | |
{ |
305 | 0 | ViewScopeProviderFactory factory = ViewScopeProviderFactory.getViewScopeHandlerFactory( |
306 | |
context.getExternalContext()); |
307 | 0 | ViewScopeProvider handler = factory.getViewScopeHandler(context.getExternalContext()); |
308 | 0 | viewCollection.put(context, serializeView(context, serializedView), nextKey, key, |
309 | |
handler, viewScopeProxyMap.getViewScopeId()); |
310 | 0 | } |
311 | |
else |
312 | |
{ |
313 | 0 | viewCollection.put(context, serializeView(context, serializedView), nextKey, key); |
314 | |
} |
315 | |
|
316 | 0 | ClientWindow clientWindow = context.getExternalContext().getClientWindow(); |
317 | 0 | if (clientWindow != null) |
318 | |
{ |
319 | |
|
320 | 0 | viewCollection.putLastWindowKey(context, clientWindow.getId(), nextKey); |
321 | |
} |
322 | |
|
323 | |
|
324 | 0 | sessionMap.put(SERIALIZED_VIEW_SESSION_ATTR, viewCollection); |
325 | 0 | } |
326 | |
|
327 | |
protected Object getSerializedViewFromServletSession(FacesContext context, String viewId, Object sequence) |
328 | |
{ |
329 | 0 | ExternalContext externalContext = context.getExternalContext(); |
330 | 0 | Map<Object, Object> attributeMap = context.getAttributes(); |
331 | 0 | Object serializedView = null; |
332 | 0 | if (attributeMap.containsKey(RESTORED_SERIALIZED_VIEW_REQUEST_ATTR)) |
333 | |
{ |
334 | 0 | serializedView = attributeMap.get(RESTORED_SERIALIZED_VIEW_REQUEST_ATTR); |
335 | |
} |
336 | |
else |
337 | |
{ |
338 | 0 | SerializedViewCollection viewCollection = (SerializedViewCollection) externalContext |
339 | |
.getSessionMap().get(SERIALIZED_VIEW_SESSION_ATTR); |
340 | 0 | if (viewCollection != null) |
341 | |
{ |
342 | 0 | if (sequence != null) |
343 | |
{ |
344 | 0 | Object state = viewCollection.get( |
345 | |
getSessionViewStorageFactory().createSerializedViewKey( |
346 | |
context, viewId, sequence)); |
347 | 0 | if (state != null) |
348 | |
{ |
349 | 0 | serializedView = deserializeView(state); |
350 | |
} |
351 | |
} |
352 | |
} |
353 | 0 | attributeMap.put(RESTORED_SERIALIZED_VIEW_REQUEST_ATTR, serializedView); |
354 | |
|
355 | 0 | if (getNumberOfSequentialViewsInSession(externalContext) != null && |
356 | |
getNumberOfSequentialViewsInSession(externalContext) > 0) |
357 | |
{ |
358 | 0 | SerializedViewKey key = getSessionViewStorageFactory(). |
359 | |
createSerializedViewKey(context, viewId, sequence); |
360 | 0 | attributeMap.put(RESTORED_VIEW_KEY_REQUEST_ATTR, key); |
361 | |
|
362 | 0 | if (isUseFlashScopePurgeViewsInSession(externalContext)) |
363 | |
{ |
364 | 0 | externalContext.getFlash().put(RESTORED_VIEW_KEY_REQUEST_ATTR, key); |
365 | 0 | externalContext.getFlash().keep(RESTORED_VIEW_KEY_REQUEST_ATTR); |
366 | |
} |
367 | |
} |
368 | |
|
369 | 0 | if (context.getPartialViewContext().isAjaxRequest() || |
370 | |
context.getPartialViewContext().isPartialRequest()) |
371 | |
{ |
372 | |
|
373 | |
|
374 | |
|
375 | 0 | attributeMap.put(RESTORED_SERIALIZED_VIEW_KEY_REQUEST_ATTR, sequence); |
376 | 0 | attributeMap.put(RESTORED_SERIALIZED_VIEW_ID_REQUEST_ATTR, viewId); |
377 | |
} |
378 | |
else |
379 | |
{ |
380 | |
|
381 | 0 | nextViewSequence(context); |
382 | |
} |
383 | |
} |
384 | 0 | return serializedView; |
385 | |
} |
386 | |
|
387 | |
public Object getNextViewSequence(FacesContext context) |
388 | |
{ |
389 | 0 | Object sequence = context.getAttributes().get(RendererUtils.SEQUENCE_PARAM); |
390 | 0 | if (sequence == null) |
391 | |
{ |
392 | 0 | if (context.getPartialViewContext().isAjaxRequest() || |
393 | |
context.getPartialViewContext().isPartialRequest()) |
394 | |
{ |
395 | 0 | String restoredViewId = (String) context.getAttributes().get(RESTORED_SERIALIZED_VIEW_ID_REQUEST_ATTR); |
396 | 0 | Object restoredKey = context.getAttributes().get(RESTORED_SERIALIZED_VIEW_KEY_REQUEST_ATTR); |
397 | 0 | if (restoredViewId != null && restoredKey != null) |
398 | |
{ |
399 | 0 | if (restoredViewId.equals(context.getViewRoot().getViewId())) |
400 | |
{ |
401 | |
|
402 | |
|
403 | |
|
404 | 0 | sequence = restoredKey; |
405 | |
} |
406 | |
} |
407 | |
} |
408 | |
|
409 | 0 | if (sequence == null) |
410 | |
{ |
411 | 0 | sequence = nextViewSequence(context); |
412 | |
} |
413 | 0 | context.getAttributes().put(RendererUtils.SEQUENCE_PARAM, sequence); |
414 | |
} |
415 | 0 | return sequence; |
416 | |
} |
417 | |
|
418 | |
public Object nextViewSequence(FacesContext facescontext) |
419 | |
{ |
420 | 0 | Object sequence = getKeyFactory(facescontext).generateKey(facescontext); |
421 | 0 | facescontext.getAttributes().put(RendererUtils.SEQUENCE_PARAM, sequence); |
422 | 0 | return sequence; |
423 | |
} |
424 | |
|
425 | |
protected Object serializeView(FacesContext context, Object serializedView) |
426 | |
{ |
427 | 0 | if (log.isLoggable(Level.FINEST)) |
428 | |
{ |
429 | 0 | log.finest("Entering serializeView"); |
430 | |
} |
431 | |
|
432 | 0 | if(isSerializeStateInSession(context)) |
433 | |
{ |
434 | 0 | if (log.isLoggable(Level.FINEST)) |
435 | |
{ |
436 | 0 | log.finest("Processing serializeView - serialize state in session"); |
437 | |
} |
438 | |
|
439 | 0 | ByteArrayOutputStream baos = new ByteArrayOutputStream(1024); |
440 | |
try |
441 | |
{ |
442 | 0 | OutputStream os = baos; |
443 | 0 | if(isCompressStateInSession(context)) |
444 | |
{ |
445 | 0 | if (log.isLoggable(Level.FINEST)) |
446 | |
{ |
447 | 0 | log.finest("Processing serializeView - serialize compressed"); |
448 | |
} |
449 | |
|
450 | 0 | os.write(COMPRESSED_FLAG); |
451 | 0 | os = new GZIPOutputStream(os, 1024); |
452 | |
} |
453 | |
else |
454 | |
{ |
455 | 0 | if (log.isLoggable(Level.FINEST)) |
456 | |
{ |
457 | 0 | log.finest("Processing serializeView - serialize uncompressed"); |
458 | |
} |
459 | |
|
460 | 0 | os.write(UNCOMPRESSED_FLAG); |
461 | |
} |
462 | |
|
463 | 0 | ObjectOutputStream out = new ObjectOutputStream(os); |
464 | |
|
465 | 0 | out.writeObject(serializedView); |
466 | 0 | out.close(); |
467 | 0 | baos.close(); |
468 | |
|
469 | 0 | if (log.isLoggable(Level.FINEST)) |
470 | |
{ |
471 | 0 | log.finest("Exiting serializeView - serialized. Bytes : " + baos.size()); |
472 | |
} |
473 | 0 | return baos.toByteArray(); |
474 | |
} |
475 | 0 | catch (IOException e) |
476 | |
{ |
477 | 0 | log.log(Level.SEVERE, "Exiting serializeView - Could not serialize state: " + e.getMessage(), e); |
478 | 0 | return null; |
479 | |
} |
480 | |
} |
481 | |
|
482 | |
|
483 | 0 | if (log.isLoggable(Level.FINEST)) |
484 | |
{ |
485 | 0 | log.finest("Exiting serializeView - do not serialize state in session."); |
486 | |
} |
487 | |
|
488 | 0 | return serializedView; |
489 | |
|
490 | |
} |
491 | |
|
492 | |
|
493 | |
|
494 | |
|
495 | |
|
496 | |
|
497 | |
|
498 | |
protected boolean isSerializeStateInSession(FacesContext context) |
499 | |
{ |
500 | 0 | String value = context.getExternalContext().getInitParameter( |
501 | |
StateManager.SERIALIZE_SERVER_STATE_PARAM_NAME); |
502 | |
|
