1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.myfaces.application; 20 21 import javax.faces.context.FacesContext; 22 import org.apache.myfaces.application.viewstate.token.StateTokenProcessor; 23 import org.apache.myfaces.buildtools.maven2.plugin.builder.annotation.JSFWebConfigParam; 24 25 /** 26 * This class provides an interface to separate the state caching operations (saving/restoring) 27 * from the renderkit specific stuff that HtmlResponseStateManager should do. 28 * 29 * @author Leonardo Uribe 30 * 31 */ 32 public abstract class StateCache<K, V> 33 { 34 35 /** 36 * Defines how to generate the csrf session token. 37 */ 38 @JSFWebConfigParam(since="2.2.0", expectedValues="secureRandom, random", 39 defaultValue="none", group="state") 40 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM 41 = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN"; 42 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM_DEFAULT = "random"; 43 44 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM = "secureRandom"; 45 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_RANDOM = "random"; 46 47 /** 48 * Set the default length of the random key used for the csrf session token. 49 * By default is 16. 50 */ 51 @JSFWebConfigParam(since="2.2.0", defaultValue="16", group="state") 52 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH_PARAM 53 = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH"; 54 public static final int RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH_PARAM_DEFAULT = 16; 55 56 /** 57 * Sets the random class to initialize the secure random id generator. 58 * By default it uses java.security.SecureRandom 59 */ 60 @JSFWebConfigParam(since="2.2.0", group="state") 61 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_CLASS_PARAM 62 = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_CLASS"; 63 64 /** 65 * Sets the random provider to initialize the secure random id generator. 66 */ 67 @JSFWebConfigParam(since="2.2.0", group="state") 68 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_PROVIDER_PARAM 69 = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_PROVIDER"; 70 71 /** 72 * Sets the random algorithm to initialize the secure random id generator. 73 * By default is SHA1PRNG 74 */ 75 @JSFWebConfigParam(since="2.2.0", defaultValue="SHA1PRNG", group="state") 76 public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_ALGORITM_PARAM 77 = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_ALGORITM"; 78 79 /** 80 * Put the state on the cache, to can be restored later. 81 * 82 * @param facesContext 83 * @param serializedView 84 */ 85 public abstract K saveSerializedView(FacesContext facesContext, V serializedView); 86 87 /** 88 * Get the state from the cache is server side state saving is used, 89 * or decode it from the passed viewState param if client side is used. 90 * 91 * @param facesContext 92 * @param viewId The viewId of the view to be restored 93 * @param viewState A token usually retrieved from a call to ResponseStateManager.getState that will be 94 * used to identify or restore the state. 95 * @return 96 */ 97 public abstract V restoreSerializedView(FacesContext facesContext, String viewId, K viewState); 98 99 /** 100 * Calculate the token to be used if server side state saving, or encode the view and return the 101 * viewState that can be used by the underlying ResponseStateManager to write the state. 102 * 103 * @param facesContext 104 * @param serializedView The state that will be used to derive the token returned. 105 * @return A token (usually encoded on javax.faces.ViewState input hidden field) that will be passed to 106 * ResponseStateManager.writeState or ResponseStateManager.getViewState to be 107 * output to the client. 108 */ 109 public abstract K encodeSerializedState(FacesContext facesContext, Object serializedView); 110 111 /** 112 * Indicates if the call to ResponseStateManager.writeState should be done after the view is fully rendered. 113 * Usually this is required for client side state saving, but it is not for server side state saving, because 114 * ResponseStateManager.writeState could render a just a marker and then StateManager.saveState could be called, 115 * preventing use an additional buffer. 116 * 117 * @param facesContext 118 * @return 119 */ 120 public abstract boolean isWriteStateAfterRenderViewRequired(FacesContext facesContext); 121 122 /** 123 * @since 2.2 124 * @param context 125 * @return 126 */ 127 public abstract String createCryptographicallyStrongTokenFromSession(FacesContext context); 128 129 130 public abstract StateTokenProcessor getStateTokenProcessor(FacesContext context); 131 }