Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.0.0-alpha
-
None
-
All
Description
Proposing the following changes related to Trinidad org.apache.myfaces.trinidad.render.ClientRowKeyManager class:
1) Current implementation of ClientRowKeyManager provides read-only access to a component server/client row key cache. Proposal is to add an additional API to support the updating of server-side row keys in the cache. This is useful for use-cases where the model row key may change and the cache needs to be updated with the changed row key. The following API is proposed:
/**
- Replaces an old row key with a new key if the old row key exists. If the old row key is successfully replaced,
- the new row key will be mapped to the existing client row key.
- @param context
- @param component
- @param oldRowKey row key to replace (may not exist)
- @param newRowKey new row key
- @return <code>true</code> if old row key existed and was replaced, <code>false</code> otherwise
*/
public boolean replaceRowKey(FacesContext context, UIComponent component, Object oldRowKey, Object newRowKey)
2) Trinidad UIXCollection currently implements a ClientRowKeyManager called: DefaultClientKeyManager. If the server-side row key in the CollectionModel is a Java String, DefaultClientKeyManager does not always translate the row key to a short client row key and sometime returns the server-side row key for use on the client.
There are two problems with this:
a) It is a security issue as the model primary keys are directly exposed in the HTML markup
b) The row key string is used as part of the clientId for the stamped child components in the UIXCollection. The server-side row key may not be suitable for use in a clientId string (the string may contain reserved characters such as ':')
The proposal is to change DefaultClientKeyManager to always translate the server-side row key to a short client row key suitable for use inside JSF clientId(s)