1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.myfaces.push.cdi;
21
22 import javax.annotation.PostConstruct;
23 import javax.enterprise.context.ApplicationScoped;
24 import javax.faces.context.FacesContext;
25 import org.apache.myfaces.buildtools.maven2.plugin.builder.annotation.JSFWebConfigParam;
26 import org.apache.myfaces.shared.util.WebConfigParamUtils;
27
28
29
30
31 @ApplicationScoped
32 public class WebsocketChannelTokenBuilderBean
33 {
34
35
36
37 @JSFWebConfigParam(since="2.2.0", expectedValues="secureRandom, random",
38 defaultValue="none", group="state")
39 private static final String RANDOM_KEY_IN_WEBSOCKET_SESSION_TOKEN_PARAM
40 = "org.apache.myfaces.RANDOM_KEY_IN_WEBSOCKET_SESSION_TOKEN";
41 private static final String RANDOM_KEY_IN_WEBSOCKET_SESSION_TOKEN_PARAM_DEFAULT = "random";
42
43 private static final String RANDOM_KEY_IN_WEBSOCKET_SESSION_TOKEN_SECURE_RANDOM = "secureRandom";
44 private static final String RANDOM_KEY_IN_WEBSOCKET_SESSION_TOKEN_RANDOM = "random";
45
46 private CsrfSessionTokenFactory csrfSessionTokenFactory;
47
48 private boolean initialized;
49
50 public WebsocketChannelTokenBuilderBean()
51 {
52 }
53
54 @PostConstruct
55 public void init()
56 {
57 FacesContext facesContext = FacesContext.getCurrentInstance();
58 if (facesContext != null)
59 {
60 internalInit(facesContext);
61 }
62 }
63
64 private synchronized void internalInit(FacesContext facesContext)
65 {
66 String csrfRandomMode = WebConfigParamUtils.getStringInitParameter(facesContext.getExternalContext(),
67 RANDOM_KEY_IN_WEBSOCKET_SESSION_TOKEN_PARAM,
68 RANDOM_KEY_IN_WEBSOCKET_SESSION_TOKEN_PARAM_DEFAULT);
69 if (RANDOM_KEY_IN_WEBSOCKET_SESSION_TOKEN_SECURE_RANDOM.equals(csrfRandomMode))
70 {
71 csrfSessionTokenFactory = new SecureRandomCsrfSessionTokenFactory(facesContext);
72 }
73 else
74 {
75 csrfSessionTokenFactory = new RandomCsrfSessionTokenFactory(facesContext);
76 }
77 initialized=true;
78 }
79
80 public String createChannelToken(FacesContext facesContext, String channel)
81 {
82 if (!initialized)
83 {
84 internalInit(facesContext);
85 }
86 return csrfSessionTokenFactory.createCryptographicallyStrongTokenFromSession(facesContext);
87 }
88 }