aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeif Åstrand <leif@vaadin.com>2016-12-01 10:44:34 +0200
committerVaadin Code Review <review@vaadin.com>2016-12-02 06:30:19 +0000
commit187bf6130df6abd8f4c0997f9dd728b2ac6a031d (patch)
tree1e9b999dd63ca58e83a7898a720e097ba137232e
parent68f19ab2b0ac13393c887817f063e2b918b86d57 (diff)
downloadvaadin-framework-187bf6130df6abd8f4c0997f9dd728b2ac6a031d.tar.gz
vaadin-framework-187bf6130df6abd8f4c0997f9dd728b2ac6a031d.zip
Add comments clarifying the use of UUID for security tokens
Change-Id: I3f48f9bb42b36d0a46926ec753f30df95491720b
Diffstat
-rw-r--r--server/src/main/java/com/vaadin/server/VaadinSession.java6
-rw-r--r--server/src/main/java/com/vaadin/ui/ConnectorTracker.java6
2 files changed, 12 insertions, 0 deletions
diff --git a/server/src/main/java/com/vaadin/server/VaadinSession.java b/server/src/main/java/com/vaadin/server/VaadinSession.java
index 3e3202ee1b..84808e89da 100644
--- a/server/src/main/java/com/vaadin/server/VaadinSession.java
+++ b/server/src/main/java/com/vaadin/server/VaadinSession.java
@@ -754,6 +754,12 @@ public class VaadinSession implements HttpSessionBindingListener, Serializable {
private int connectorIdSequence = 0;
+ /*
+ * Despite section 6 of RFC 4122, this particular use of UUID *is* adequate
+ * for security capabilities. Type 4 UUIDs contain 122 bits of random data,
+ * and UUID.randomUUID() is defined to use a cryptographically secure random
+ * generator.
+ */
private final String csrfToken = UUID.randomUUID().toString();
/**
diff --git a/server/src/main/java/com/vaadin/ui/ConnectorTracker.java b/server/src/main/java/com/vaadin/ui/ConnectorTracker.java
index 2ba6f5e895..ca901f6a6f 100644
--- a/server/src/main/java/com/vaadin/ui/ConnectorTracker.java
+++ b/server/src/main/java/com/vaadin/ui/ConnectorTracker.java
@@ -785,6 +785,12 @@ public class ConnectorTracker implements Serializable {
}
String seckey = streamVariableToSeckey.get(variable);
if (seckey == null) {
+ /*
+ * Despite section 6 of RFC 4122, this particular use of UUID *is*
+ * adequate for security capabilities. Type 4 UUIDs contain 122 bits
+ * of random data, and UUID.randomUUID() is defined to use a
+ * cryptographically secure random generator.
+ */
seckey = UUID.randomUUID().toString();
streamVariableToSeckey.put(variable, seckey);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-29 11:34:44 +0000
d2d2 } /* Error */ .highlight .k { color: #008800; font-weight: bold } /* Keyword */ .highlight .ch { color: #888888 } /* Comment.Hashbang */ .highlight .cm { color: #888888 } /* Comment.Multiline */ .highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */ .highlight .cpf { color: #888888 } /* Comment.PreprocFile */ .highlight .c1 { color: #888888 } /* Comment.Single */ .highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */ .highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */ .highlight .ge { font-style: italic } /* Generic.Emph */ .highlight .gr { color: #aa0000 } /* Generic.Error */ .highlight .gh { color: #333333 } /* Generic.Heading */ .highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */ .highlight .go { color: #888888 } /* Generic.Output */ .highlight .gp { color: #555555 } /* Generic.Prompt */ .highlight .gs { font-weight: bold } /* Generic.Strong */ .highlight .gu { color: #666666 } /* Generic.Subheading */ .highlight .gt { color: #aa0000 } /* Generic.Traceback */ .highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */ .highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */ .highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */ .highlight .kp { color: #008800 } /* Keyword.Pseudo */ .highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */ .highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */ .highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */ .highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */ .highlight .na { color: #336699 } /* Name.Attribute */ .highlight .nb { color: #003388 } /* Name.Builtin */ .highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */ .highlight .no { color: #003366; font-weight: bold } /* Name.Constant */ .highlight .nd { color: #555555 } /* Name.Decorator */ .highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */ .highlight .nl { color: #336699; font-style: italic } /* Name.Label */ .highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */ .highlight .py { color: #336699; font-weight: bold } /* Name.Property */ .highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #336699 } /* Name.Variable */ .highlight .ow { color: #008800 } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- $Id$ -->
<xsl:stylesheet
     xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"
     xmlns:fo="http://www.w3.org/1999/XSL/Format">

<xsl:template match ="root">
  <fo:root xmlns:fo="http://www.w3.org/1999/XSL/Format">

