myfaces-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tandrasc...@apache.org
Subject [myfaces] branch master updated: refactored
Date Thu, 13 Dec 2018 22:03:39 GMT
This is an automated email from the ASF dual-hosted git repository.

tandraschko pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces.git


The following commit(s) were added to refs/heads/master by this push:
     new b27eb96  refactored
b27eb96 is described below

commit b27eb9644e5c7b8fd7758a9304c780cd54a36f48
Author: Thomas Andraschko <tandraschko@apache.org>
AuthorDate: Thu Dec 13 23:03:43 2018 +0100

    refactored
---
 .../myfaces/application/ResourceHandlerImpl.java   |   3 +-
 .../org/apache/myfaces/application/StateCache.java |  12 +-
 .../application/_SystemEventServletRequest.java    | 402 ---------------------
 .../application/_SystemEventServletResponse.java   |  81 -----
 .../viewstate/ClientSideStateCacheImpl.java        |  78 ++--
 .../application/viewstate/RandomKeyFactory.java    |  10 +-
 .../viewstate/SecureRandomKeyFactory.java          |  24 +-
 .../viewstate/ServerSideStateCacheImpl.java        | 274 +++-----------
 .../org/apache/myfaces/config/MyfacesConfig.java   | 204 +++++++++++
 .../tag/jsf/core/ValidateDelegateHandler.java      |   1 +
 .../facelets/tag/jstl/core/IterationStatus.java    |   8 +-
 .../viewstate/ClientSideStateCacheTest.java        |   3 +-
 .../SerializedViewCollectionTestCase.java          |  21 +-
 13 files changed, 304 insertions(+), 817 deletions(-)

diff --git a/impl/src/main/java/org/apache/myfaces/application/ResourceHandlerImpl.java b/impl/src/main/java/org/apache/myfaces/application/ResourceHandlerImpl.java
index f0a196c..79e400e 100644
--- a/impl/src/main/java/org/apache/myfaces/application/ResourceHandlerImpl.java
+++ b/impl/src/main/java/org/apache/myfaces/application/ResourceHandlerImpl.java
@@ -114,8 +114,7 @@ public class ResourceHandlerImpl extends ResourceHandler
     }
 
     @Override
-    public Resource createResource(String resourceName, String libraryName,
-            String contentType)
+    public Resource createResource(String resourceName, String libraryName, String contentType)
     {
         Assert.notNull(resourceName, "resourceName");
         
diff --git a/impl/src/main/java/org/apache/myfaces/application/StateCache.java b/impl/src/main/java/org/apache/myfaces/application/StateCache.java
index 2d4a82d..0023ad2 100644
--- a/impl/src/main/java/org/apache/myfaces/application/StateCache.java
+++ b/impl/src/main/java/org/apache/myfaces/application/StateCache.java
@@ -32,17 +32,7 @@ import org.apache.myfaces.buildtools.maven2.plugin.builder.annotation.JSFWebConf
 public abstract class StateCache<K, V>
 {
     
-    /**
-     * Defines how to generate the csrf session token.
-     */
-    @JSFWebConfigParam(since="2.2.0", expectedValues="secureRandom, random", 
-            defaultValue="none", group="state")
-    public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM
-            = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN";
-    public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM_DEFAULT = "random";
-    
-    public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM = "secureRandom";
-    public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_RANDOM = "random";
+
 
