You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by ta...@apache.org on 2021/01/13 19:50:48 UTC
[myfaces] branch 2.2.x updated: MYFACES-4373: prefer SecureRandom
for token generation
This is an automated email from the ASF dual-hosted git repository.
tandraschko pushed a commit to branch 2.2.x
in repository https://gitbox.apache.org/repos/asf/myfaces.git
The following commit(s) were added to refs/heads/2.2.x by this push:
new 7af508b MYFACES-4373: prefer SecureRandom for token generation
new 4d4141b Merge pull request #129 from wtlucy/secureRandom_2.2.x
7af508b is described below
commit 7af508b36b8dd0f58c203b9508486aba560b8802
Author: Bill Lucy <wt...@gmail.com>
AuthorDate: Mon Jan 11 16:08:40 2021 -0500
MYFACES-4373: prefer SecureRandom for token generation
---
.../main/java/org/apache/myfaces/application/StateCache.java | 12 ++++++------
.../application/viewstate/ServerSideStateCacheImpl.java | 6 +++---
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/impl/src/main/java/org/apache/myfaces/application/StateCache.java b/impl/src/main/java/org/apache/myfaces/application/StateCache.java
index e93b9a5..29519b5 100644
--- a/impl/src/main/java/org/apache/myfaces/application/StateCache.java
+++ b/impl/src/main/java/org/apache/myfaces/application/StateCache.java
@@ -30,18 +30,18 @@ import org.apache.myfaces.buildtools.maven2.plugin.builder.annotation.JSFWebConf
*/
public abstract class StateCache<K, V>
{
-
+ public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM = "secureRandom";
+ public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_RANDOM = "random";
+
/**
* Defines how to generate the csrf session token.
*/
@JSFWebConfigParam(since="2.2.0", expectedValues="secureRandom, random",
- defaultValue="none", group="state")
+ defaultValue="secureRandom", group="state")
public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM
= "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN";
- public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM_DEFAULT = "random";
-
- public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM = "secureRandom";
- public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_RANDOM = "random";
+ public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM_DEFAULT =
+ RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM;
/**
* Set the default length of the random key used for the csrf session token.
diff --git a/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java b/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
index ec8425b..d810d55 100644
--- a/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
+++ b/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
@@ -141,12 +141,12 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
/**
* Adds a random key to the generated view state session token.
*/
- @JSFWebConfigParam(since="2.1.9, 2.0.15", expectedValues="secureRandom, random, none",
- defaultValue="none", group="state")
+ @JSFWebConfigParam(since="2.1.9, 2.0.15", expectedValues="secureRandom, random",
+ defaultValue="secureRandom", group="state")
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM
= "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN";
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM_DEFAULT =
- RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_NONE;
+ RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM;
/**
* Set the default length of the random key added to the view state session token.