1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.myfaces.application; 20 21 import javax.faces.context.FacesContext; 22 import org.apache.myfaces.buildtools.maven2.plugin.builder.annotation.JSFWebConfigParam; 23 24 /** 25 * This class provides an interface to separate the state caching operations (saving/restoring) 26 * from the renderkit specific stuff that HtmlResponseStateManager should do. 27 * 28 * @author Leonardo Uribe 29 * 30 */ 31 public abstract class StateCache<K, V> 32 { 33 34 /** 35 * Defines how to generate the csrf session token. 36 */ 37 @JSFWebConfigParam(since="2.2.0", expectedValues="secureRandom, random", 38 defaultValue="none", group="state") 39 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM 40 = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN"; 41 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM_DEFAULT = "random"; 42 43 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM = "secureRandom"; 44 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_RANDOM = "random"; 45 46 /** 47 * Set the default length of the random key used for the csrf session token. 48 * By default is 16. 49 */ 50 @JSFWebConfigParam(since="2.2.0", defaultValue="16", group="state") 51 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH_PARAM 52 = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH"; 53 public static final int RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH_PARAM_DEFAULT = 16; 54 55 /** 56 * Sets the random class to initialize the secure random id generator. 57 * By default it uses java.security.SecureRandom 58 */ 59 @JSFWebConfigParam(since="2.2.0", group="state") 60 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_CLASS_PARAM 61 = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_CLASS"; 62 63 /** 64 * Sets the random provider to initialize the secure random id generator. 65 */ 66 @JSFWebConfigParam(since="2.2.0", group="state") 67 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_PROVIDER_PARAM 68 = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_PROVIDER"; 69 70 /** 71 * Sets the random algorithm to initialize the secure random id generator. 72 * By default is SHA1PRNG 73 */ 74 @JSFWebConfigParam(since="2.2.0", defaultValue="SHA1PRNG", group="state") 75 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_ALGORITM_PARAM 76 = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_ALGORITM"; 77 78 /** 79 * Put the state on the cache, to can be restored later. 80 * 81 * @param facesContext 82 * @param serializedView 83 */ 84 public abstract K saveSerializedView(FacesContext facesContext, V serializedView); 85 86 /** 87 * Get the state from the cache is server side state saving is used, 88 * or decode it from the passed viewState param if client side is used. 89 * 90 * @param facesContext 91 * @param viewId The viewId of the view to be restored 92 * @param viewState A token usually retrieved from a call to ResponseStateManager.getState that will be 93 * used to identify or restore the state. 94 * @return 95 */ 96 public abstract V restoreSerializedView(FacesContext facesContext, String viewId, K viewState); 97 98 /** 99 * Calculate the token to be used if server side state saving, or encode the view and return the 100 * viewState that can be used by the underlying ResponseStateManager to write the state. 101 * 102 * @param facesContext 103 * @param state The state that will be used to derive the token returned. 104 * @return A token (usually encoded on javax.faces.ViewState input hidden field) that will be passed to 105 * ResponseStateManager.writeState or ResponseStateManager.getViewState to be 106 * output to the client. 107 */ 108 public abstract K encodeSerializedState(FacesContext facesContext, Object serializedView); 109 110 /** 111 * Indicates if the call to ResponseStateManager.writeState should be done after the view is fully rendered. 112 * Usually this is required for client side state saving, but it is not for server side state saving, because 113 * ResponseStateManager.writeState could render a just a marker and then StateManager.saveState could be called, 114 * preventing use an additional buffer. 115 * 116 * @param facesContext 117 * @return 118 */ 119 public abstract boolean isWriteStateAfterRenderViewRequired(FacesContext facesContext); 120 121 /** 122 * @since 2.2 123 * @param context 124 * @return 125 */ 126 public abstract String createCryptographicallyStrongTokenFromSession(FacesContext context); 127 }