myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kamran Kashanian (JIRA)" <...@myfaces.apache.org>
Subject [jira] Created: (TRINIDAD-1771) Proposed changes to Trinidad org.apache.myfaces.trinidad.render.ClientRowKeyManager class
Date Wed, 31 Mar 2010 23:46:27 GMT
Proposed changes to Trinidad org.apache.myfaces.trinidad.render.ClientRowKeyManager class
-----------------------------------------------------------------------------------------

                 Key: TRINIDAD-1771
                 URL: https://issues.apache.org/jira/browse/TRINIDAD-1771
             Project: MyFaces Trinidad
          Issue Type: Improvement
          Components: Components
    Affects Versions: 2.0.0-alpha
         Environment: All
            Reporter: Kamran Kashanian


Proposing the following changes related to Trinidad org.apache.myfaces.trinidad.render.ClientRowKeyManager
class:

1)  Current implementation of ClientRowKeyManager provides read-only access to a component
server/client row key cache.    Proposal is to add an additional API to support the updating
of server-side row keys in the cache.  This is useful for use-cases where the model row key
may change and the cache needs to be updated with the changed row key.  The following API
is proposed:

  /**
   * Replaces an old row key with a new key if the old row key exists.  If the old row key
is successfully replaced,
   * the new row key will be mapped to the existing client row key.
   * @param context
   * @param component
   * @param oldRowKey row key to replace (may not exist)
   * @param newRowKey new row key
   * @return <code>true</code> if old row key existed and was replaced, <code>false</code>
otherwise
   */
  public boolean replaceRowKey(FacesContext context, UIComponent component, Object oldRowKey,
Object newRowKey)



2) Trinidad UIXCollection currently implements a ClientRowKeyManager  called:  DefaultClientKeyManager.
  If the server-side row key in the CollectionModel is a Java String,  DefaultClientKeyManager
does not always translate the row key to a short client row key and sometime returns the server-side
row key for use on the client.  

There are two problems with this:

a)  It is a security issue as the model primary keys are directly exposed in the HTML  markup
b) The row key string is used as part of the clientId for the stamped child components in
the UIXCollection.  The server-side row key may not be suitable for use in a clientId string
(the string may contain reserved characters such as ':')


The proposal is to change DefaultClientKeyManager to always translate the server-side row
key to a short client row key suitable for use inside JSF clientId(s)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message