View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.myfaces.application;
20  
21  import javax.faces.context.FacesContext;
22  import org.apache.myfaces.buildtools.maven2.plugin.builder.annotation.JSFWebConfigParam;
23  
24  /**
25   * This class provides an interface to separate the state caching operations (saving/restoring)
26   * from the renderkit specific stuff that HtmlResponseStateManager should do.
27   * 
28   * @author Leonardo Uribe
29   *
30   */
31  public abstract class StateCache<K, V>
32  {
33      
34      /**
35       * Defines how to generate the csrf session token.
36       */
37      @JSFWebConfigParam(since="2.2.0", expectedValues="secureRandom, random", 
38              defaultValue="none", group="state")
39      public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM
40              = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN";
41      public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM_DEFAULT = "random";
42      
43      public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM = "secureRandom";
44      public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_RANDOM = "random";
45  
46      /**
47       * Set the default length of the random key used for the csrf session token.
48       * By default is 16. 
49       */
50      @JSFWebConfigParam(since="2.2.0", defaultValue="16", group="state")
51      public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH_PARAM 
52              = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH";
53      public static final int RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH_PARAM_DEFAULT = 16;
54  
55      /**
56       * Sets the random class to initialize the secure random id generator. 
57       * By default it uses java.security.SecureRandom
58       */
59      @JSFWebConfigParam(since="2.2.0", group="state")
60      public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_CLASS_PARAM
61              = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_CLASS";
62  
63      /**
64       * Sets the random provider to initialize the secure random id generator.
65       */
66      @JSFWebConfigParam(since="2.2.0", group="state")
67      public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_PROVIDER_PARAM
68              = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_PROVIDER";
69      
70      /**
71       * Sets the random algorithm to initialize the secure random id generator. 
72       * By default is SHA1PRNG
73       */
74      @JSFWebConfigParam(since="2.2.0", defaultValue="SHA1PRNG", group="state")
75      public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_ALGORITM_PARAM 
76              = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_ALGORITM";
77  
78      /**
79       * Put the state on the cache, to can be restored later.
80       * 
81       * @param facesContext
82       * @param serializedView
83       */
84      public abstract K saveSerializedView(FacesContext facesContext, V serializedView);
85      
86      /**
87       * Get the state from the cache is server side state saving is used,
88       * or decode it from the passed viewState param if client side is used.
89       * 
90       * @param facesContext
91       * @param viewId The viewId of the view to be restored
92       * @param viewState A token usually retrieved from a call to ResponseStateManager.getState that will be
93       *                  used to identify or restore the state.
94       * @return
95       */
96      public abstract V restoreSerializedView(FacesContext facesContext, String viewId, K viewState);
97  
98      /**
99       * Calculate the token to be used if server side state saving, or encode the view and return the
100      * viewState that can be used by the underlying ResponseStateManager to write the state.
101      * 
102      * @param facesContext
103      * @param state The state that will be used to derive the token returned.
104      * @return A token (usually encoded on javax.faces.ViewState input hidden field) that will be passed to 
105      *         ResponseStateManager.writeState or ResponseStateManager.getViewState to be 
106      *         output to the client.
107      */
108     public abstract K encodeSerializedState(FacesContext facesContext, Object serializedView);
109     
110     /**
111      * Indicates if the call to ResponseStateManager.writeState should be done after the view is fully rendered.
112      * Usually this is required for client side state saving, but it is not for server side state saving, because
113      * ResponseStateManager.writeState could render a just a marker and then StateManager.saveState could be called,
114      * preventing use an additional buffer. 
115      * 
116      * @param facesContext
117      * @return
118      */
119     public abstract boolean isWriteStateAfterRenderViewRequired(FacesContext facesContext);
120     
121     /**
122      * @since 2.2
123      * @param context
124      * @return 
125      */
126     public abstract String createCryptographicallyStrongTokenFromSession(FacesContext context);
127 }