     /**
      * Set the default length of the random key used for the csrf session token.
diff --git a/impl/src/main/java/org/apache/myfaces/application/_SystemEventServletRequest.java b/impl/src/main/java/org/apache/myfaces/application/_SystemEventServletRequest.java
deleted file mode 100644
index 2172a7b..0000000
--- a/impl/src/main/java/org/apache/myfaces/application/_SystemEventServletRequest.java
+++ /dev/null
@@ -1,402 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.myfaces.application;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.lang.reflect.InvocationHandler;
-import java.lang.reflect.Method;
-import java.lang.reflect.Proxy;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Locale;
-import java.util.Map;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
-import javax.servlet.ServletRequest;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpSession;
-
-/**
- * @author Werner Punz (latest modification by $Author$)
- * @version $Revision$ $Date$
- *
- * Dummy request for various system event listeners
- *
- * the problem with the system event listeners is that they
- * are triggered often outside of an existing request
- * hence we have to provide dummy objects
- */
-
-
-public class _SystemEventServletRequest extends HttpServletRequestWrapper
-{
-
-    Map<String, Object> _attributesMap = new HashMap<String, Object>();
-
-    public _SystemEventServletRequest()
-    {
-        super((HttpServletRequest) Proxy.newProxyInstance(
-                HttpServletRequest.class.getClassLoader(),
-                new Class[]{HttpServletRequest.class},
-                new InvocationHandler()
-                {
-                    public Object invoke(Object proxy, Method m, Object[] args)
-                    {
-                        throw new UnsupportedOperationException("This request class is an empty placeholder");
-                    }
-                }));
-    }
-
-    public Object getAttribute(String s)
-    {
-        return _attributesMap.get(s);
-    }
-
-    public void setAttribute(String s, Object o)
-    {
-        _attributesMap.put(s, o);
-    }
-
-    public void removeAttribute(String s)
-    {
-        _attributesMap.remove(s);
-    }
-
-    public String getServletPath()
-    {
-        return null;
-    }
-
-    public String getPathInfo()
-    {
-        return null;
-    }
-
-    @Override
-    public HttpSession getSession()
-    {
-        return null;
-    }
-
-    @Override
-    public HttpSession getSession(boolean create)
-    {
-        return null;
-    }
-
-    @Override
-    public int getContentLength()
-    {
-        return -1;
-    }
-
-    @Override
-    public String getContentType()
-    {
-        return null;
-    }
-
-    @Override
-    public String getCharacterEncoding()
-    {
-        return null;
-    }
-
-    @Override
-    public String getHeader(String name)
-    {
-        return null;
-    }
-
-    @Override
-    public Enumeration getHeaderNames()
-    {
-        return Collections.enumeration(Collections.emptyList());
-    }
-
-    @Override
-    public Enumeration getHeaders(String name)
-    {
-        return Collections.enumeration(Collections.EMPTY_LIST);
-    }
-
-    @Override
-    public Cookie[] getCookies()
-    {
-        return new Cookie[0];
-    }
-
-    @Override
-    public String getAuthType()
-    {
-        return null;
-    }
-
-    @Override
-    public String getContextPath()
-    {
-        return null;
-    }
-
-    @Override
-    public long getDateHeader(String name)
-    {
-        return -1;
-    }
-
-    @Override
-    public int getIntHeader(String name)
-    {
-        return -1;
-    }
-
-    @Override
-    public String getMethod()
-    {
-        return null;
-    }
-
-    @Override
-    public String getPathTranslated()
-    {
-        return null;
-    }
-
-    @Override
-    public String getQueryString()
-    {
-        return null;
-    }
-
-    @Override
-    public String getRemoteUser()
-    {
-        return null;
-    }
-
-    @Override
-    public String getRequestedSessionId()
-    {
-        return null;
-    }
-
-    @Override
-    public String getRequestURI()
-    {
-        return null;
-    }
-
-    @Override
-    public StringBuffer getRequestURL()
-    {
-        return null;
-    }
-
-    @Override
-    public Principal getUserPrincipal()
-    {
-        return null;
-    }
-
-    @Override
-    public boolean isRequestedSessionIdFromCookie()
-    {
-        return false;
-    }
-
-    @Override
-    public boolean isRequestedSessionIdFromUrl()
-    {
-        return false;
-    }
-
-    @Override
-    public boolean isRequestedSessionIdFromURL()
-    {
-        return false;
-    }
-
-    @Override
-    public boolean isRequestedSessionIdValid()
-    {
-        return false;
-    }
-
-    @Override
-    public boolean isUserInRole(String role)
-    {
-        return false;
-    }
-
-    @Override
-    public Enumeration getAttributeNames()
-    {
-        return Collections.enumeration(Collections.EMPTY_LIST);
-    }
-
-    @Override
-    public ServletInputStream getInputStream() throws IOException
-    {
-        return null;
-    }
-
-    @Override
-    public String getLocalAddr()
-    {
-        return null;
-    }
-
-    @Override
-    public Locale getLocale()
-    {
-        return null;
-    }
-
-    @Override
-    public Enumeration getLocales()
-    {
-        return Collections.enumeration(Collections.emptyList());
-    }
-
-    @Override
-    public String getLocalName()
-    {
-        return null;
-    }
-
-    @Override
-    public int getLocalPort()
-    {
-        return -1;
-    }
-
-    @Override
-    public String getParameter(String name)
-    {
-        return null;
-    }
-
-    @Override
-    public Map getParameterMap()
-    {
-        return Collections.emptyMap();
-    }
-
-    @Override
-    public Enumeration getParameterNames()
-    {
-        return Collections.enumeration(Collections.emptyList());
-    }
-
-    @Override
-    public String[] getParameterValues(String name)
-    {
-        return new String[0];
-    }
-
-    @Override
-    public String getProtocol()
-    {
-        return null;
-    }
-
-    @Override
-    public BufferedReader getReader() throws IOException
-    {
-        return null;
-    }
-
-    @Override
-    public String getRealPath(String path)
-    {
-        return null;
-    }
-
-    @Override
-    public String getRemoteAddr()
-    {
-        return null;
-    }
-
-    @Override
-    public String getRemoteHost()
-    {
-        return null;
-    }
-
-    @Override
-    public int getRemotePort()
-    {
-        return -1;
-    }
-
-    @Override
-    public ServletRequest getRequest()
-    {
-        return null;
-    }
-
-    @Override
-    public RequestDispatcher getRequestDispatcher(String path)
-    {
-        return null;
-    }
-
-    @Override
-    public String getScheme()
-    {
-        return null;
-    }
-
-    @Override
-    public String getServerName()
-    {
-        return null;
-    }
-
-    @Override
-    public int getServerPort()
-    {
-        return -1;
-    }
-
-    @Override
-    public boolean isSecure()
-    {
-        return false;
-    }
-
-    @Override
-    public void setCharacterEncoding(String enc)
-            throws UnsupportedEncodingException
-    {
-    }
-
-    @Override
-    public void setRequest(ServletRequest request)
-    {
-    }
-}
diff --git a/impl/src/main/java/org/apache/myfaces/application/_SystemEventServletResponse.java b/impl/src/main/java/org/apache/myfaces/application/_SystemEventServletResponse.java
deleted file mode 100644
index e7abffc..0000000
--- a/impl/src/main/java/org/apache/myfaces/application/_SystemEventServletResponse.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.myfaces.application;
-
-import java.lang.reflect.InvocationHandler;
-import java.lang.reflect.Method;
-import java.lang.reflect.Proxy;
-
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-
-/**
- * @author Werner Punz (latest modification by $Author$)
- * @version $Revision$ $Date$
- *
- * the problem with the system event listeners is that they
- * are triggered often outside of an existing request
- * hence we have to provide dummy objects
- */
-
-public class _SystemEventServletResponse extends HttpServletResponseWrapper
-{
-
-    public _SystemEventServletResponse()
-    {
-        super( (HttpServletResponse) Proxy.newProxyInstance(
-                HttpServletResponse.class.getClassLoader(),
-                new Class[] { HttpServletResponse.class },
-                new InvocationHandler()
-                {
-                    public Object invoke(Object proxy, Method m, Object[] args) 
-                    {
-                        throw new UnsupportedOperationException("This response class is an empty placeholder");
-                    }
-                }));
-    }
-
-    @Override
-    public String getCharacterEncoding()
-    {
-        return null;
-    }
-
-    @Override
-    public String getContentType()
-    {
-        return null;
-    }
-
-    @Override
-    public void setCharacterEncoding(String charset)
-    {
-    }
-
-    @Override
-    public void setContentLength(int len)
-    {
-    }
-
-    @Override
-    public void setContentType(String type)
-    {
-    }
-
-}
diff --git a/impl/src/main/java/org/apache/myfaces/application/viewstate/ClientSideStateCacheImpl.java b/impl/src/main/java/org/apache/myfaces/application/viewstate/ClientSideStateCacheImpl.java
index dd1b209..b237759 100644
--- a/impl/src/main/java/org/apache/myfaces/application/viewstate/ClientSideStateCacheImpl.java
+++ b/impl/src/main/java/org/apache/myfaces/application/viewstate/ClientSideStateCacheImpl.java
@@ -18,47 +18,33 @@
  */
 package org.apache.myfaces.application.viewstate;
 
-import javax.faces.context.ExternalContext;
 import javax.faces.context.FacesContext;
 
 import org.apache.myfaces.application.StateCache;
 import org.apache.myfaces.application.viewstate.token.ClientSideStateTokenProcessor;
 import org.apache.myfaces.application.viewstate.token.StateTokenProcessor;
-import org.apache.myfaces.buildtools.maven2.plugin.builder.annotation.JSFWebConfigParam;
-import org.apache.myfaces.util.WebConfigParamUtils;
+import org.apache.myfaces.config.MyfacesConfig;
 
 class ClientSideStateCacheImpl extends StateCache<Object, Object>
 {
-    
-    /**
-     * Define the time in minutes where the view state is valid when
-     * client side state saving is used. By default it is set to 0
-     * (infinite).
-     */
-    @JSFWebConfigParam(since="2.1.9, 2.0.15", defaultValue="0", group="state")
-    public static final String INIT_PARAM_CLIENT_VIEW_STATE_TIMEOUT = 
-            "org.apache.myfaces.CLIENT_VIEW_STATE_TIMEOUT";
-    public static final Long INIT_PARAM_CLIENT_VIEW_STATE_TIMEOUT_DEFAULT = 0L;
-    
     private static final int STATE_PARAM = 0;
     private static final int VIEWID_PARAM = 1;
     private static final int TIMESTAMP_PARAM = 2;
     
     private static final Object[] EMPTY_STATES = new Object[]{null, null};
     
-    private Long _clientViewStateTimeout;
+    private final long clientViewStateTimeout;
     
-    private CsrfSessionTokenFactory csrfSessionTokenFactory;
-    private StateTokenProcessor stateTokenProcessor;
+    private final CsrfSessionTokenFactory csrfSessionTokenFactory;
+    private final StateTokenProcessor stateTokenProcessor;
     
     public ClientSideStateCacheImpl()
     {
         FacesContext facesContext = FacesContext.getCurrentInstance();
+        MyfacesConfig config = MyfacesConfig.getCurrentInstance(facesContext);
         
-        String csrfRandomMode = WebConfigParamUtils.getStringInitParameter(facesContext.getExternalContext(),
-                RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM, 
-                RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM_DEFAULT);
-        if (RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM.equals(csrfRandomMode))
+        String csrfRandomMode = config.getRandomKeyInCsrfSessionToken();
+        if (MyfacesConfig.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM.equals(csrfRandomMode))
         {
             csrfSessionTokenFactory = new SecureRandomCsrfSessionTokenFactory(facesContext);
         }
@@ -68,6 +54,7 @@ class ClientSideStateCacheImpl extends StateCache<Object, Object>
         }
         
         stateTokenProcessor = new ClientSideStateTokenProcessor();
+        clientViewStateTimeout = config.getClientViewStateTimeout();
     }
 
     @Override
@@ -81,12 +68,9 @@ class ClientSideStateCacheImpl extends StateCache<Object, Object>
     }
 
