Details

    • Type: Task Task
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: current
    • Fix Version/s: 2.1
    • Component/s: None
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      1,850

      Description

      After much late discussion, the EG has decided to hold off on implementing
      https://javaserverfaces-spec-public.dev.java.net/issues/show_bug.cgi?id=869

      1. changebundle.txt
        101 kB
        rogerk

        Activity

        Hide
        rogerk added a comment -

        target

        Show
        rogerk added a comment - target
        Hide
        rogerk added a comment -

        Created an attachment (id=1316)
        Changes

        Show
        rogerk added a comment - Created an attachment (id=1316) Changes
        Hide
        rogerk added a comment -

        The attached change bundle backs out spec public 869 changes, but also
        introduces Mojarra test improvements by eliminating some golden files - easier
        to maintain.

        Show
        rogerk added a comment - The attached change bundle backs out spec public 869 changes, but also introduces Mojarra test improvements by eliminating some golden files - easier to maintain.
        Hide
        rogerk added a comment -

        Created an attachment (id=1317)
        Revised Changes - Includes New Files

        Show
        rogerk added a comment - Created an attachment (id=1317) Revised Changes - Includes New Files
        Hide
        Ed Burns added a comment -

        <<https://javaserverfaces.dev.java.net/issues/show_bug.cgi?id=1850>>
        << Remove Spec Public 869 Implementation; Improve Mojarra Tests >>

        SECTION: Modified Files
        ----------------------------
        RK> M jsf-api/doc/standard-html-renderkit-base.xml
        RK> M jsf-api/doc/standard-html-renderkit.xml
        RK> — Remove specification of CSRF token for Form Rendering
        RK> M jsf-api/src/main/java/javax/faces/application/ViewHandler.java
        RK> — Remove specification of CSRF token for getActionURL method

        Just because you removed some 2.1 modifications doesn't mean you removed
        all 2.1 modifications. Please reinstate the changed_modified_2_1
        attribution on the first word of the class javadocs.

        RK> M jsf-api/src/main/java/javax/faces/render/ResponseStateManager.java
        RK> — Remove javax.faces.VIEW_TOKEN_PARAM constant

        Here it is correct to remove the changed_modified_2_1 attribution *from
        the class javadocs*. Please do so.

        RK> M jsf-ri/src/main/java/com/sun/faces/context/AjaxExceptionHandlerImpl.java
        RK> — No need to handle standard (non partial) exceptions
        RK> M
        jsf-ri/src/main/java/com/sun/faces/renderkit/html_basic/FormRenderer.java
        RK> — Remove CSRF token hidden field rendering
        RK> M jsf-ri/src/main/java/com/sun/faces/lifecycle/RestoreViewPhase.java
        RK> — Remove token verification check and handling

        Looks like you already got the 2.2.1 changes. Great.

        RK> M
        jsf-ri/src/main/java/com/sun/faces/application/view/MultiViewHandler.java
        RK> — Remove propogation of CSRF token into urls
        RK> M jsf-ri/src/main/java/com/sun/faces/config/WebConfiguration.java
        RK> — Remove CSRF configuration parameter definition
        RK> M jsf-ri/systest/src/com/sun/faces/systest/ResourceRelocationTestCase.java
        RK> M
        jsf-ri/systest/src/com/sun/faces/systest/jsp/interweaving/InterweavingTestCase.java

        This wasn't necessary, but thanks for doing it!

        RK> M jsf-ri/systest/src/com/sun/faces/systest/el/ELTestCase.java
        RK> — Restore tests to running condition;
        RK> — InterweavingTestCase: eliminate golden file(s) - add new tests
        RK> M jsf-ri/systest/build-tests.xml
        RK> — Remove CSRF test; Eliminate golden file processing for some tests
        RK>
        RK>
        A jsf-ri/systest/src/com/sun/faces/systest/jsp/regressions
        A
        jsf-ri/systest/src/com/sun/faces/systest/jsp/regressions/RegressionsTestCase.java
        A jsf-ri/systest/src/com/sun/faces/systest/jsp/config
        A jsf-ri/systest/src/com/sun/faces/systest/jsp/config/ConfigTestCase.java
        A jsf-ri/systest/src/com/sun/faces/systest/jsp/htmltaglib
        A
        jsf-ri/systest/src/com/sun/faces/systest/jsp/htmltaglib/HtmlTaglibTestCase.java
        A jsf-ri/systest/src/com/sun/faces/systest/jsp/managed
        A jsf-ri/systest/src/com/sun/faces/systest/jsp/managed/ManagedTestCase.java
        — New tests that do not perform golden file processing (replace golden file
        processing).

        D jsf-ri/src/main/java/com/sun/faces/renderkit/TokenHelper.java
        D jsf-ri/systest/src/com/sun/faces/systest/CSRFTestCase.java
        D jsf-ri/systest/web/golden/regression/InjectUserDefJS.txt
        D jsf-ri/systest/web/golden/interweaving10.txt
        D jsf-ri/systest/web/golden/interweaving11.txt
        D jsf-ri/systest/web/golden/interweaving12.txt
        D jsf-ri/systest/web/golden/interweaving08.txt
        D jsf-ri/systest/web/golden/interweaving09.txt
        D jsf-ri/systest/web/golden/taglib/attributeTest.txt
        D jsf-ri/systest/web/golden/taglib/commandButton_param_test.txt
        D jsf-ri/systest/web/golden/taglib/commandLink_multiform_test.txt
        D jsf-ri/systest/web/golden/taglib/commandButton_test.txt
        D jsf-ri/systest/web/golden/taglib/commandLink_test.txt
        D jsf-ri/systest/web/golden/include-import-interweaving.txt
        D jsf-ri/systest/web/golden/factoryFinder.txt
        D jsf-ri/systest/web/golden/managed04.txt
        D jsf-ri/systest/web/csrf
        D jsf-ri/systest/web/csrf/goodPage.xhtml
        D jsf-ri/systest/web/csrf/badPage.html
        D jsf-ri/systest/web/csrf/badPage1.html
        D jsf-ri/systest/web/csrf/badPage2.html
        — Remove CSRF classes, tests.
        — Remove unneeded golden files

        Excellent. Taking out a feature cleanly is tricky.

        r=edburns

        Make sure to put the svn revision number of your commit in this bug report
        before closing it.