503 | 0 | boolean serialize = DEFAULT_SERIALIZE_STATE_IN_SESSION; |
504 | 0 | if (value != null) |
505 | |
{ |
506 | 0 | serialize = value.toLowerCase().equals("true"); |
507 | 0 | return serialize; |
508 | |
} |
509 | |
|
510 | |
|
511 | 0 | value = context.getExternalContext().getInitParameter( |
512 | |
SERIALIZE_STATE_IN_SESSION_PARAM); |
513 | 0 | if (value != null) |
514 | |
{ |
515 | 0 | serialize = Boolean.valueOf(value); |
516 | |
} |
517 | 0 | return serialize; |
518 | |
} |
519 | |
|
520 | |
|
521 | |
|
522 | |
|
523 | |
|
524 | |
|
525 | |
|
526 | |
protected boolean isCompressStateInSession(FacesContext context) |
527 | |
{ |
528 | 0 | String value = context.getExternalContext().getInitParameter( |
529 | |
COMPRESS_SERVER_STATE_PARAM); |
530 | 0 | boolean compress = DEFAULT_COMPRESS_SERVER_STATE_PARAM; |
531 | 0 | if (value != null) |
532 | |
{ |
533 | 0 | compress = Boolean.valueOf(value); |
534 | |
} |
535 | 0 | return compress; |
536 | |
} |
537 | |
|
538 | |
protected Object deserializeView(Object state) |
539 | |
{ |
540 | 0 | if (log.isLoggable(Level.FINEST)) |
541 | |
{ |
542 | 0 | log.finest("Entering deserializeView"); |
543 | |
} |
544 | |
|
545 | 0 | if(state instanceof byte[]) |
546 | |
{ |
547 | 0 | if (log.isLoggable(Level.FINEST)) |
548 | |
{ |
549 | 0 | log.finest("Processing deserializeView - deserializing serialized state. Bytes : " |
550 | |
+ ((byte[]) state).length); |
551 | |
} |
552 | |
|
553 | |
try |
554 | |
{ |
555 | 0 | ByteArrayInputStream bais = new ByteArrayInputStream((byte[]) state); |
556 | 0 | InputStream is = bais; |
557 | 0 | if(is.read() == COMPRESSED_FLAG) |
558 | |
{ |
559 | 0 | is = new GZIPInputStream(is); |
560 | |
} |
561 | 0 | ObjectInputStream ois = null; |
562 | |
try |
563 | |
{ |
564 | 0 | final ObjectInputStream in = new MyFacesObjectInputStream(is); |
565 | 0 | ois = in; |
566 | 0 | Object object = null; |
567 | 0 | if (System.getSecurityManager() != null) |
568 | |
{ |
569 | 0 | object = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() |
570 | 0 | { |
571 | |
public Object run() throws PrivilegedActionException, IOException, ClassNotFoundException |
572 | |
{ |
573 | |
|
574 | 0 | return in.readObject(); |
575 | |
} |
576 | |
}); |
577 | |
} |
578 | |
else |
579 | |
{ |
580 | |
|
581 | 0 | object = in.readObject(); |
582 | |
} |
583 | 0 | return object; |
584 | |
} |
585 | |
finally |
586 | |
{ |
587 | 0 | if (ois != null) |
588 | |
{ |
589 | 0 | ois.close(); |
590 | 0 | ois = null; |
591 | |
} |
592 | |
} |
593 | |
} |
594 | 0 | catch (PrivilegedActionException e) |
595 | |
{ |
596 | 0 | log.log(Level.SEVERE, "Exiting deserializeView - Could not deserialize state: " + e.getMessage(), e); |
597 | 0 | return null; |
598 | |
} |
599 | 0 | catch (IOException e) |
600 | |
{ |
601 | 0 | log.log(Level.SEVERE, "Exiting deserializeView - Could not deserialize state: " + e.getMessage(), e); |
602 | 0 | return null; |
603 | |
} |
604 | 0 | catch (ClassNotFoundException e) |
605 | |
{ |
606 | 0 | log.log(Level.SEVERE, "Exiting deserializeView - Could not deserialize state: " + e.getMessage(), e); |
607 | 0 | return null; |
608 | |
} |
609 | |
} |
610 | 0 | else if (state instanceof Object[]) |
611 | |
{ |
612 | 0 | if (log.isLoggable(Level.FINEST)) |
613 | |
{ |
614 | 0 | log.finest("Exiting deserializeView - state not serialized."); |
615 | |
} |
616 | |
|
617 | 0 | return state; |
618 | |
} |
619 | 0 | else if(state == null) |
620 | |
{ |
