You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lu...@apache.org on 2013/06/18 19:28:20 UTC

svn commit: r1494221 - /myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/application/ViewHandlerImpl.java

Author: lu4242
Date: Tue Jun 18 17:28:19 2013
New Revision: 1494221

URL: http://svn.apache.org/r1494221
Log:
MYFACES-3682 Implement Client Side Request Forgery protection 

Modified:
    myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/application/ViewHandlerImpl.java

Modified: myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/application/ViewHandlerImpl.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/application/ViewHandlerImpl.java?rev=1494221&r1=1494220&r2=1494221&view=diff
==============================================================================
--- myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/application/ViewHandlerImpl.java (original)
+++ myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/application/ViewHandlerImpl.java Tue Jun 18 17:28:19 2013
@@ -21,11 +21,14 @@ package org.apache.myfaces.application;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -66,6 +69,9 @@ public class ViewHandlerImpl extends Vie
     private ViewHandlerSupport _viewHandlerSupport;
     private ViewDeclarationLanguageFactory _vdlFactory;
     
+    private Set<String> _protectedViewsSet;
+    private Set<String> _unmodifiableProtectedViewsSet;
+    
     /**
      * Gets the current ViewHandler via FacesContext.getApplication().getViewHandler().
      * We have to use this method to invoke any other specified ViewHandler-method
@@ -81,6 +87,8 @@ public class ViewHandlerImpl extends Vie
 
     public ViewHandlerImpl()
     {
+        _protectedViewsSet = Collections.newSetFromMap(new ConcurrentHashMap<String,Boolean>());
+        _unmodifiableProtectedViewsSet = Collections.unmodifiableSet(_protectedViewsSet);
         _vdlFactory = (ViewDeclarationLanguageFactory)
                 FactoryFinder.getFactory(FactoryFinder.VIEW_DECLARATION_LANGUAGE_FACTORY);
         if (log.isLoggable(Level.FINEST))
@@ -352,6 +360,24 @@ public class ViewHandlerImpl extends Vie
             }
         }
     }
+
+    @Override
+    public void addProtectedView(String urlPattern)
+    {
+        _protectedViewsSet.add(urlPattern);
+    }
+
+    @Override
+    public boolean removeProtectedView(String urlPattern)
+    {
+        return _protectedViewsSet.remove(urlPattern);
+    }
+
+    @Override
+    public Set<String> getProtectedViewsUnmodifiable()
+    {
+        return _unmodifiableProtectedViewsSet;
+    }
     
     private void setWritingState(FacesContext context, ResponseStateManager rsm)
     {