You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by bo...@apache.org on 2021/01/14 16:05:33 UTC

[myfaces] branch 2.1.x updated: MYFACES-4373: make sure SecureRandom is used for invalid configs

This is an automated email from the ASF dual-hosted git repository.

bommel pushed a commit to branch 2.1.x
in repository https://gitbox.apache.org/repos/asf/myfaces.git


The following commit(s) were added to refs/heads/2.1.x by this push:
     new 8cf7f56  MYFACES-4373: make sure SecureRandom is used for invalid configs
     new a894dc0  Merge pull request #138 from wtlucy/secureRandom2_2.1.x
8cf7f56 is described below

commit 8cf7f56eb49cd54e6bab902f5c5d250de8117ecf
Author: Bill Lucy <wt...@gmail.com>
AuthorDate: Thu Jan 14 09:56:23 2021 -0500

    MYFACES-4373: make sure SecureRandom is used for invalid configs
---
 .../application/viewstate/ServerSideStateCacheImpl.java    | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java b/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
index 86639d0..cd69bc5 100644
--- a/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
+++ b/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
@@ -180,7 +180,7 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
     /**
      * Adds a random key to the generated view state session token.
      */
-    @JSFWebConfigParam(since="2.1.9, 2.0.15", expectedValues="secureRandom, random", 
+    @JSFWebConfigParam(since="2.1.9, 2.0.15", expectedValues="secureRandom, random, none",
             defaultValue="secureRandom", group="state")
     public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM
             = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN";
@@ -236,19 +236,19 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
         String randomMode = WebConfigParamUtils.getStringInitParameter(facesContext.getExternalContext(),
                 RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM, 
                 RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM_DEFAULT);
-        if (RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM.equals(randomMode))
+        if (RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_RANDOM.equals(randomMode))
         {
             sessionViewStorageFactory = new RandomSessionViewStorageFactory(
-                    new SecureRandomKeyFactory(facesContext));
+                    new RandomKeyFactory(facesContext));
         }
-        else if (RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_RANDOM.equals(randomMode))
+        else if (RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_NONE.equals(randomMode))
         {
-            sessionViewStorageFactory = new RandomSessionViewStorageFactory(
-                    new RandomKeyFactory(facesContext));
+            sessionViewStorageFactory = new CounterSessionViewStorageFactory(new CounterKeyFactory());
         }
         else
         {
-            sessionViewStorageFactory = new CounterSessionViewStorageFactory(new CounterKeyFactory());
+            sessionViewStorageFactory = new RandomSessionViewStorageFactory(
+                    new SecureRandomKeyFactory(facesContext));
         }
     }