     @Override
-    public Object restoreSerializedView(FacesContext facesContext,
-            String viewId, Object viewState)
+    public Object restoreSerializedView(FacesContext facesContext, String viewId, Object viewState)
     {
-        Object[] state = (Object[]) viewState;
-        long clientViewStateTimeout = getClientViewStateTimeout(facesContext.getExternalContext());
-        
+        Object[] state = (Object[]) viewState;        
         if (clientViewStateTimeout > 0L)
         {
             Long timeStamp = (Long) state[TIMESTAMP_PARAM];
@@ -95,8 +79,8 @@ class ClientSideStateCacheImpl extends StateCache<Object, Object>
                 //If no timestamp, state is invalid.
                 return null;
             }
+
             long passedTime = (System.currentTimeMillis() - timeStamp.longValue()) / 60000;
-            
             if (passedTime > clientViewStateTimeout)
             {
                 //expire
@@ -105,7 +89,6 @@ class ClientSideStateCacheImpl extends StateCache<Object, Object>
         }
         
         String restoredViewId = (String) state[VIEWID_PARAM];
-        
         if (viewId != null && !viewId.equals(restoredViewId))
         {
             //invalid viewId, expire
@@ -120,10 +103,10 @@ class ClientSideStateCacheImpl extends StateCache<Object, Object>
         else
         {
             Object serializedView = state[STATE_PARAM];
-            if (serializedView instanceof Object[] &&
-            ((Object[])serializedView).length == 2 &&
-            ((Object[])serializedView)[0] == null &&
-            ((Object[])serializedView)[1] == null)
+            if (serializedView instanceof Object[]
+                    && ((Object[])serializedView).length == 2
+                    && ((Object[])serializedView)[0] == null
+                    && ((Object[])serializedView)[1] == null)
             {
                 // Remember inside the state null is stored as an empty array.
                 return null;
@@ -134,12 +117,11 @@ class ClientSideStateCacheImpl extends StateCache<Object, Object>
     }
 
     @Override
-    public Object encodeSerializedState(FacesContext facesContext,
-            Object serializedView)
+    public Object encodeSerializedState(FacesContext facesContext, Object serializedView)
     {
         Object[] state = null;
         
-        if (getClientViewStateTimeout(facesContext.getExternalContext()).longValue() > 0L)
+        if (clientViewStateTimeout > 0L)
         {
             state = new Object[3];
             state[TIMESTAMP_PARAM] = System.currentTimeMillis();
@@ -153,10 +135,10 @@ class ClientSideStateCacheImpl extends StateCache<Object, Object>
         {
             state[STATE_PARAM] = EMPTY_STATES;
         }
-        else if (serializedView instanceof Object[] &&
-            ((Object[])serializedView).length == 2 &&
-            ((Object[])serializedView)[0] == null &&
-            ((Object[])serializedView)[1] == null)
+        else if (serializedView instanceof Object[]
+                && ((Object[])serializedView).length == 2
+                && ((Object[])serializedView)[0] == null
+                && ((Object[])serializedView)[1] == null)
         {
             // The generated state can be considered zero, set it as null
             // into the map.
@@ -178,24 +160,6 @@ class ClientSideStateCacheImpl extends StateCache<Object, Object>
         return true;
     }
 
-    /**
-     * @return the _clientViewStateTimeout
-     */
-    protected Long getClientViewStateTimeout(ExternalContext context)
-    {
-        if (_clientViewStateTimeout == null)
-        {
-            _clientViewStateTimeout = WebConfigParamUtils.getLongInitParameter(
-                    context, INIT_PARAM_CLIENT_VIEW_STATE_TIMEOUT,
-                    INIT_PARAM_CLIENT_VIEW_STATE_TIMEOUT_DEFAULT);
-            if (_clientViewStateTimeout.longValue() < 0L)
-            {
-                _clientViewStateTimeout = 0L;
-            }
-        }
-        return _clientViewStateTimeout;
-    }
-
     @Override
     public String createCryptographicallyStrongTokenFromSession(FacesContext context)
     {
diff --git a/impl/src/main/java/org/apache/myfaces/application/viewstate/RandomKeyFactory.java b/impl/src/main/java/org/apache/myfaces/application/viewstate/RandomKeyFactory.java
index 50a6ffc..97a2169 100644
--- a/impl/src/main/java/org/apache/myfaces/application/viewstate/RandomKeyFactory.java
+++ b/impl/src/main/java/org/apache/myfaces/application/viewstate/RandomKeyFactory.java
@@ -23,13 +23,10 @@ import java.util.Random;
 import javax.faces.context.ExternalContext;
 import javax.faces.context.FacesContext;
 import javax.xml.bind.DatatypeConverter;
+import org.apache.myfaces.config.MyfacesConfig;
 
 import org.apache.myfaces.renderkit.RendererUtils;
-import org.apache.myfaces.util.WebConfigParamUtils;
 
-/**
- *
- */
 class RandomKeyFactory extends KeyFactory<byte[]>
 {
     private final Random random;
@@ -37,10 +34,7 @@ class RandomKeyFactory extends KeyFactory<byte[]>
 
     public RandomKeyFactory(FacesContext facesContext)
     {
-        length = WebConfigParamUtils.getIntegerInitParameter(
-            facesContext.getExternalContext(), 
-            ServerSideStateCacheImpl.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_PARAM, 
-            ServerSideStateCacheImpl.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_PARAM_DEFAULT);
+        length = MyfacesConfig.getCurrentInstance(facesContext).getRandomKeyInViewStateSessionTokenLength();
         random = new Random(((int) System.nanoTime()) + this.hashCode());
     }
 
diff --git a/impl/src/main/java/org/apache/myfaces/application/viewstate/SecureRandomKeyFactory.java b/impl/src/main/java/org/apache/myfaces/application/viewstate/SecureRandomKeyFactory.java
index 6b45f66..84efe33 100644
--- a/impl/src/main/java/org/apache/myfaces/application/viewstate/SecureRandomKeyFactory.java
+++ b/impl/src/main/java/org/apache/myfaces/application/viewstate/SecureRandomKeyFactory.java
@@ -22,9 +22,9 @@ import java.util.Map;
 import javax.faces.context.ExternalContext;
 import javax.faces.context.FacesContext;
 import javax.xml.bind.DatatypeConverter;
+import org.apache.myfaces.config.MyfacesConfig;
 
 import org.apache.myfaces.renderkit.RendererUtils;
-import org.apache.myfaces.util.WebConfigParamUtils;
 
 /**
  * This factory generate a key composed by a counter and a random number. The
@@ -38,29 +38,25 @@ class SecureRandomKeyFactory extends KeyFactory<byte[]>
 
     public SecureRandomKeyFactory(FacesContext facesContext)
     {
-        length = WebConfigParamUtils.getIntegerInitParameter(
-            facesContext.getExternalContext(), 
-            ServerSideStateCacheImpl.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_PARAM, 
-            ServerSideStateCacheImpl.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_PARAM_DEFAULT);
+        MyfacesConfig config = MyfacesConfig.getCurrentInstance(facesContext);
+        
+        length = config.getRandomKeyInViewStateSessionTokenLength();
         sessionIdGenerator = new SessionIdGenerator();
         sessionIdGenerator.setSessionIdLength(length);
-        String secureRandomClass = WebConfigParamUtils.getStringInitParameter(
-            facesContext.getExternalContext(), 
-            ServerSideStateCacheImpl.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_CLASS_PARAM);
+
+        String secureRandomClass = config.getRandomKeyInViewStateSessionTokenSecureRandomClass();
         if (secureRandomClass != null)
         {
             sessionIdGenerator.setSecureRandomClass(secureRandomClass);
         }
-        String secureRandomProvider = WebConfigParamUtils.getStringInitParameter(
-            facesContext.getExternalContext(), 
-            ServerSideStateCacheImpl.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_PROVIDER_PARAM);
+
+        String secureRandomProvider = config.getRandomKeyInViewStateSessionTokenSecureRandomProvider();
         if (secureRandomProvider != null)
         {
             sessionIdGenerator.setSecureRandomProvider(secureRandomProvider);
         }
-        String secureRandomAlgorithm = WebConfigParamUtils.getStringInitParameter(
-            facesContext.getExternalContext(), 
-            ServerSideStateCacheImpl.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITM_PARAM);
+
+        String secureRandomAlgorithm = config.getRandomKeyInViewStateSessionTokenSecureRandomAlgorithm();
         if (secureRandomAlgorithm != null)
         {
             sessionIdGenerator.setSecureRandomAlgorithm(secureRandomAlgorithm);
diff --git a/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java b/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
index b63a0a4..8a2be08 100644
--- a/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
+++ b/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
@@ -34,7 +34,6 @@ import java.util.logging.Logger;
 import java.util.zip.GZIPInputStream;
 import java.util.zip.GZIPOutputStream;
 import javax.faces.FacesWrapper;
-import javax.faces.application.StateManager;
 
