You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lu...@apache.org on 2013/01/26 00:54:32 UTC
svn commit: r1438777 - in
/myfaces/core/branches/2.2.x/api/src/main/java/javax/faces:
application/ProtectedViewException.java application/ViewHandler.java
render/ResponseStateManager.java
Author: lu4242
Date: Fri Jan 25 23:54:32 2013
New Revision: 1438777
URL: http://svn.apache.org/viewvc?rev=1438777&view=rev
Log:
MYFACES-3682 Implement Client Side Request Forgery protection
Added:
myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ProtectedViewException.java (with props)
Modified:
myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ViewHandler.java
myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/render/ResponseStateManager.java
Added: myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ProtectedViewException.java
URL: http://svn.apache.org/viewvc/myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ProtectedViewException.java?rev=1438777&view=auto
==============================================================================
--- myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ProtectedViewException.java (added)
+++ myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ProtectedViewException.java Fri Jan 25 23:54:32 2013
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package javax.faces.application;
+
+import javax.faces.FacesException;
+
+/**
+ *
+ * @author Leonardo Uribe
+ */
+public class ProtectedViewException extends FacesException
+{
+
+ public ProtectedViewException()
+ {
+ }
+
+ public ProtectedViewException(Throwable cause)
+ {
+ super(cause);
+ }
+
+ public ProtectedViewException(String message)
+ {
+ super(message);
+ }
+
+ public ProtectedViewException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+
+}
Propchange: myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ProtectedViewException.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ViewHandler.java
URL: http://svn.apache.org/viewvc/myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ViewHandler.java?rev=1438777&r1=1438776&r2=1438777&view=diff
==============================================================================
--- myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ViewHandler.java (original)
+++ myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ViewHandler.java Fri Jan 25 23:54:32 2013
@@ -20,9 +20,11 @@ package javax.faces.application;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
+import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Map;
+import java.util.Set;
import javax.faces.FacesException;
import javax.faces.component.UIViewRoot;
@@ -338,4 +340,30 @@ public abstract class ViewHandler
*/
public abstract void writeState(FacesContext context) throws IOException;
+ /**
+ * @since 2.2
+ * @param urlPattern
+ */
+ public void addProtectedView(String urlPattern)
+ {
+ }
+
+ /**
+ * @since 2.2
+ * @param urlPattern
+ */
+ public boolean removeProtectedView(String urlPattern)
+ {
+ return false;
+ }
+
+ /**
+ * @since 2.2
+ * @return
+ */
+ public Set<String> getProtectedViewsUnmodifiable()
+ {
+ Set<String> set = Collections.emptySet();
+ return Collections.unmodifiableSet(set);
+ }
}
Modified: myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/render/ResponseStateManager.java
URL: http://svn.apache.org/viewvc/myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/render/ResponseStateManager.java?rev=1438777&r1=1438776&r2=1438777&view=diff
==============================================================================
--- myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/render/ResponseStateManager.java (original)
+++ myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/render/ResponseStateManager.java Fri Jan 25 23:54:32 2013
@@ -37,6 +37,8 @@ public abstract class ResponseStateManag
public static final String CLIENT_WINDOW_PARAM = "javax.faces.ClientWindow";
public static final String CLIENT_WINDOW_URL_PARAM = "jfwid";
+
+ public static final String NON_POSTBACK_VIEW_TOKEN_PARAM = "javax.faces.Token";
public void writeState(FacesContext context, Object state) throws IOException
{
@@ -130,4 +132,13 @@ public abstract class ResponseStateManag
return context.getExternalContext().getRequestParameterMap().containsKey(ResponseStateManager.VIEW_STATE_PARAM);
}
+ /**
+ * @since 2.2
+ * @param context
+ * @return
+ */
+ public String getCryptographicallyStrongTokenFromSession(FacesContext context)
+ {
+ return null;
+ }
}