Store all JSF STATE on client and not server
Description
Attachments
relates to
Activity
Juanjo Meroño February 6, 2015 at 11:16 AM
Ok, sounds good !!
Earle Nietzel February 6, 2015 at 10:32 AM
Yeah I would create a new JIRA...
My last comment was you want to respect what people put in the web.xml nothing worse that putting something in a web.xml and have it do nothing IMO!
So I would remove those context params from all of the tools using JsfTool Servlet and add in the bits into init(). Maybe even leave a small comment in those web.xml's that the state is managed now via a sakai property.
Juanjo Meroño February 6, 2015 at 10:19 AM
Good thinking Earl !! It is easier than I thought !!
Adding this to JsfTool init method if sakai property is set every tool uses its value, and if you don't set the property uses the value at web.xml.
Right now all jsf sakai tools has set this attribute to "client" in each web.xml, you have to remove it from each web.xml or use this approach. I'm not sure of what should be use the value from web.xml or the value set in sakai.properties ...
Anyway, sounds reasonable to file a new jira and make a PR?
Earle Nietzel February 6, 2015 at 9:44 AMEdited
Hi Juan,
Basically what your looking for would be to override a Servlets init() method (see JsfTool.java). You can then look at configuring params before the servlet starts up? I would look to do something like:
One key thing is to respect what people put in the web.xml so you would just remove the JSF param from the web.xml.
Juanjo Meroño February 6, 2015 at 3:49 AM
There is a way to change this configuration at startup. If we use this in the web.xml:
Then you can add -Dsakai.jsf.state=client as a Java System Property in CATALINA_OPS or -Dsakai.jsf.state=server if you want this on server. By default if no system property is set jsf uses server (that changes the actual behaviour).
If we can run a line of code before any webapp is loaded we can add a sakai.property with default value "client" to get the same behaviour as now and also get the possibility to change it easily. Something like:
I don't know the right place to put this line to ensure that it's executed before any webapp is loaded
I can file a new jira, it sounds promissing !!
Sakai JSF tools do not consistently store STATE on client or server. We should modify all tools to consistently store STATE on client.
The property for web.xml: javax.faces.STATE_SAVING_METHOD
Here is info from documentation:
Define the state method to be used. There are two different options defined by the specification: "client" and "server" state.
When "client" state is configured, all state information required to create the tree is embedded within the data rendered to the client. Note that because data received from a remote client must always be treated as "tainted", care must be taken when using such data. Some StateManager implementations may use encryption to ensure that clients cannot modify the data, and that the data received on postback is therefore trustworthy.
When "server" state is configured, the data is saved somewhere "on the back end", and (at most) a token is embedded in the data rendered to the user.