You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2013/10/08 13:37:58 UTC

svn commit: r1530236 - in /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago: portlet/PortletUtils.java webapp/Secret.java

Author: lofwyr
Date: Tue Oct  8 11:37:58 2013
New Revision: 1530236

URL: http://svn.apache.org/r1530236
Log:
TOBAGO-1320: SessionSecret not compatible with portlets

Modified:
    myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/portlet/PortletUtils.java
    myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java

Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/portlet/PortletUtils.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/portlet/PortletUtils.java?rev=1530236&r1=1530235&r2=1530236&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/portlet/PortletUtils.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/portlet/PortletUtils.java Tue Oct  8 11:37:58 2013
@@ -19,10 +19,13 @@
 
 package org.apache.myfaces.tobago.portlet;
 
+import org.apache.myfaces.tobago.webapp.Secret;
+
 import javax.faces.context.FacesContext;
 import javax.portlet.ActionRequest;
 import javax.portlet.PortletContext;
 import javax.portlet.PortletRequest;
+import javax.portlet.PortletSession;
 import javax.portlet.PortletURL;
 import javax.portlet.RenderResponse;
 import java.io.UnsupportedEncodingException;
@@ -59,7 +62,7 @@ public final class PortletUtils {
    *
    * @param facesContext The current FacesContext.
    * @return <code>true</code> if we are processing a RenderResponse,
-   *         <code>false</code> otherwise.
+   * <code>false</code> otherwise.
    */
   public static boolean isRenderResponse(FacesContext facesContext) {
     return PORTLET_API_AVAILABLE && facesContext.getExternalContext().getResponse() instanceof RenderResponse;
@@ -70,7 +73,7 @@ public final class PortletUtils {
    *
    * @param facesContext The current FacesContext.
    * @return <code>true</code> if we are running as a portlet,
-   *         <code>false</code> otherwise.
+   * <code>false</code> otherwise.
    */
 //  public static boolean isPortletRequest(FacesContext facesContext) {
 //    return facesContext.getExternalContext().getSessionMap().get(PORTLET_REQUEST) != null;
@@ -100,4 +103,13 @@ public final class PortletUtils {
       request.setCharacterEncoding("UTF-8");
     }
   }
+
+  public static Secret getAttributeFromSessionForApplication(Object session, String name) {
+
+    if (PORTLET_API_AVAILABLE && session instanceof PortletSession) {
+      return (Secret) ((PortletSession) session).getAttribute(name, PortletSession.APPLICATION_SCOPE);
+    } else {
+      throw new IllegalArgumentException("Unknown session type: " + session.getClass().getName());
+    }
+  }
 }

Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java?rev=1530236&r1=1530235&r2=1530236&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java Tue Oct  8 11:37:58 2013
@@ -20,6 +20,7 @@
 package org.apache.myfaces.tobago.webapp;
 
 import org.apache.commons.codec.binary.Base64;
+import org.apache.myfaces.tobago.portlet.PortletUtils;
 import org.apache.myfaces.tobago.renderkit.html.HtmlAttributes;
 import org.apache.myfaces.tobago.renderkit.html.HtmlElements;
 import org.apache.myfaces.tobago.renderkit.html.HtmlInputTypes;
@@ -40,7 +41,7 @@ public class Secret implements Serializa
   private static final SecureRandom RANDOM = new SecureRandom();
 
   private static final int SECRET_LENGTH = 16;
-  
+
   private static final boolean COMMONS_CODEC_AVAILABLE = commonsCodecAvailable();
 
   private static boolean commonsCodecAvailable() {
@@ -76,24 +77,34 @@ public class Secret implements Serializa
    * Checks that the request contains a parameter {@link org.apache.myfaces.tobago.webapp.Secret#KEY}
    * which is equals to a secret value in the session.
    */
-  public static boolean check(FacesContext facesContext) {
-    Map requestParameterMap = facesContext.getExternalContext().getRequestParameterMap();
-    String fromRequest = (String) requestParameterMap.get(Secret.KEY);
-    Map sessionMap = facesContext.getExternalContext().getSessionMap();
-    Secret secret = (Secret) sessionMap.get(Secret.KEY);
+  public static boolean check(final FacesContext facesContext) {
+    final Map requestParameterMap = facesContext.getExternalContext().getRequestParameterMap();
+    final String fromRequest = (String) requestParameterMap.get(Secret.KEY);
+    final Object session = facesContext.getExternalContext().getSession(true);
+    final Secret secret;
+    if (session instanceof HttpSession) {
+      secret = (Secret) ((HttpSession) session).getAttribute(Secret.KEY);
+    } else {
+      secret = PortletUtils.getAttributeFromSessionForApplication(session, Secret.KEY);
+    }
     return secret != null && secret.secret.equals(fromRequest);
   }
 
   /**
    * Encode a hidden field with the secret value from the session.
    */
-  public static void encode(FacesContext facesContext, TobagoResponseWriter writer) throws IOException {
+  public static void encode(final FacesContext facesContext, final TobagoResponseWriter writer) throws IOException {
     writer.startElement(HtmlElements.INPUT, null);
     writer.writeAttribute(HtmlAttributes.TYPE, HtmlInputTypes.HIDDEN, false);
     writer.writeAttribute(HtmlAttributes.NAME, Secret.KEY, false);
     writer.writeAttribute(HtmlAttributes.ID, Secret.KEY, false);
-    Map sessionMap = facesContext.getExternalContext().getSessionMap();
-    Secret secret = (Secret) sessionMap.get(Secret.class.getName());
+    final Object session = facesContext.getExternalContext().getSession(true);
+    final Secret secret;
+    if (session instanceof HttpSession) {
+      secret = (Secret) ((HttpSession) session).getAttribute(Secret.KEY);
+    } else {
+      secret = PortletUtils.getAttributeFromSessionForApplication(session, Secret.KEY);
+    }
     writer.writeAttribute(HtmlAttributes.VALUE, secret.secret, false);
     writer.endElement(HtmlElements.INPUT);
   }