 import javax.faces.context.ExternalContext;
 import javax.faces.context.FacesContext;
@@ -43,11 +42,9 @@ import javax.faces.lifecycle.ClientWindow;
 import org.apache.myfaces.application.StateCache;
 import org.apache.myfaces.application.viewstate.token.ServiceSideStateTokenProcessor;
 import org.apache.myfaces.application.viewstate.token.StateTokenProcessor;
-import org.apache.myfaces.buildtools.maven2.plugin.builder.annotation.JSFWebConfigParam;
 import org.apache.myfaces.config.MyfacesConfig;
 import org.apache.myfaces.renderkit.RendererUtils;
 import org.apache.myfaces.util.MyFacesObjectInputStream;
-import org.apache.myfaces.util.WebConfigParamUtils;
 import org.apache.myfaces.spi.ViewScopeProvider;
 import org.apache.myfaces.spi.ViewScopeProviderFactory;
 import org.apache.myfaces.view.ViewScopeProxyMap;
@@ -56,7 +53,7 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
 {
     private static final Logger log = Logger.getLogger(ServerSideStateCacheImpl.class.getName());
     
-    public static final String SERIALIZED_VIEW_SESSION_ATTR= 
+    public static final String SERIALIZED_VIEW_SESSION_ATTR = 
         ServerSideStateCacheImpl.class.getName() + ".SERIALIZED_VIEW";
     
     public static final String RESTORED_SERIALIZED_VIEW_REQUEST_ATTR = 
@@ -69,140 +66,51 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
 
     public static final String RESTORED_VIEW_KEY_REQUEST_ATTR = 
         ServerSideStateCacheImpl.class.getName() + ".RESTORED_VIEW_KEY";
-    
-    public static final String NUMBER_OF_VIEWS_IN_SESSION_PARAM
-            = MyfacesConfig.NUMBER_OF_VIEWS_IN_SESSION;
-
-    public static final String NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION_PARAM
-            = MyfacesConfig.NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION;
-
-    public static final int DEFAULT_NUMBER_OF_VIEWS_IN_SESSION = 
-            MyfacesConfig.NUMBER_OF_VIEWS_IN_SESSION_DEFAULT;
-
-    /**
-     * Indicates that the serialized state will be compressed before it is written to the session. By default true.
-     * 
-     * Only applicable if state saving method is "server" (= default) and if
-     * <code>org.apache.myfaces.SERIALIZE_STATE_IN_SESSION</code> is <code>true</code> (= default).
-     * If <code>true</code> (default) the serialized state will be compressed before it is written to the session.
-     * If <code>false</code> the state will not be compressed.
-     */
-    @JSFWebConfigParam(defaultValue="true",since="1.1", expectedValues="true,false", group="state", tags="performance")
-    public static final String COMPRESS_SERVER_STATE_PARAM = "org.apache.myfaces.COMPRESS_STATE_IN_SESSION";
-
-    /**
-     * Default value for <code>org.apache.myfaces.COMPRESS_STATE_IN_SESSION</code> context parameter.
-     */
-    public static final boolean DEFAULT_COMPRESS_SERVER_STATE_PARAM = true;
-
-    /**
-     * Default value for <code>javax.faces.SERIALIZE_SERVER_STATE and 
-     * org.apache.myfaces.SERIALIZE_STATE_IN_SESSION</code> context parameter.
-     */
-    public static final boolean DEFAULT_SERIALIZE_STATE_IN_SESSION = false;
-    
-    /**
-     * Allow use flash scope to keep track of the views used in session and the previous ones,
-     * so server side state saving can delete old views even if POST-REDIRECT-GET pattern is used.
-     * 
-     * <p>
-     * Only applicable if state saving method is "server" (= default).
-     * The default value is false.</p>
-     */
-    @JSFWebConfigParam(since="2.0.6", defaultValue="false", expectedValues="true, false", group="state")
-    public static final String USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION
-            = "org.apache.myfaces.USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION";
-
-    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM = "secureRandom";
-    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_RANDOM = "random";
-    
-    /**
-     * Adds a random key to the generated view state session token.
-     */
-    @JSFWebConfigParam(since="2.1.9, 2.0.15", expectedValues="secureRandom, random", 
-            defaultValue="random", group="state")
-    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM
-            = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN";
-    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM_DEFAULT = 
-            RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_RANDOM;
-
-    /**
-     * Set the default length of the random key added to the view state session token.
-     * By default is 8. 
-     */
-    @JSFWebConfigParam(since="2.1.9, 2.0.15", defaultValue="8", group="state")
-    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_PARAM 
-            = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH";
-    public static final int RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_PARAM_DEFAULT = 8;
-
-    /**
-     * Sets the random class to initialize the secure random id generator. 
-     * By default it uses java.security.SecureRandom
-     */
-    @JSFWebConfigParam(since="2.1.9, 2.0.15", group="state")
-    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_CLASS_PARAM
-            = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_CLASS";
-    
-    /**
-     * Sets the random provider to initialize the secure random id generator.
-     */
-    @JSFWebConfigParam(since="2.1.9, 2.0.15", group="state")
-    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_PROVIDER_PARAM
-            = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_PROVIDER";
-    
-    /**
-     * Sets the random algorithm to initialize the secure random id generator. 
-     * By default is SHA1PRNG
-     */
-    @JSFWebConfigParam(since="2.1.9, 2.0.15", defaultValue="SHA1PRNG", group="state")
-    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITM_PARAM 
-            = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITM";
-    
-    
+
     public static final int UNCOMPRESSED_FLAG = 0;
     public static final int COMPRESSED_FLAG = 1;
 
-    private Boolean _useFlashScopePurgeViewsInSession = null;
+    private final boolean useFlashScopePurgeViewsInSession;
+    private final int numberOfSequentialViewsInSession;
+    private final boolean serializeStateInSession;
+    private final boolean compressStateInSession;
+    
+    private final SessionViewStorageFactory sessionViewStorageFactory;
+    private final CsrfSessionTokenFactory csrfSessionTokenFactory;
+    private final StateTokenProcessor stateTokenProcessor;
     
