You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lu...@apache.org on 2013/01/26 00:54:32 UTC

svn commit: r1438777 - in /myfaces/core/branches/2.2.x/api/src/main/java/javax/faces: application/ProtectedViewException.java application/ViewHandler.java render/ResponseStateManager.java

Author: lu4242
Date: Fri Jan 25 23:54:32 2013
New Revision: 1438777

URL: http://svn.apache.org/viewvc?rev=1438777&view=rev
Log:
MYFACES-3682 Implement Client Side Request Forgery protection 

Added:
    myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ProtectedViewException.java   (with props)
Modified:
    myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ViewHandler.java
    myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/render/ResponseStateManager.java

Added: myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ProtectedViewException.java
URL: http://svn.apache.org/viewvc/myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ProtectedViewException.java?rev=1438777&view=auto
==============================================================================
--- myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ProtectedViewException.java (added)
+++ myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ProtectedViewException.java Fri Jan 25 23:54:32 2013
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package javax.faces.application;
+
+import javax.faces.FacesException;
+
+/**
+ *
+ * @author Leonardo Uribe
+ */
+public class ProtectedViewException extends FacesException
+{
+
+    public ProtectedViewException()
+    {
+    }
+
+    public ProtectedViewException(Throwable cause)
+    {
+        super(cause);
+    }
+
+    public ProtectedViewException(String message)
+    {
+        super(message);
+    }
+
+    public ProtectedViewException(String message, Throwable cause)
+    {
+        super(message, cause);
+    }
+
+}

Propchange: myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ProtectedViewException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ViewHandler.java
URL: http://svn.apache.org/viewvc/myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ViewHandler.java?rev=1438777&r1=1438776&r2=1438777&view=diff
==============================================================================
--- myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ViewHandler.java (original)
+++ myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/application/ViewHandler.java Fri Jan 25 23:54:32 2013
@@ -20,9 +20,11 @@ package javax.faces.application;
 
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Set;
 
 import javax.faces.FacesException;
 import javax.faces.component.UIViewRoot;
@@ -338,4 +340,30 @@ public abstract class ViewHandler
      */
     public abstract void writeState(FacesContext context) throws IOException;
 
+    /**
+     * @since 2.2
+     * @param urlPattern 
+     */
+    public void addProtectedView(String urlPattern)
+    {
+    }
+    
+    /**
+     * @since 2.2
+     * @param urlPattern 
+     */
+    public boolean removeProtectedView(String urlPattern)
+    {
+        return false;
+    }
+
+    /**
+     * @since 2.2
+     * @return 
+     */
+    public Set<String> getProtectedViewsUnmodifiable()
+    {
+        Set<String> set = Collections.emptySet();
+        return Collections.unmodifiableSet(set);
+    }
 }

Modified: myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/render/ResponseStateManager.java
URL: http://svn.apache.org/viewvc/myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/render/ResponseStateManager.java?rev=1438777&r1=1438776&r2=1438777&view=diff
==============================================================================
--- myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/render/ResponseStateManager.java (original)
+++ myfaces/core/branches/2.2.x/api/src/main/java/javax/faces/render/ResponseStateManager.java Fri Jan 25 23:54:32 2013
@@ -37,6 +37,8 @@ public abstract class ResponseStateManag
     
     public static final String CLIENT_WINDOW_PARAM = "javax.faces.ClientWindow";
     public static final String CLIENT_WINDOW_URL_PARAM = "jfwid";
+    
+    public static final String NON_POSTBACK_VIEW_TOKEN_PARAM = "javax.faces.Token";
 
     public void writeState(FacesContext context, Object state) throws IOException
     {
@@ -130,4 +132,13 @@ public abstract class ResponseStateManag
         return context.getExternalContext().getRequestParameterMap().containsKey(ResponseStateManager.VIEW_STATE_PARAM);
     }
 
+    /**
+     * @since 2.2
+     * @param context
+     * @return 
+     */
+    public String getCryptographicallyStrongTokenFromSession(FacesContext context)
+    {
+        return null;
+    }
 }