    <!-- defines page layout -->
    <fo:layout-master-set>

      <fo:simple-page-master master-name="simple"
                    page-height="29.7cm"
                    page-width="21cm"
                    margin-top="1.5cm"
                    margin-bottom="1.5cm"
                    margin-left="2.5cm"
                    margin-right="2.5cm">
        <fo:region-body margin-top="1.5cm"/>
        <fo:region-before extent="1.5cm"/>
        <fo:region-after extent="1.5cm"/>
      </fo:simple-page-master>
    </fo:layout-master-set>

    <fo:page-sequence master-reference="simple">
      <fo:static-content flow-name="xsl-region-before">
        <fo:block text-align="end"
              font-size="10pt"
              font-family="serif"
              line-height="14pt" >
          xsl:fo short reference - p. <fo:page-number/>
        </fo:block>
      </fo:static-content>

      <fo:flow flow-name="xsl-region-body">


       <fo:block font-size="18pt"
                font-family="sans-serif"
                line-height="24pt"
                space-after.optimum="15pt"
                background-color="blue"
                color="white"
                text-align="center">
        xsl:fo short reference
         </fo:block>

<!-- generates table of contents and puts it into a table -->

         <fo:block font-size="10pt"
                  font-family="sans-serif"
                  line-height="10pt"
                  space-after.optimum="3pt"
                  font-weight="bold"
                  start-indent="15pt">
            Content
         </fo:block>

         <fo:table space-after.optimum="15pt">
            <fo:table-column column-width="1cm"/>
            <fo:table-column column-width="15cm"/>
            <fo:table-body font-size="10pt"
                           font-family="sans-serif">

            <xsl:for-each select="div0/head">
               <fo:table-row line-height="12pt">
                  <fo:table-cell>
                     <fo:block text-align="end" >
                        <xsl:number value="position()" format="1"/>)
                     </fo:block>
                  </fo:table-cell>
                  <fo:table-cell>
                     <fo:block  text-align="start" >
                        <xsl:value-of select="."/>
                     </fo:block>
                  </fo:table-cell>
               </fo:table-row>
            </xsl:for-each>
            </fo:table-body>
         </fo:table>

      <xsl:apply-templates/>
         <fo:block font-size="10pt"
                  font-family="sans-serif"
                  line-height="11pt"
                  space-before.optimum="2cm">
            The explanation of the flow objects is based (mostly verbatim) on the section
            6.2 of the XSL W3C Candidate Recommendation 21 November 2000. More info at the beginning
            of the file xslfoRef.xml.
         </fo:block>

      </fo:flow>
    </fo:page-sequence>
  </fo:root>
</xsl:template>


<xsl:template match ="div">
   <fo:block font-size="14pt"
            font-family="sans-serif"
            space-before.optimum="3pt"
            space-after.optimum="3pt"
            text-align="center"
            padding-top="3pt"
            >
    <xsl:apply-templates/>
   </fo:block>
</xsl:template>

<xsl:template match ="div0/head">
   <fo:block font-size="16pt"
            line-height="18pt"
            text-align="center"
            padding-top="3pt"
            start-indent="2cm"
            end-indent="2cm"
            background-color="blue"
            color="white"
            space-before.optimum="5pt"
            space-after.optimum="5pt"
            >
     <xsl:value-of select="."/>
   </fo:block>
</xsl:template>


<xsl:template match ="div/fo">
   <fo:block font-size="13pt"
            line-height="14pt"
            text-align="start"
            >
     <xsl:value-of select="."/>
   </fo:block>
</xsl:template>

<xsl:template match ="explanation">
   <fo:block font-size="11pt"
             font-family="sans-serif"
             line-height="12pt"
             text-align="start"
             start-indent="0.5cm"
            >
    <xsl:apply-templates/>
   </fo:block>
</xsl:template>

<xsl:template match ="div/content">
   <fo:block font-size="10pt"
             font-family="Courier"
             start-indent="0.5cm"
             line-height="11pt"
             text-align="start"
             wrap-option="wrap">
       Content: <xsl:value-of select="."/>
   </fo:block>
</xsl:template>

<xsl:template match ="div/properties">
   <fo:block font-size="10pt"
             font-family="Courier"
             line-height="11pt"
             text-align="start"
             start-indent="0.5cm">
      Properties:
   </fo:block>
   <fo:block space-after.optimum="3pt">
     <xsl:apply-templates/>
   </fo:block>
</xsl:template>

<xsl:template match ="properties/property">
   <fo:block font-size="9pt"
             font-family="sans-serif"
             line-height="10pt"
             text-align="start"
             start-indent="1cm">
     <xsl:value-of select="."/>
   </fo:block>
</xsl:template>


<xsl:template match ="div/property-def">
   <fo:block font-size="13pt"
            line-height="14pt"
            text-align="start"
            >
     <xsl:value-of select="."/>
   </fo:block>
</xsl:template>


<xsl:template match ="div/values">
   <fo:block font-size="11pt"
             text-align="start"
             line-height="12pt">Values: <xsl:value-of select="."/>
   </fo:block>
</xsl:template>



</xsl:stylesheet>
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-29 11:34:43 +0000