-    private Integer _numberOfSequentialViewsInSession = null;
-    private boolean _numberOfSequentialViewsInSessionSet = false;
-
-    private SessionViewStorageFactory sessionViewStorageFactory;
-    private CsrfSessionTokenFactory csrfSessionTokenFactory;
-    private StateTokenProcessor stateTokenProcessor;
-
     public ServerSideStateCacheImpl()
     {
         FacesContext facesContext = FacesContext.getCurrentInstance();
-        String randomMode = WebConfigParamUtils.getStringInitParameter(facesContext.getExternalContext(),
-                RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM, 
-                RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM_DEFAULT);
-        if (RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM.equals(randomMode))
+        MyfacesConfig config = MyfacesConfig.getCurrentInstance(facesContext);
+        
+        useFlashScopePurgeViewsInSession = config.isUseFlashScopePurgeViewsInSession();
+        numberOfSequentialViewsInSession = config.getNumberOfSequentialViewsInSession();
+        serializeStateInSession = config.isSerializeStateInSession();
+        compressStateInSession = config.isCompressStateInSession();
+        
+        String randomMode = config.getRandomKeyInViewStateSessionToken();
+        if (MyfacesConfig.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM.equals(randomMode))
         {
-            sessionViewStorageFactory = new RandomSessionViewStorageFactory(
-                    new SecureRandomKeyFactory(facesContext));
+            sessionViewStorageFactory = new RandomSessionViewStorageFactory( new SecureRandomKeyFactory(facesContext));
         }
-        else if (RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_RANDOM.equals(randomMode))
+        else if (MyfacesConfig.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_RANDOM.equals(randomMode))
         {
-            sessionViewStorageFactory = new RandomSessionViewStorageFactory(
-                    new RandomKeyFactory(facesContext));
+            sessionViewStorageFactory = new RandomSessionViewStorageFactory(new RandomKeyFactory(facesContext));
         }
         else
         {
             if (randomMode != null && !randomMode.isEmpty())
             {
-                log.warning(RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM + " \""
+                log.warning(MyfacesConfig.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN + " \""
                         + randomMode + "\" is not supported (anymore)."
                         + " Fallback to \"random\"");
             }
-            sessionViewStorageFactory = new RandomSessionViewStorageFactory(
-                    new RandomKeyFactory(facesContext));
+            sessionViewStorageFactory = new RandomSessionViewStorageFactory(new RandomKeyFactory(facesContext));
         }
         
-        String csrfRandomMode = WebConfigParamUtils.getStringInitParameter(facesContext.getExternalContext(),
-                RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM, 
-                RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM_DEFAULT);
-        if (RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM.equals(csrfRandomMode))
+        String csrfRandomMode = config.getRandomKeyInCsrfSessionToken();
+        if (MyfacesConfig.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM.equals(csrfRandomMode))
         {
             csrfSessionTokenFactory = new SecureRandomCsrfSessionTokenFactory(facesContext);
         }
@@ -218,30 +126,28 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
 
     protected Object getServerStateId(FacesContext facesContext, Object state)
     {
-      if (state != null)
-      {
-          return getKeyFactory(facesContext).decode((String) state);
-      }
-      return null;
+        if (state != null)
+        {
+            return sessionViewStorageFactory.getKeyFactory().decode((String) state);
+        }
+        return null;
     }
 
-    protected void saveSerializedViewInServletSession(FacesContext context,
-                                                      Object serializedView)
+    protected void saveSerializedViewInServletSession(FacesContext context, Object serializedView)
     {
         Map<String, Object> sessionMap = context.getExternalContext().getSessionMap();
         SerializedViewCollection viewCollection = (SerializedViewCollection) sessionMap
                 .get(SERIALIZED_VIEW_SESSION_ATTR);
         if (viewCollection == null)
         {
-            viewCollection = getSessionViewStorageFactory().createSerializedViewCollection(context);
+            viewCollection = sessionViewStorageFactory.createSerializedViewCollection(context);
             sessionMap.put(SERIALIZED_VIEW_SESSION_ATTR, viewCollection);
         }
 
         Map<Object,Object> attributeMap = context.getAttributes();
         
         SerializedViewKey key = null;
-        if (getNumberOfSequentialViewsInSession(context.getExternalContext()) != null &&
-            getNumberOfSequentialViewsInSession(context.getExternalContext()) > 0)
+        if (numberOfSequentialViewsInSession > 0)
         {
             key = (SerializedViewKey) attributeMap.get(RESTORED_VIEW_KEY_REQUEST_ATTR);
             
@@ -253,12 +159,10 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
                 ClientWindow clientWindow = context.getExternalContext().getClientWindow();
                 if (clientWindow != null)
                 {
-                    key = (SerializedViewKey) viewCollection.
-                            getLastWindowKey(context, clientWindow.getId());
+                    key = (SerializedViewKey) viewCollection.getLastWindowKey(context, clientWindow.getId());
                 }
-                else if (isUseFlashScopePurgeViewsInSession(context.getExternalContext()) && 
-                    Boolean.TRUE.equals(context.getExternalContext().getRequestMap()
-                            .get("oam.Flash.REDIRECT.PREVIOUSREQUEST")))
+                else if (useFlashScopePurgeViewsInSession && Boolean.TRUE.equals(
+                        context.getExternalContext().getRequestMap().get("oam.Flash.REDIRECT.PREVIOUSREQUEST")))
                 {
                     key = (SerializedViewKey)
                             context.getExternalContext().getFlash().get(RESTORED_VIEW_KEY_REQUEST_ATTR);
@@ -266,7 +170,7 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
             }
         }
         
-        SerializedViewKey nextKey = getSessionViewStorageFactory().createSerializedViewKey(
+        SerializedViewKey nextKey = sessionViewStorageFactory.createSerializedViewKey(
                 context, context.getViewRoot().getViewId(), getNextViewSequence(context));
         // Get viewScopeMapId
         ViewScopeProxyMap viewScopeProxyMap = null;
@@ -329,8 +233,7 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
                 if (sequence != null)
                 {
                     Object state = viewCollection.get(
-                            getSessionViewStorageFactory().createSerializedViewKey(
-                            context, viewId, sequence));
+                            sessionViewStorageFactory.createSerializedViewKey(context, viewId, sequence));
                     if (state != null)
                     {
                         serializedView = deserializeView(state);
@@ -339,22 +242,19 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
             }
             attributeMap.put(RESTORED_SERIALIZED_VIEW_REQUEST_ATTR, serializedView);
             
-            if (getNumberOfSequentialViewsInSession(externalContext) != null &&
-                getNumberOfSequentialViewsInSession(externalContext) > 0)
+            if (numberOfSequentialViewsInSession > 0)
             {
-                SerializedViewKey key = getSessionViewStorageFactory().
-                        createSerializedViewKey(context, viewId, sequence);
+                SerializedViewKey key = sessionViewStorageFactory.createSerializedViewKey(context, viewId, sequence);
                 attributeMap.put(RESTORED_VIEW_KEY_REQUEST_ATTR, key);
                 
-                if (isUseFlashScopePurgeViewsInSession(externalContext))
+                if (useFlashScopePurgeViewsInSession)
                 {
                     externalContext.getFlash().put(RESTORED_VIEW_KEY_REQUEST_ATTR, key);
                     externalContext.getFlash().keep(RESTORED_VIEW_KEY_REQUEST_ATTR);
                 }
             }
 
-            if (context.getPartialViewContext().isAjaxRequest() ||
-                context.getPartialViewContext().isPartialRequest())
+            if (context.getPartialViewContext().isAjaxRequest() || context.getPartialViewContext().isPartialRequest())
             {
                 // Save the information used to restore. The idea is use this information later
                 // to decide if it is necessary to generate a new view sequence or use the existing
@@ -404,7 +304,7 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
 
     protected Object nextViewSequence(FacesContext facescontext)
     {
-        Object sequence = getKeyFactory(facescontext).generateKey(facescontext);
+        Object sequence = sessionViewStorageFactory.getKeyFactory().generateKey(facescontext);
         facescontext.getAttributes().put(RendererUtils.SEQUENCE_PARAM, sequence);
         return sequence;
     }
@@ -416,7 +316,7 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
             log.finest("Entering serializeView");
         }
 
-        if(isSerializeStateInSession(context))
+        if (serializeStateInSession)
         {
             if (log.isLoggable(Level.FINEST))
             {
@@ -427,7 +327,7 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
             try
             {
                 OutputStream os = baos;
-                if(isCompressStateInSession(context))
+                if (compressStateInSession)
                 {
                     if (log.isLoggable(Level.FINEST))
                     {
@@ -448,9 +348,9 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
                 }
 
                 ObjectOutputStream out = new ObjectOutputStream(os);
-                
                 out.writeObject(serializedView);
                 out.close();
+                
                 baos.close();
 
                 if (log.isLoggable(Level.FINEST))
@@ -476,45 +376,6 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
 
     }
 
-    /**
-     * Reads the value of the <code>org.apache.myfaces.SERIALIZE_STATE_IN_SESSION</code> context parameter.
-     * @see #SERIALIZE_STATE_IN_SESSION_PARAM
-     * @param context <code>FacesContext</code> for the request we are processing.
-     * @return boolean true, if the server state should be serialized in the session
-     */
-    protected boolean isSerializeStateInSession(FacesContext context)
-    {
-        String value = context.getExternalContext().getInitParameter(
-                StateManager.SERIALIZE_SERVER_STATE_PARAM_NAME);
-        
-        boolean serialize = DEFAULT_SERIALIZE_STATE_IN_SESSION;
-        if (value != null)
-        {
-            serialize = value.toLowerCase().equals("true");
-            return serialize;
-        }
-
-        return serialize;
-    }
-
-    /**
-     * Reads the value of the <code>org.apache.myfaces.COMPRESS_STATE_IN_SESSION</code> context parameter.
-     * @see #COMPRESS_SERVER_STATE_PARAM
-     * @param context <code>FacesContext</code> for the request we are processing.
-     * @return boolean true, if the server state steam should be compressed
-     */
-    protected boolean isCompressStateInSession(FacesContext context)
-    {
-        String value = context.getExternalContext().getInitParameter(
-                COMPRESS_SERVER_STATE_PARAM);
-        boolean compress = DEFAULT_COMPRESS_SERVER_STATE_PARAM;
-        if (value != null)
-        {
-           compress = Boolean.valueOf(value);
-        }
-        return compress;
-    }
-
     protected Object deserializeView(Object state)
     {
         if (log.isLoggable(Level.FINEST))
@@ -527,7 +388,7 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
             if (log.isLoggable(Level.FINEST))
             {
                 log.finest("Processing deserializeView - deserializing serialized state. Bytes : "
-                           + ((byte[]) state).length);
+                        + ((byte[]) state).length);
             }
 
             try
@@ -548,16 +409,15 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
                     {
                         object = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() 
                         {
+                            @Override
                             public Object run() throws PrivilegedActionException, IOException, ClassNotFoundException
                             {
-                                //return new Object[] {in.readObject(), in.readObject()};
                                 return in.readObject();
                             }
                         });
                     }
                     else
                     {
-                        //object = new Object[] {in.readObject(), in.readObject()};
                         object = in.readObject();
                     }
                     return object;
@@ -637,7 +497,7 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
     @Override
     public Object encodeSerializedState(FacesContext facesContext, Object serializedView)
     {
-        return getKeyFactory(facesContext).encode(getNextViewSequence(facesContext));
+        return sessionViewStorageFactory.getKeyFactory().encode(getNextViewSequence(facesContext));
     }
     
     @Override
@@ -646,40 +506,6 @@ class ServerSideStateCacheImpl extends StateCache<Object, Object>
         return false;
     }
 
-    //------------------------------------- Custom methods -----------------------------------------------------
-    
-    private boolean isUseFlashScopePurgeViewsInSession(ExternalContext externalContext)
-    {
-        if (_useFlashScopePurgeViewsInSession == null)
-        {
-            _useFlashScopePurgeViewsInSession = WebConfigParamUtils.getBooleanInitParameter(
-                    externalContext, USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION, false);
-        }
-        return _useFlashScopePurgeViewsInSession;
-    }
-    
-    private Integer getNumberOfSequentialViewsInSession(ExternalContext externalContext)
-    {
-        if (!_numberOfSequentialViewsInSessionSet)
-        {
-            _numberOfSequentialViewsInSession = MyfacesConfig.getCurrentInstance(externalContext)
-                    .getNumberOfSequentialViewsInSession();
-            _numberOfSequentialViewsInSessionSet = true;
-        }
-        return _numberOfSequentialViewsInSession;
-    }
-    
-    protected KeyFactory getKeyFactory(FacesContext facesContext)
-    {
-        //return keyFactory;
-        return sessionViewStorageFactory.getKeyFactory();
-    }
-    
-    protected SessionViewStorageFactory getSessionViewStorageFactory()
-    {
-        return sessionViewStorageFactory;
-    }
-
     @Override
     public String createCryptographicallyStrongTokenFromSession(FacesContext context)
     {
diff --git a/impl/src/main/java/org/apache/myfaces/config/MyfacesConfig.java b/impl/src/main/java/org/apache/myfaces/config/MyfacesConfig.java
index 5a0fa60..d89c4e5 100755
--- a/impl/src/main/java/org/apache/myfaces/config/MyfacesConfig.java
+++ b/impl/src/main/java/org/apache/myfaces/config/MyfacesConfig.java
@@ -20,6 +20,7 @@ package org.apache.myfaces.config;
 
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import javax.faces.application.StateManager;
 import javax.faces.context.ExternalContext;
 import javax.faces.context.FacesContext;
 
@@ -470,6 +471,100 @@ public class MyfacesConfig
      */
     @JSFWebConfigParam(since = "2.3")
     public static final java.lang.String WEBSOCKET_ENDPOINT_PORT = "javax.faces.WEBSOCKET_ENDPOINT_PORT";
+        
+    /**
+     * Define the time in minutes where the view state is valid when
+     * client side state saving is used. By default it is set to 0
+     * (infinite).
+     */
+    @JSFWebConfigParam(since="2.1.9, 2.0.15", defaultValue="0", group="state")
+    public static final String CLIENT_VIEW_STATE_TIMEOUT = 
+            "org.apache.myfaces.CLIENT_VIEW_STATE_TIMEOUT";
+    public static final Long CLIENT_VIEW_STATE_TIMEOUT_DEFAULT = 0L;
+   
+    
+    /**
+     * Adds a random key to the generated view state session token.
+     */
+    @JSFWebConfigParam(since="2.1.9, 2.0.15", expectedValues="secureRandom, random", 
+            defaultValue="random", group="state")
+    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN
+            = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN";
+    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_DEFAULT = "random";
+    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM = "secureRandom";
+    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_RANDOM = "random";
+    
+    /**
+     * Set the default length of the random key added to the view state session token.
+     * By default is 8. 
+     */
+    @JSFWebConfigParam(since="2.1.9, 2.0.15", defaultValue="8", group="state")
+    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH
+            = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH";
+    public static final int RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_DEFAULT = 8;
+    
+    /**
+     * Sets the random class to initialize the secure random id generator. 
+     * By default it uses java.security.SecureRandom
+     */
+    @JSFWebConfigParam(since="2.1.9, 2.0.15", group="state")
+    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_CLASS
+            = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_CLASS";
+    
+    /**
+     * Sets the random provider to initialize the secure random id generator.
+     */
+    @JSFWebConfigParam(since="2.1.9, 2.0.15", group="state")
+    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_PROVIDER
+            = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_PROVIDER";
+    
+    /**
+     * Sets the random algorithm to initialize the secure random id generator. 
+     * By default is SHA1PRNG
+     */
+    @JSFWebConfigParam(since="2.1.9, 2.0.15", defaultValue="SHA1PRNG", group="state")
+    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITHM
+            = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITHM";
+    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITHM_DEFAULT = "SHA1PRNG";
+    
+    /**
+     * Defines how to generate the csrf session token.
+     */
+    @JSFWebConfigParam(since="2.2.0", expectedValues="secureRandom, random", defaultValue="none", group="state")
+    public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN
+            = "org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN";
+    public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_DEFAULT = "random";
+    
+    public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM = "secureRandom";
+    public static final String RANDOM_KEY_IN_CSRF_SESSION_TOKEN_RANDOM = "random";
+    
+    /**
+     * Indicates that the serialized state will be compressed before it is written to the session. By default true.
+     * 
+     * Only applicable if state saving method is "server" (= default) and if
+     * <code>org.apache.myfaces.SERIALIZE_STATE_IN_SESSION</code> is <code>true</code> (= default).
+     * If <code>true</code> (default) the serialized state will be compressed before it is written to the session.
+     * If <code>false</code> the state will not be compressed.
+     */
+    @JSFWebConfigParam(defaultValue="true",since="1.1", expectedValues="true,false", group="state", tags="performance")
+    public static final String COMPRESS_STATE_IN_SESSION = "org.apache.myfaces.COMPRESS_STATE_IN_SESSION";
+    public static final boolean COMPRESS_STATE_IN_SESSION_DEFAULT = true;
+    
+    /**
+     * Allow use flash scope to keep track of the views used in session and the previous ones,
+     * so server side state saving can delete old views even if POST-REDIRECT-GET pattern is used.
+     * 
+     * <p>
+     * Only applicable if state saving method is "server" (= default).
+     * The default value is false.</p>
+     */
+    @JSFWebConfigParam(since="2.0.6", defaultValue="false", expectedValues="true, false", group="state")
+    public static final String USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION
+            = "org.apache.myfaces.USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION";
+    public static final boolean USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION_DEFAULT = false;
+    
+    
+    
     
     private boolean strictJsf2AllowSlashLibraryName;
     private long configRefreshPeriod = CONFIG_REFRESH_PERIOD_DEFAULT;
@@ -508,6 +603,17 @@ public class MyfacesConfig
     private int resourceHandlerCacheSize = RESOURCE_HANDLER_CACHE_SIZE_DEFAULT;
     private String scanPackages;
     private Integer websocketEndpointPort;
+    private long clientViewStateTimeout = CLIENT_VIEW_STATE_TIMEOUT_DEFAULT;
+    private String randomKeyInViewStateSessionToken = RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_DEFAULT;
+    private int randomKeyInViewStateSessionTokenLength = RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_DEFAULT;
+    private String randomKeyInViewStateSessionTokenSecureRandomClass;
+    private String randomKeyInViewStateSessionTokenSecureRandomProvider;
+    private String randomKeyInViewStateSessionTokenSecureRandomAlgorithm
+            = RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITHM_DEFAULT;
+    private String randomKeyInCsrfSessionToken = RANDOM_KEY_IN_CSRF_SESSION_TOKEN_DEFAULT;
+    private boolean serializeStateInSession = false;
+    private boolean compressStateInSession = COMPRESS_STATE_IN_SESSION_DEFAULT;
+    private boolean useFlashScopePurgeViewsInSession = USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION_DEFAULT;
 
     private static final boolean MYFACES_IMPL_AVAILABLE;
     private static final boolean RI_IMPL_AVAILABLE;
@@ -544,6 +650,11 @@ public class MyfacesConfig
         return getCurrentInstance(FacesContext.getCurrentInstance().getExternalContext());
     }
     
+    public static MyfacesConfig getCurrentInstance(FacesContext facesContext)
+    {
+        return getCurrentInstance(facesContext.getExternalContext());
+    }
+    
     public static MyfacesConfig getCurrentInstance(ExternalContext extCtx)
     {
         MyfacesConfig myfacesConfig = (MyfacesConfig) extCtx.getApplicationMap().get(APPLICATION_MAP_PARAM_NAME);
@@ -782,7 +893,50 @@ public class MyfacesConfig
             myfacesConfig.websocketEndpointPort = Integer.valueOf(websocketEndpointPort);
         }
         
+        myfacesConfig.clientViewStateTimeout = getLongInitParameter(extCtx,
+                CLIENT_VIEW_STATE_TIMEOUT,
+                CLIENT_VIEW_STATE_TIMEOUT_DEFAULT);
+        if (myfacesConfig.clientViewStateTimeout < 0L)
+        {
+            myfacesConfig.clientViewStateTimeout = 0L;
+        }
+        
+        myfacesConfig.randomKeyInViewStateSessionToken = getStringInitParameter(extCtx,
+                RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN,
+                RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_DEFAULT);
         
+        myfacesConfig.randomKeyInViewStateSessionTokenLength = getIntegerInitParameter(extCtx,
+                RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH,
+                RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_DEFAULT);
+        
+        myfacesConfig.randomKeyInViewStateSessionTokenSecureRandomClass = getStringInitParameter(extCtx,
+                RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_CLASS,
+                null);
+        
+        myfacesConfig.randomKeyInViewStateSessionTokenSecureRandomProvider = getStringInitParameter(extCtx,
+                RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_PROVIDER,
+                null);
+        
+        myfacesConfig.randomKeyInViewStateSessionTokenSecureRandomAlgorithm = getStringInitParameter(extCtx,
+                RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITHM,
+                RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITHM_DEFAULT);
+        
+        myfacesConfig.randomKeyInCsrfSessionToken = getStringInitParameter(extCtx,
+                RANDOM_KEY_IN_CSRF_SESSION_TOKEN,
+                RANDOM_KEY_IN_CSRF_SESSION_TOKEN_DEFAULT);
+        
+        myfacesConfig.serializeStateInSession = getBooleanInitParameter(extCtx,
+                StateManager.SERIALIZE_SERVER_STATE_PARAM_NAME,
+                false);
+        
+        myfacesConfig.compressStateInSession = getBooleanInitParameter(extCtx,
+                COMPRESS_STATE_IN_SESSION,
+                COMPRESS_STATE_IN_SESSION_DEFAULT);
+        
+        myfacesConfig.useFlashScopePurgeViewsInSession = getBooleanInitParameter(extCtx,
+                USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION,
+                USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION_DEFAULT);
+
         return myfacesConfig;
     }
 
@@ -1063,5 +1217,55 @@ public class MyfacesConfig
         return websocketEndpointPort;
     }
 
+    public long getClientViewStateTimeout()
+    {
+        return clientViewStateTimeout;
+    }
+
+    public String getRandomKeyInViewStateSessionToken()
+    {
+        return randomKeyInViewStateSessionToken;
+    }
+
+    public int getRandomKeyInViewStateSessionTokenLength()
+    {
+        return randomKeyInViewStateSessionTokenLength;
+    }
+
+    public String getRandomKeyInViewStateSessionTokenSecureRandomClass()
+    {
+        return randomKeyInViewStateSessionTokenSecureRandomClass;
+    }
+
+    public String getRandomKeyInViewStateSessionTokenSecureRandomProvider()
+    {
+        return randomKeyInViewStateSessionTokenSecureRandomProvider;
+    }
+
+    public String getRandomKeyInViewStateSessionTokenSecureRandomAlgorithm()
+    {
+        return randomKeyInViewStateSessionTokenSecureRandomAlgorithm;
+    }
+
+    public String getRandomKeyInCsrfSessionToken()
+    {
+        return randomKeyInCsrfSessionToken;
+    }
+
+    public boolean isSerializeStateInSession()
+    {
+        return serializeStateInSession;
+    }
+
+    public boolean isCompressStateInSession()
+    {
+        return compressStateInSession;
+    }
+
+    public boolean isUseFlashScopePurgeViewsInSession()
+    {
+        return useFlashScopePurgeViewsInSession;
+    }
+
     
 }
diff --git a/impl/src/main/java/org/apache/myfaces/view/facelets/tag/jsf/core/ValidateDelegateHandler.java b/impl/src/main/java/org/apache/myfaces/view/facelets/tag/jsf/core/ValidateDelegateHandler.java
index ac5ac3f..6b16b24 100644
--- a/impl/src/main/java/org/apache/myfaces/view/facelets/tag/jsf/core/ValidateDelegateHandler.java
+++ b/impl/src/main/java/org/apache/myfaces/view/facelets/tag/jsf/core/ValidateDelegateHandler.java
@@ -64,6 +64,7 @@ public final class ValidateDelegateHandler extends ValidatorHandler
         return ctx.getFacesContext().getApplication().createValidator(this.getValidatorId(ctx));
     }
 
