Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.1_01
    • Fix Version/s: 1.0
    • Component/s: None
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      84

      Description

      provide the implementation for

      https://javaserverfaces-spec-public.dev.java.net/issues/show_bug.cgi?id=2.

      I recommend using javax.crypto.

        Activity

        Hide
        Ed Burns added a comment -

        take ownership

        Show
        Ed Burns added a comment - take ownership
        Hide
        jayashri added a comment -

        Taking ownership

        Show
        jayashri added a comment - Taking ownership
        Hide
        jayashri added a comment -

        Created an attachment (id=56)
        ByteArrayGuard Utility from BluePrints

        Show
        jayashri added a comment - Created an attachment (id=56) ByteArrayGuard Utility from BluePrints
        Hide
        jayashri added a comment -

        A ByteArrayGuard.java
        Utility from BluePrints to save state in client in a
        secure manner using JCE.

        M ResponseStateManagerImpl.java
        Uses the ByteArrayGuard utility to save state in client.

        Diffs below.
        New file ByteArrayGuard.java is attached to the issue.

        Index: ResponseStateManagerImpl.java
        ===================================================================
        RCS file:
        /cvs/javaserverfaces-sources/jsf-ri/src/com/sun/faces/renderkit/ResponseSta
        teManagerImpl.java,v
        retrieving revision 1.15
        diff -u -r1.15 ResponseStateManagerImpl.java
        — ResponseStateManagerImpl.java 6 Apr 2005 02:39:47 -0000 1.15
        +++ ResponseStateManagerImpl.java 19 Apr 2005 18:40:46 -0000
        @@ -56,6 +56,7 @@
        // Instance Variables
        //
        private Boolean compressStateSet = null;
        + private ByteArrayGuard byteArrayGuard = null;

        //
        // Ivars used during actual client lifetime
        @@ -70,6 +71,7 @@

        public ResponseStateManagerImpl()

        { super(); + byteArrayGuard = new ByteArrayGuard(); }

        @@ -96,7 +98,8 @@
        }

        public boolean isPostback(FacesContext context)

        { - boolean result = context.getExternalContext().getRequestParameterMap().contai nsKey(RIConstants.FACES_VIEW); + boolean result = context.getExternalContext().getRequestParameterMap(). + containsKey(RIConstants.FACES_VIEW); return result; }

        @@ -120,9 +123,10 @@
        GZIPInputStream gis = null;
        ObjectInputStream ois = null;
        boolean compress = isCompressStateSet(context);
        -

        • byte[] bytes = Base64.decode(viewString.getBytes());
          +
          try {
          + byte[] bytes = byteArrayGuard.decrypt(context,
          + (Base64.decode(viewString.getBytes())));
          bis = new ByteArrayInputStream(bytes);
          if (isCompressStateSet(context)) {
          if (log.isDebugEnabled()) {
          @@ -185,12 +189,14 @@
          if (compress) { zos.close(); }

          + byte[] securedata = byteArrayGuard.encrypt(context,
          + bos.toByteArray());
          bos.close();
          hiddenField = " <input type=\"hidden\" name=\""
          + RIConstants.FACES_VIEW + "\"" + " value=\"" +

        • (new String(Base64.encode(bos.toByteArray()), "ISO-8859-1")) +
        • "\" />\n ";
          + (new String(Base64.encode(securedata), "ISO-8859-1"))
          + + "\" />\n ";
          }
          else {
          hiddenField = " <input type=\"hidden\" name=\""
        Show
        jayashri added a comment - A ByteArrayGuard.java Utility from BluePrints to save state in client in a secure manner using JCE. M ResponseStateManagerImpl.java Uses the ByteArrayGuard utility to save state in client. Diffs below. New file ByteArrayGuard.java is attached to the issue. Index: ResponseStateManagerImpl.java =================================================================== RCS file: /cvs/javaserverfaces-sources/jsf-ri/src/com/sun/faces/renderkit/ResponseSta teManagerImpl.java,v retrieving revision 1.15 diff -u -r1.15 ResponseStateManagerImpl.java — ResponseStateManagerImpl.java 6 Apr 2005 02:39:47 -0000 1.15 +++ ResponseStateManagerImpl.java 19 Apr 2005 18:40:46 -0000 @@ -56,6 +56,7 @@ // Instance Variables // private Boolean compressStateSet = null; + private ByteArrayGuard byteArrayGuard = null; // // Ivars used during actual client lifetime @@ -70,6 +71,7 @@ public ResponseStateManagerImpl() { super(); + byteArrayGuard = new ByteArrayGuard(); } @@ -96,7 +98,8 @@ } public boolean isPostback(FacesContext context) { - boolean result = context.getExternalContext().getRequestParameterMap().contai nsKey(RIConstants.FACES_VIEW); + boolean result = context.getExternalContext().getRequestParameterMap(). + containsKey(RIConstants.FACES_VIEW); return result; } @@ -120,9 +123,10 @@ GZIPInputStream gis = null; ObjectInputStream ois = null; boolean compress = isCompressStateSet(context); - byte[] bytes = Base64.decode(viewString.getBytes()); + try { + byte[] bytes = byteArrayGuard.decrypt(context, + (Base64.decode(viewString.getBytes()))); bis = new ByteArrayInputStream(bytes); if (isCompressStateSet(context)) { if (log.isDebugEnabled()) { @@ -185,12 +189,14 @@ if (compress) { zos.close(); } + byte[] securedata = byteArrayGuard.encrypt(context, + bos.toByteArray()); bos.close(); hiddenField = " <input type=\"hidden\" name=\"" + RIConstants.FACES_VIEW + "\"" + " value=\"" + (new String(Base64.encode(bos.toByteArray()), "ISO-8859-1")) + "\" />\n "; + (new String(Base64.encode(securedata), "ISO-8859-1")) + + "\" />\n "; } else { hiddenField = " <input type=\"hidden\" name=\""
        Hide
        Ed Burns added a comment -

        Looks good. Please modify the README to document the new init parameter for the
        client side state password,

        Otherwise, looks good. r=edburns

        Show
        Ed Burns added a comment - Looks good. Please modify the README to document the new init parameter for the client side state password, Otherwise, looks good. r=edburns
        Hide
        Ed Burns added a comment -

        This has been fixed for a while.

        Show
        Ed Burns added a comment - This has been fixed for a while.
        Hide
        Manfred Riem added a comment -

        Closing issue out

        Show
        Manfred Riem added a comment - Closing issue out

          People

          • Assignee:
            jayashri
            Reporter:
            Ed Burns
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: