You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by bo...@apache.org on 2021/01/14 07:47:05 UTC
[myfaces] branch master updated: MYFACES-4373: make sure
SecureRandom is used for invalid configs
This is an automated email from the ASF dual-hosted git repository.
bommel pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces.git
The following commit(s) were added to refs/heads/master by this push:
new f855d07 MYFACES-4373: make sure SecureRandom is used for invalid configs
new b1b3d54 Merge pull request #134 from wtlucy/secureRandom2
f855d07 is described below
commit f855d079944d49a759da94e5d7e2bae4a8febf19
Author: Bill Lucy <wt...@gmail.com>
AuthorDate: Wed Jan 13 17:01:10 2021 -0500
MYFACES-4373: make sure SecureRandom is used for invalid configs
---
.../myfaces/application/viewstate/StateCacheClientSide.java | 6 +++---
.../myfaces/application/viewstate/StateCacheServerSide.java | 10 +++++-----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/impl/src/main/java/org/apache/myfaces/application/viewstate/StateCacheClientSide.java b/impl/src/main/java/org/apache/myfaces/application/viewstate/StateCacheClientSide.java
index 14adc95..2483d9c 100644
--- a/impl/src/main/java/org/apache/myfaces/application/viewstate/StateCacheClientSide.java
+++ b/impl/src/main/java/org/apache/myfaces/application/viewstate/StateCacheClientSide.java
@@ -44,13 +44,13 @@ class StateCacheClientSide extends StateCache<Object, Object>
MyfacesConfig config = MyfacesConfig.getCurrentInstance(facesContext);
String csrfRandomMode = config.getRandomKeyInCsrfSessionToken();
- if (MyfacesConfig.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM.equals(csrfRandomMode))
+ if (MyfacesConfig.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_RANDOM.equals(csrfRandomMode))
{
- csrfSessionTokenFactory = new CsrfSessionTokenFactorySecureRandom(facesContext);
+ csrfSessionTokenFactory = new CsrfSessionTokenFactoryRandom(facesContext);
}
else
{
- csrfSessionTokenFactory = new CsrfSessionTokenFactoryRandom(facesContext);
+ csrfSessionTokenFactory = new CsrfSessionTokenFactorySecureRandom(facesContext);
}
stateTokenProcessor = new StateTokenProcessorClientSide();
diff --git a/impl/src/main/java/org/apache/myfaces/application/viewstate/StateCacheServerSide.java b/impl/src/main/java/org/apache/myfaces/application/viewstate/StateCacheServerSide.java
index 4f2d047..bd30c3a 100644
--- a/impl/src/main/java/org/apache/myfaces/application/viewstate/StateCacheServerSide.java
+++ b/impl/src/main/java/org/apache/myfaces/application/viewstate/StateCacheServerSide.java
@@ -104,19 +104,19 @@ class StateCacheServerSide extends StateCache<Object, Object>
{
log.warning(MyfacesConfig.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN + " \""
+ randomMode + "\" is not supported (anymore)."
- + " Fallback to \"random\"");
+ + " Fallback to \"secureRandom\"");
}
- sessionViewStorageFactory = new SessionViewStorageFactoryImpl(new KeyFactoryRandom(facesContext));
+ sessionViewStorageFactory = new SessionViewStorageFactoryImpl(new KeyFactorySecureRandom(facesContext));
}
String csrfRandomMode = config.getRandomKeyInCsrfSessionToken();
- if (MyfacesConfig.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM.equals(csrfRandomMode))
+ if (MyfacesConfig.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_RANDOM.equals(csrfRandomMode))
{
- csrfSessionTokenFactory = new CsrfSessionTokenFactorySecureRandom(facesContext);
+ csrfSessionTokenFactory = new CsrfSessionTokenFactoryRandom(facesContext);
}
else
{
- csrfSessionTokenFactory = new CsrfSessionTokenFactoryRandom(facesContext);
+ csrfSessionTokenFactory = new CsrfSessionTokenFactorySecureRandom(facesContext);
}
stateTokenProcessor = new StateTokenProcessorServerSide();