+    @Override
     protected MetaRuleset createMetaRuleset(Class type)
     {
         return super.createMetaRuleset(type).ignoreAll();
diff --git a/impl/src/main/java/org/apache/myfaces/view/facelets/tag/jstl/core/IterationStatus.java b/impl/src/main/java/org/apache/myfaces/view/facelets/tag/jstl/core/IterationStatus.java
index b16917e..3ff6b86 100644
--- a/impl/src/main/java/org/apache/myfaces/view/facelets/tag/jstl/core/IterationStatus.java
+++ b/impl/src/main/java/org/apache/myfaces/view/facelets/tag/jstl/core/IterationStatus.java
@@ -30,21 +30,15 @@ public final class IterationStatus implements Serializable
     private static final long serialVersionUID = 1L;
 
     private final int index;
-
     private final boolean first;
-
     private final boolean last;
-
     private final Integer begin;
-
     private final Integer end;
-
     private final Integer step;
-    
     private final Object value;
 
     public IterationStatus(boolean first, boolean last, int index, Integer begin, Integer end,
-                           Integer step, Object value)
+            Integer step, Object value)
     {
         this.index = index;
         this.begin = begin;
diff --git a/impl/src/test/java/org/apache/myfaces/application/viewstate/ClientSideStateCacheTest.java b/impl/src/test/java/org/apache/myfaces/application/viewstate/ClientSideStateCacheTest.java
index 629e7b6..b9d8097 100644
--- a/impl/src/test/java/org/apache/myfaces/application/viewstate/ClientSideStateCacheTest.java
+++ b/impl/src/test/java/org/apache/myfaces/application/viewstate/ClientSideStateCacheTest.java
@@ -20,6 +20,7 @@ package org.apache.myfaces.application.viewstate;
 
 import javax.faces.application.StateManager;
 import org.apache.myfaces.application.StateCache;
+import org.apache.myfaces.config.MyfacesConfig;
 import org.apache.myfaces.test.base.junit4.AbstractJsfConfigurableMultipleRequestsTestCase;
 import org.junit.Assert;
 import org.junit.Test;
@@ -168,7 +169,7 @@ public class ClientSideStateCacheTest extends AbstractJsfConfigurableMultipleReq
     public void testSaveRestoreStateClientTimeout() throws Exception
     {
         servletContext.addInitParameter(StateManager.STATE_SAVING_METHOD_PARAM_NAME, StateManager.STATE_SAVING_METHOD_CLIENT);
-        servletContext.addInitParameter(ClientSideStateCacheImpl.INIT_PARAM_CLIENT_VIEW_STATE_TIMEOUT, "2");
+        servletContext.addInitParameter(MyfacesConfig.CLIENT_VIEW_STATE_TIMEOUT, "2");
 
         // Initialization
         setupRequest();
diff --git a/impl/src/test/java/org/apache/myfaces/application/viewstate/SerializedViewCollectionTestCase.java b/impl/src/test/java/org/apache/myfaces/application/viewstate/SerializedViewCollectionTestCase.java
index eb351f2..c652426 100644
--- a/impl/src/test/java/org/apache/myfaces/application/viewstate/SerializedViewCollectionTestCase.java
+++ b/impl/src/test/java/org/apache/myfaces/application/viewstate/SerializedViewCollectionTestCase.java
@@ -18,6 +18,7 @@ package org.apache.myfaces.application.viewstate;
 
 import java.util.Map;
 import javax.faces.context.FacesContext;
+import org.apache.myfaces.config.MyfacesConfig;
 import org.apache.myfaces.spi.ViewScopeProvider;
 import org.apache.myfaces.test.base.junit4.AbstractJsfTestCase;
 import org.junit.Assert;
@@ -32,7 +33,7 @@ public class SerializedViewCollectionTestCase extends AbstractJsfTestCase
     @Test
     public void testSerializedViewCollection1()
     {
-        servletContext.addInitParameter(ServerSideStateCacheImpl.NUMBER_OF_VIEWS_IN_SESSION_PARAM, "1");
+        servletContext.addInitParameter(MyfacesConfig.NUMBER_OF_VIEWS_IN_SESSION, "1");
         
         SerializedViewCollection collection = new SerializedViewCollection();
         String viewId = "/test.xhtml";
@@ -53,8 +54,8 @@ public class SerializedViewCollectionTestCase extends AbstractJsfTestCase
     @Test
     public void testSerializedViewCollection2()
     {
-        servletContext.addInitParameter(ServerSideStateCacheImpl.NUMBER_OF_VIEWS_IN_SESSION_PARAM, "2");
-        servletContext.addInitParameter(ServerSideStateCacheImpl.NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION_PARAM, "1");
+        servletContext.addInitParameter(MyfacesConfig.NUMBER_OF_VIEWS_IN_SESSION, "2");
+        servletContext.addInitParameter(MyfacesConfig.NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION, "1");
         
         SerializedViewCollection collection = new SerializedViewCollection();
         String viewId = "/test.xhtml";
@@ -80,7 +81,7 @@ public class SerializedViewCollectionTestCase extends AbstractJsfTestCase
     @Test
     public void testSerializedViewCollection3()
     {
-        servletContext.addInitParameter(ServerSideStateCacheImpl.NUMBER_OF_VIEWS_IN_SESSION_PARAM, "1");
+        servletContext.addInitParameter(MyfacesConfig.NUMBER_OF_VIEWS_IN_SESSION, "1");
         
         SerializedViewCollection collection = new SerializedViewCollection();
         String viewId = "/test.xhtml";
@@ -107,8 +108,8 @@ public class SerializedViewCollectionTestCase extends AbstractJsfTestCase
     @Test
     public void testSerializedViewCollection4()
     {
-        servletContext.addInitParameter(ServerSideStateCacheImpl.NUMBER_OF_VIEWS_IN_SESSION_PARAM, "2");
-        servletContext.addInitParameter(ServerSideStateCacheImpl.NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION_PARAM, "1");
+        servletContext.addInitParameter(MyfacesConfig.NUMBER_OF_VIEWS_IN_SESSION, "2");
+        servletContext.addInitParameter(MyfacesConfig.NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION, "1");
         
         SerializedViewCollection collection = new SerializedViewCollection();
         String viewId = "/test.xhtml";
@@ -134,8 +135,8 @@ public class SerializedViewCollectionTestCase extends AbstractJsfTestCase
     @Test
     public void testSerializedViewCollection5()
     {
-        servletContext.addInitParameter(ServerSideStateCacheImpl.NUMBER_OF_VIEWS_IN_SESSION_PARAM, "3");
-        servletContext.addInitParameter(ServerSideStateCacheImpl.NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION_PARAM, "1");
+        servletContext.addInitParameter(MyfacesConfig.NUMBER_OF_VIEWS_IN_SESSION, "3");
+        servletContext.addInitParameter(MyfacesConfig.NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION, "1");
         
         SerializedViewCollection collection = new SerializedViewCollection();
         String viewId = "/test.xhtml";
@@ -175,8 +176,8 @@ public class SerializedViewCollectionTestCase extends AbstractJsfTestCase
     @Test
     public void testSerializedViewCollection6()
     {
-        servletContext.addInitParameter(ServerSideStateCacheImpl.NUMBER_OF_VIEWS_IN_SESSION_PARAM, "4");
-        servletContext.addInitParameter(ServerSideStateCacheImpl.NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION_PARAM, "2");
+        servletContext.addInitParameter(MyfacesConfig.NUMBER_OF_VIEWS_IN_SESSION, "4");
+        servletContext.addInitParameter(MyfacesConfig.NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION, "2");
         
         SerializedViewCollection collection = new SerializedViewCollection();
         String viewId = "/test.xhtml";


Mime
View raw message