You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2013/10/08 13:47:35 UTC
svn commit: r1530242 - in /myfaces/tobago/branches/tobago-1.5.x:
tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java
tobago-jsf-compat/src/main/java/org/apache/myfaces/tobago/portlet/PortletUtils.java
Author: lofwyr
Date: Tue Oct 8 11:47:35 2013
New Revision: 1530242
URL: http://svn.apache.org/r1530242
Log:
TOBAGO-1320: SessionSecret not compatible with portlets
Modified:
myfaces/tobago/branches/tobago-1.5.x/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java
myfaces/tobago/branches/tobago-1.5.x/tobago-jsf-compat/src/main/java/org/apache/myfaces/tobago/portlet/PortletUtils.java
Modified: myfaces/tobago/branches/tobago-1.5.x/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-1.5.x/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java?rev=1530242&r1=1530241&r2=1530242&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-1.5.x/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java (original)
+++ myfaces/tobago/branches/tobago-1.5.x/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java Tue Oct 8 11:47:35 2013
@@ -20,6 +20,7 @@
package org.apache.myfaces.tobago.webapp;
import org.apache.commons.codec.binary.Base64;
+import org.apache.myfaces.tobago.portlet.PortletUtils;
import org.apache.myfaces.tobago.renderkit.html.HtmlAttributes;
import org.apache.myfaces.tobago.renderkit.html.HtmlElements;
import org.apache.myfaces.tobago.renderkit.html.HtmlInputTypes;
@@ -76,24 +77,34 @@ public class Secret implements Serializa
* Checks that the request contains a parameter {@link org.apache.myfaces.tobago.webapp.Secret#KEY}
* which is equals to a secret value in the session.
*/
- public static boolean check(FacesContext facesContext) {
- Map requestParameterMap = facesContext.getExternalContext().getRequestParameterMap();
- String fromRequest = (String) requestParameterMap.get(Secret.KEY);
- Map sessionMap = facesContext.getExternalContext().getSessionMap();
- Secret secret = (Secret) sessionMap.get(Secret.KEY);
+ public static boolean check(final FacesContext facesContext) {
+ final Map requestParameterMap = facesContext.getExternalContext().getRequestParameterMap();
+ final String fromRequest = (String) requestParameterMap.get(Secret.KEY);
+ final Object session = facesContext.getExternalContext().getSession(true);
+ final Secret secret;
+ if (session instanceof HttpSession) {
+ secret = (Secret) ((HttpSession) session).getAttribute(Secret.KEY);
+ } else {
+ secret = (Secret) PortletUtils.getAttributeFromSessionForApplication(session, Secret.KEY);
+ }
return secret != null && secret.secret.equals(fromRequest);
}
/**
* Encode a hidden field with the secret value from the session.
*/
- public static void encode(FacesContext facesContext, TobagoResponseWriter writer) throws IOException {
+ public static void encode(final FacesContext facesContext, final TobagoResponseWriter writer) throws IOException {
writer.startElement(HtmlElements.INPUT, null);
writer.writeAttribute(HtmlAttributes.TYPE, HtmlInputTypes.HIDDEN, false);
writer.writeAttribute(HtmlAttributes.NAME, Secret.KEY, false);
writer.writeAttribute(HtmlAttributes.ID, Secret.KEY, false);
- Map sessionMap = facesContext.getExternalContext().getSessionMap();
- Secret secret = (Secret) sessionMap.get(Secret.class.getName());
+ final Object session = facesContext.getExternalContext().getSession(true);
+ final Secret secret;
+ if (session instanceof HttpSession) {
+ secret = (Secret) ((HttpSession) session).getAttribute(Secret.KEY);
+ } else {
+ secret = (Secret) PortletUtils.getAttributeFromSessionForApplication(session, Secret.KEY);
+ }
writer.writeAttribute(HtmlAttributes.VALUE, secret.secret, false);
writer.endElement(HtmlElements.INPUT);
}
Modified: myfaces/tobago/branches/tobago-1.5.x/tobago-jsf-compat/src/main/java/org/apache/myfaces/tobago/portlet/PortletUtils.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-1.5.x/tobago-jsf-compat/src/main/java/org/apache/myfaces/tobago/portlet/PortletUtils.java?rev=1530242&r1=1530241&r2=1530242&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-1.5.x/tobago-jsf-compat/src/main/java/org/apache/myfaces/tobago/portlet/PortletUtils.java (original)
+++ myfaces/tobago/branches/tobago-1.5.x/tobago-jsf-compat/src/main/java/org/apache/myfaces/tobago/portlet/PortletUtils.java Tue Oct 8 11:47:35 2013
@@ -23,6 +23,7 @@ import javax.faces.context.FacesContext;
import javax.portlet.ActionRequest;
import javax.portlet.PortletContext;
import javax.portlet.PortletRequest;
+import javax.portlet.PortletSession;
import javax.portlet.PortletURL;
import javax.portlet.RenderResponse;
import java.io.UnsupportedEncodingException;
@@ -100,4 +101,13 @@ public final class PortletUtils {
request.setCharacterEncoding("UTF-8");
}
}
+
+ public static Object getAttributeFromSessionForApplication(Object session, String name) {
+
+ if (PORTLET_API_AVAILABLE && session instanceof PortletSession) {
+ return ((PortletSession) session).getAttribute(name, PortletSession.APPLICATION_SCOPE);
+ } else {
+ throw new IllegalArgumentException("Unknown session type: " + session.getClass().getName());
+ }
+ }
}