org.apache.myfaces.shared.util
Class StateUtils

java.lang.Object
  extended by org.apache.myfaces.shared.util.StateUtils

public final class StateUtils
extends Object

This Class exposes a handful of methods related to encryption, compression and serialization of the view state.

The secret is interpretted as base 64 encoded. In other words, if your secret is "76543210", you would put "NzY1NDMyMTA=" in the deployment descriptor. This is needed so that key values are not limited to just values composed of printable characters.

If you are using CBC mode encryption, you must specify an initialization vector.

If you are using the AES algorithm and getting a SecurityException complaining about keysize, you most likely need to get the unlimited strength jurisdiction policy files from a place like http://java.sun.com/j2se/1.4.2/download.html .

Author:
Dennis C. Byrne
See Also:
org.apache.myfaces.webapp.StartupServletContextListener

Field Summary
static String COMPRESS_STATE_IN_CLIENT
          Indicate if the view state should be compressed before encrypted(optional) and encoded
static String DEFAULT_ALGORITHM
           
static String DEFAULT_ALGORITHM_PARAMS
           
static String DEFAULT_MAC_ALGORITHM
           
static String INIT_ALGORITHM
          Indicate the encryption algorithm used for encrypt the view state.
static String INIT_ALGORITHM_IV
          Defines the initialization vector (Base64 encoded) used for the encryption algorithm
static String INIT_ALGORITHM_PARAM
          Defines the default mode and padding used for the encryption algorithm
static String INIT_MAC_ALGORITHM
          Indicate the algorithm used to calculate the Message Authentication Code that is added to the view state.
static String INIT_MAC_SECRET
          Define the initialization code that are used to initialize the secret key used on the Message Authentication Code algorithm
static String INIT_MAC_SECRET_KEY_CACHE
          If is set to "false", the secret key used for MAC algorithm is not cached.
static String INIT_PREFIX
           
static String INIT_SECRET
          Defines the secret (Base64 encoded) used to initialize the secret key for encryption algorithm.
static String INIT_SECRET_KEY_CACHE
          If is set to "false", the secret key used for encryption algorithm is not cached.
static String SERIAL_FACTORY
          Defines the factory class name using for serialize/deserialize the view state returned by state manager into a byte array.
static String USE_ENCRYPTION
          Indicate if the view state is encrypted or not.
static String ZIP_CHARSET
           
 
Method Summary
static byte[] compress(byte[] bytes)
           
static String construct(Object object, ExternalContext ctx)
          This fires during the Render Response phase, saving state.
static byte[] decode(byte[] bytes)
           
static byte[] decompress(byte[] bytes)
           
static byte[] decrypt(byte[] secure, ExternalContext ctx)
           
static boolean enableCompression(ExternalContext ctx)
           
static byte[] encode(byte[] bytes)
           
static byte[] encrypt(byte[] insecure, ExternalContext ctx)
           
static byte[] getAsByteArray(Object object, ExternalContext ctx)
          Performs serialization with the serialization provider created by the SerialFactory.
static Object getAsObject(byte[] bytes, ExternalContext ctx)
          Performs deserialization with the serialization provider created from the SerialFactory.
static void initSecret(javax.servlet.ServletContext ctx)
          Does nothing if the user has disabled the SecretKey cache.
static boolean isSecure(ExternalContext ctx)
           
static void main(String[] args)
          Utility method for generating base 64 encoded strings.
static Object reconstruct(String string, ExternalContext ctx)
          This fires during the Restore View phase, restoring state.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ZIP_CHARSET

public static final String ZIP_CHARSET
See Also:
Constant Field Values

DEFAULT_ALGORITHM

public static final String DEFAULT_ALGORITHM
See Also:
Constant Field Values

DEFAULT_ALGORITHM_PARAMS

public static final String DEFAULT_ALGORITHM_PARAMS
See Also:
Constant Field Values

INIT_PREFIX

public static final String INIT_PREFIX
See Also:
Constant Field Values

USE_ENCRYPTION

@JSFWebConfigParam(name="org.apache.myfaces.USE_ENCRYPTION",
                   since="1.1",
                   defaultValue="true",
                   expectedValues="true,false",
                   group="state")
public static final String USE_ENCRYPTION
Indicate if the view state is encrypted or not. By default, encryption is enabled.

See Also:
Constant Field Values

INIT_SECRET

@JSFWebConfigParam(name="org.apache.myfaces.SECRET",
                   since="1.1",
                   group="state")
public static final String INIT_SECRET
Defines the secret (Base64 encoded) used to initialize the secret key for encryption algorithm. See MyFaces wiki/web site documentation for instructions on how to configure an application for different encryption strengths.

See Also:
Constant Field Values

INIT_ALGORITHM

@JSFWebConfigParam(name="org.apache.myfaces.ALGORITHM",
                   since="1.1",
                   defaultValue="DES",
                   group="state",
                   tags="performance")
public static final String INIT_ALGORITHM
Indicate the encryption algorithm used for encrypt the view state.

See Also:
Constant Field Values

INIT_SECRET_KEY_CACHE

@JSFWebConfigParam(name="org.apache.myfaces.SECRET.CACHE",
                   since="1.1",
                   group="state")
public static final String INIT_SECRET_KEY_CACHE
If is set to "false", the secret key used for encryption algorithm is not cached. This is used when the returned SecretKey for encryption algorithm is not thread safe.

See Also:
Constant Field Values

INIT_ALGORITHM_IV

@JSFWebConfigParam(name="org.apache.myfaces.ALGORITHM.IV",
                   since="1.1",
                   group="state")
public static final String INIT_ALGORITHM_IV
Defines the initialization vector (Base64 encoded) used for the encryption algorithm

See Also:
Constant Field Values

INIT_ALGORITHM_PARAM

@JSFWebConfigParam(name="org.apache.myfaces.ALGORITHM.PARAMETERS",
                   since="1.1",
                   defaultValue="ECB/PKCS5Padding",
                   group="state")
public static final String INIT_ALGORITHM_PARAM
Defines the default mode and padding used for the encryption algorithm

See Also:
Constant Field Values

SERIAL_FACTORY

@JSFWebConfigParam(name="org.apache.myfaces.SERIAL_FACTORY",
                   since="1.1",
                   group="state",
                   tags="performance")
public static final String SERIAL_FACTORY
Defines the factory class name using for serialize/deserialize the view state returned by state manager into a byte array. The expected class must implement org.apache.myfaces.shared.util.serial.SerialFactory interface.

See Also:
Constant Field Values

COMPRESS_STATE_IN_CLIENT

@JSFWebConfigParam(name="org.apache.myfaces.COMPRESS_STATE_IN_CLIENT",
                   since="1.1",
                   defaultValue="false",
                   expectedValues="true,false",
                   group="state",
                   tags="performance")
public static final String COMPRESS_STATE_IN_CLIENT
Indicate if the view state should be compressed before encrypted(optional) and encoded

See Also:
Constant Field Values

DEFAULT_MAC_ALGORITHM

public static final String DEFAULT_MAC_ALGORITHM
See Also:
Constant Field Values

INIT_MAC_ALGORITHM

@JSFWebConfigParam(name="org.apache.myfaces.MAC_ALGORITHM",
                   defaultValue="HmacSHA1",
                   group="state",
                   tags="performance")
public static final String INIT_MAC_ALGORITHM
Indicate the algorithm used to calculate the Message Authentication Code that is added to the view state.

See Also:
Constant Field Values

INIT_MAC_SECRET

@JSFWebConfigParam(name="org.apache.myfaces.MAC_SECRET",
                   group="state")
public static final String INIT_MAC_SECRET
Define the initialization code that are used to initialize the secret key used on the Message Authentication Code algorithm

See Also:
Constant Field Values

INIT_MAC_SECRET_KEY_CACHE

@JSFWebConfigParam(name="org.apache.myfaces.MAC_SECRET.CACHE",
                   group="state")
public static final String INIT_MAC_SECRET_KEY_CACHE
If is set to "false", the secret key used for MAC algorithm is not cached. This is used when the returned SecretKey for mac algorithm is not thread safe.

See Also:
Constant Field Values
Method Detail

enableCompression

public static boolean enableCompression(ExternalContext ctx)

isSecure

public static boolean isSecure(ExternalContext ctx)

construct

public static final String construct(Object object,
                                     ExternalContext ctx)
This fires during the Render Response phase, saving state.


getAsByteArray

public static final byte[] getAsByteArray(Object object,
                                          ExternalContext ctx)
Performs serialization with the serialization provider created by the SerialFactory.

Parameters:
object -
ctx -
Returns:

encrypt

public static byte[] encrypt(byte[] insecure,
                             ExternalContext ctx)

compress

public static final byte[] compress(byte[] bytes)

encode

public static final byte[] encode(byte[] bytes)

reconstruct

public static final Object reconstruct(String string,
                                       ExternalContext ctx)
This fires during the Restore View phase, restoring state.


decode

public static final byte[] decode(byte[] bytes)

decompress

public static final byte[] decompress(byte[] bytes)

decrypt

public static byte[] decrypt(byte[] secure,
                             ExternalContext ctx)

getAsObject

public static final Object getAsObject(byte[] bytes,
                                       ExternalContext ctx)
Performs deserialization with the serialization provider created from the SerialFactory.

Parameters:
bytes -
ctx -
Returns:

main

public static void main(String[] args)
                 throws UnsupportedEncodingException
Utility method for generating base 64 encoded strings.

Parameters:
args -
Throws:
UnsupportedEncodingException

initSecret

public static void initSecret(javax.servlet.ServletContext ctx)
Does nothing if the user has disabled the SecretKey cache. This is useful when dealing with a JCA provider whose SecretKey implementation is not thread safe. Instantiates a SecretKey instance based upon what the user has specified in the deployment descriptor. The SecretKey is then stored in application scope where it can be used for all requests.



Copyright © 2014 The Apache Software Foundation. All Rights Reserved.