621 | 0 | log.severe("Exiting deserializeView - this method should not be called with a null-state."); |
622 | 0 | return null; |
623 | |
} |
624 | |
else |
625 | |
{ |
626 | 0 | log.severe("Exiting deserializeView - this method should not be called with a state of type : " |
627 | |
+ state.getClass()); |
628 | 0 | return null; |
629 | |
} |
630 | |
} |
631 | |
|
632 | |
|
633 | |
|
634 | |
@Override |
635 | |
public Object saveSerializedView(FacesContext facesContext, Object serializedView) |
636 | |
{ |
637 | 0 | if (log.isLoggable(Level.FINEST)) |
638 | |
{ |
639 | 0 | log.finest("Processing saveSerializedView - server-side state saving - save state"); |
640 | |
} |
641 | |
|
642 | 0 | saveSerializedViewInServletSession(facesContext, serializedView); |
643 | |
|
644 | 0 | if (log.isLoggable(Level.FINEST)) |
645 | |
{ |
646 | 0 | log.finest("Exiting saveSerializedView - server-side state saving - saved state"); |
647 | |
} |
648 | |
|
649 | 0 | return encodeSerializedState(facesContext, serializedView); |
650 | |
} |
651 | |
|
652 | |
@Override |
653 | |
public Object restoreSerializedView(FacesContext facesContext, String viewId, Object viewState) |
654 | |
{ |
655 | 0 | if (log.isLoggable(Level.FINEST)) |
656 | |
{ |
657 | 0 | log.finest("Restoring view from session"); |
658 | |
} |
659 | |
|
660 | 0 | Object serverStateId = getServerStateId(facesContext, viewState); |
661 | |
|
662 | 0 | return (serverStateId == null) |
663 | |
? null |
664 | |
: getSerializedViewFromServletSession(facesContext, viewId, serverStateId); |
665 | |
} |
666 | |
|
667 | |
public Object encodeSerializedState(FacesContext facesContext, Object serializedView) |
668 | |
{ |
669 | 0 | return getKeyFactory(facesContext).encode(getNextViewSequence(facesContext)); |
670 | |
} |
671 | |
|
672 | |
@Override |
673 | |
public boolean isWriteStateAfterRenderViewRequired(FacesContext facesContext) |
674 | |
{ |
675 | 0 | return false; |
676 | |
} |
677 | |
|
678 | |
|
679 | |
|
680 | |
private boolean isUseFlashScopePurgeViewsInSession(ExternalContext externalContext) |
681 | |
{ |
682 | 0 | if (_useFlashScopePurgeViewsInSession == null) |
683 | |
{ |
684 | 0 | _useFlashScopePurgeViewsInSession = WebConfigParamUtils.getBooleanInitParameter( |
685 | |
externalContext, USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION, false); |
686 | |
} |
687 | 0 | return _useFlashScopePurgeViewsInSession; |
688 | |
} |
689 | |
|
690 | |
private Integer getNumberOfSequentialViewsInSession(ExternalContext externalContext) |
691 | |
{ |
692 | 0 | if (!_numberOfSequentialViewsInSessionSet) |
693 | |
{ |
694 | 0 | _numberOfSequentialViewsInSession = MyfacesConfig.getCurrentInstance(externalContext) |
695 | |
.getNumberOfSequentialViewsInSession(); |
696 | 0 | _numberOfSequentialViewsInSessionSet = true; |
697 | |
} |
698 | 0 | return _numberOfSequentialViewsInSession; |
699 | |
} |
700 | |
|
701 | |
protected KeyFactory getKeyFactory(FacesContext facesContext) |
702 | |
{ |
703 | |
|
704 | 0 | return sessionViewStorageFactory.getKeyFactory(); |
705 | |
} |
706 | |
|
707 | |
protected SessionViewStorageFactory getSessionViewStorageFactory() |
708 | |
{ |
709 | 0 | return sessionViewStorageFactory; |
710 | |
} |
711 | |
|
712 | |
@Override |
713 | |
public String createCryptographicallyStrongTokenFromSession(FacesContext context) |
714 | |
{ |
715 | 0 | return csrfSessionTokenFactory.createCryptographicallyStrongTokenFromSession(context); |
716 | |
} |
717 | |
} |