|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object javax.faces.render.Renderer org.jboss.seam.ui.util.cdk.RendererBase org.jboss.seam.ui.renderkit.TokenRendererBase
public class TokenRendererBase
The TokenRendererBase renders the form's signature as a hidden form field for the UIToken component. If the renderStampStore component is enabled, the actually signature will be stored in the session and the key to this token store in the hidden form field, providing the same guarantee for client-side state saving as with server-side state saving.
The form signature is calculated as follows:
sha1(signature = contextPath + viewId + "," + formClientId + random alphanum, salt = clientUid)
The developer can also choose to incorporate the session id into this hash to generate a more secure token (at the cost of binding it to the session) by setting the requireSession attribute to true. Then the calculation becomes:
sha1(signature = contextPath + viewId + "," + formClientId + "," + random alphanum + sessionId, salt = clientUid)
The decode method performs the following steps:
If all of that passes, we are okay to process the form (advance to validate phase as decode() is called in apply request values).
UnauthorizedCommandException
Field Summary | |
---|---|
static java.lang.String |
FORM_SIGNATURE_PARAM
|
static java.lang.String |
RENDER_STAMP_ATTR
|
Fields inherited from class org.jboss.seam.ui.util.cdk.RendererBase |
---|
JAVASCRIPT_NAMESPACE |
Constructor Summary | |
---|---|
TokenRendererBase()
|
Method Summary | |
---|---|
protected void |
doDecode(javax.faces.context.FacesContext context,
javax.faces.component.UIComponent component)
Template method for custom decoding of concrete renderer. |
protected void |
doEncodeBegin(javax.faces.context.ResponseWriter writer,
javax.faces.context.FacesContext context,
javax.faces.component.UIComponent component)
Template method for custom start encoding of concrete renderer. |
protected java.lang.Class |
getComponentClass()
Get base component slass , targetted for this renderer. |
Methods inherited from class org.jboss.seam.ui.util.cdk.RendererBase |
---|
decode, doEncodeEnd, doEncodeChildren, encodeBegin, encodeEnd, encodeChildren, getUtils, preDecode, preEncodeBegin, renderChild, renderChildren |
Methods inherited from class javax.faces.render.Renderer |
---|
convertClientId, getConvertedValue, getRendersChildren |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String FORM_SIGNATURE_PARAM
public static final java.lang.String RENDER_STAMP_ATTR
Constructor Detail |
---|
public TokenRendererBase()
Method Detail |
---|
protected java.lang.Class getComponentClass()
RendererBase
getComponentClass
in class RendererBase
protected void doDecode(javax.faces.context.FacesContext context, javax.faces.component.UIComponent component)
RendererBase
doDecode
in class RendererBase
protected void doEncodeBegin(javax.faces.context.ResponseWriter writer, javax.faces.context.FacesContext context, javax.faces.component.UIComponent component) throws java.io.IOException
RendererBase
doEncodeBegin
in class RendererBase
java.io.IOException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |