You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by bo...@apache.org on 2021/01/14 16:05:33 UTC
[myfaces] branch 2.1.x updated: MYFACES-4373: make sure
SecureRandom is used for invalid configs
This is an automated email from the ASF dual-hosted git repository.
bommel pushed a commit to branch 2.1.x
in repository https://gitbox.apache.org/repos/asf/myfaces.git
The following commit(s) were added to refs/heads/2.1.x by this push:
new 8cf7f56 MYFACES-4373: make sure SecureRandom is used for invalid configs
new a894dc0 Merge pull request #138 from wtlucy/secureRandom2_2.1.x
8cf7f56 is described below
commit 8cf7f56eb49cd54e6bab902f5c5d250de8117ecf
Author: Bill Lucy <wt...@gmail.com>
AuthorDate: Thu Jan 14 09:56:23 2021 -0500
MYFACES-4373: make sure SecureRandom is used for invalid configs
---
.../application/viewstate/ServerSideStateCacheImpl.java | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java b/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
index 86639d0..cd69bc5 100644
--- a/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
+++ b/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
@@ -180,7 +180,7 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
/**
* Adds a random key to the generated view state session token.
*/
- @JSFWebConfigParam(since="2.1.9, 2.0.15", expectedValues="secureRandom, random",
+ @JSFWebConfigParam(since="2.1.9, 2.0.15", expectedValues="secureRandom, random, none",
defaultValue="secureRandom", group="state")
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM
= "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN";
@@ -236,19 +236,19 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
String randomMode = WebConfigParamUtils.getStringInitParameter(facesContext.getExternalContext(),
RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM,
RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM_DEFAULT);
- if (RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM.equals(randomMode))
+ if (RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_RANDOM.equals(randomMode))
{
sessionViewStorageFactory = new RandomSessionViewStorageFactory(
- new SecureRandomKeyFactory(facesContext));
+ new RandomKeyFactory(facesContext));
}
- else if (RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_RANDOM.equals(randomMode))
+ else if (RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_NONE.equals(randomMode))
{
- sessionViewStorageFactory = new RandomSessionViewStorageFactory(
- new RandomKeyFactory(facesContext));
+ sessionViewStorageFactory = new CounterSessionViewStorageFactory(new CounterKeyFactory());
}
else
{
- sessionViewStorageFactory = new CounterSessionViewStorageFactory(new CounterKeyFactory());
+ sessionViewStorageFactory = new RandomSessionViewStorageFactory(
+ new SecureRandomKeyFactory(facesContext));
}
}