        Ed

        Show
        Ed Burns added a comment - << https://javaserverfaces.dev.java.net/issues/show_bug.cgi?id=1850 >> << Remove Spec Public 869 Implementation; Improve Mojarra Tests >> SECTION: Modified Files ---------------------------- RK> M jsf-api/doc/standard-html-renderkit-base.xml RK> M jsf-api/doc/standard-html-renderkit.xml RK> — Remove specification of CSRF token for Form Rendering RK> M jsf-api/src/main/java/javax/faces/application/ViewHandler.java RK> — Remove specification of CSRF token for getActionURL method Just because you removed some 2.1 modifications doesn't mean you removed all 2.1 modifications. Please reinstate the changed_modified_2_1 attribution on the first word of the class javadocs. RK> M jsf-api/src/main/java/javax/faces/render/ResponseStateManager.java RK> — Remove javax.faces.VIEW_TOKEN_PARAM constant Here it is correct to remove the changed_modified_2_1 attribution *from the class javadocs*. Please do so. RK> M jsf-ri/src/main/java/com/sun/faces/context/AjaxExceptionHandlerImpl.java RK> — No need to handle standard (non partial) exceptions RK> M jsf-ri/src/main/java/com/sun/faces/renderkit/html_basic/FormRenderer.java RK> — Remove CSRF token hidden field rendering RK> M jsf-ri/src/main/java/com/sun/faces/lifecycle/RestoreViewPhase.java RK> — Remove token verification check and handling Looks like you already got the 2.2.1 changes. Great. RK> M jsf-ri/src/main/java/com/sun/faces/application/view/MultiViewHandler.java RK> — Remove propogation of CSRF token into urls RK> M jsf-ri/src/main/java/com/sun/faces/config/WebConfiguration.java RK> — Remove CSRF configuration parameter definition RK> M jsf-ri/systest/src/com/sun/faces/systest/ResourceRelocationTestCase.java RK> M jsf-ri/systest/src/com/sun/faces/systest/jsp/interweaving/InterweavingTestCase.java This wasn't necessary, but thanks for doing it! RK> M jsf-ri/systest/src/com/sun/faces/systest/el/ELTestCase.java RK> — Restore tests to running condition; RK> — InterweavingTestCase: eliminate golden file(s) - add new tests RK> M jsf-ri/systest/build-tests.xml RK> — Remove CSRF test; Eliminate golden file processing for some tests RK> RK> A jsf-ri/systest/src/com/sun/faces/systest/jsp/regressions A jsf-ri/systest/src/com/sun/faces/systest/jsp/regressions/RegressionsTestCase.java A jsf-ri/systest/src/com/sun/faces/systest/jsp/config A jsf-ri/systest/src/com/sun/faces/systest/jsp/config/ConfigTestCase.java A jsf-ri/systest/src/com/sun/faces/systest/jsp/htmltaglib A jsf-ri/systest/src/com/sun/faces/systest/jsp/htmltaglib/HtmlTaglibTestCase.java A jsf-ri/systest/src/com/sun/faces/systest/jsp/managed A jsf-ri/systest/src/com/sun/faces/systest/jsp/managed/ManagedTestCase.java — New tests that do not perform golden file processing (replace golden file processing). D jsf-ri/src/main/java/com/sun/faces/renderkit/TokenHelper.java D jsf-ri/systest/src/com/sun/faces/systest/CSRFTestCase.java D jsf-ri/systest/web/golden/regression/InjectUserDefJS.txt D jsf-ri/systest/web/golden/interweaving10.txt D jsf-ri/systest/web/golden/interweaving11.txt D jsf-ri/systest/web/golden/interweaving12.txt D jsf-ri/systest/web/golden/interweaving08.txt D jsf-ri/systest/web/golden/interweaving09.txt D jsf-ri/systest/web/golden/taglib/attributeTest.txt D jsf-ri/systest/web/golden/taglib/commandButton_param_test.txt D jsf-ri/systest/web/golden/taglib/commandLink_multiform_test.txt D jsf-ri/systest/web/golden/taglib/commandButton_test.txt D jsf-ri/systest/web/golden/taglib/commandLink_test.txt D jsf-ri/systest/web/golden/include-import-interweaving.txt D jsf-ri/systest/web/golden/factoryFinder.txt D jsf-ri/systest/web/golden/managed04.txt D jsf-ri/systest/web/csrf D jsf-ri/systest/web/csrf/goodPage.xhtml D jsf-ri/systest/web/csrf/badPage.html D jsf-ri/systest/web/csrf/badPage1.html D jsf-ri/systest/web/csrf/badPage2.html — Remove CSRF classes, tests. — Remove unneeded golden files Excellent. Taking out a feature cleanly is tricky. r=edburns Make sure to put the svn revision number of your commit in this bug report before closing it. Ed
        Hide
        rogerk added a comment -

        Committed revision 8687

        Show
        rogerk added a comment - Committed revision 8687
        Hide
        Manfred Riem added a comment -

        Closing issue out

        Show
        Manfred Riem added a comment - Closing issue out

          People

          • Assignee:
            rogerk
            Reporter:
            rogerk
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: