Clone Tools
  • last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
ERRAI-979: Provide functionality for CSRF protection

CSRF protection on message bus servlets is enabled by property.

Enabling the property creates a CSRF token on the first POST

request to the server bus.

The token can be written to an HTML page as a JavaScript variable

with a filter, or else the client can acquire it from a challenge

from the server (a 403 response containing the token as a header).

There is also a filter that protects REST endpoints using the same token.

When an Errai REST caller finds the token in a global JavaScript variable,

it will set this as a header for all REST requests.

Errai REST callers will also retry after a challenge from the server

(403 + token in header).

    • -1
    • +17
    ./servlet/AbstractErraiServlet.java
    • -0
    • +79
    ./servlet/CSRFTokenCheck.java
    • -0
    • +104
    ./servlet/CSRFTokenFilter.java
    • -7
    • +12
    ./servlet/DefaultBlockingServlet.java
    • -0
    • +9
    ./servlet/JettyContinuationsServlet.java
    • -0
    • +51
    ./servlet/RequestSecurityCheck.java
  1. … 6 more files in changeset.
Fix ClusteringTests broken from prior commit (descriptrion below).

Messages sent with JGroups clustering do not require a MessageQueue

so we should not check for one when the routing flag FromPeer is set.

Fix ClusteringTests broken from prior commit (descriptrion below).

Messages sent with JGroups clustering do not require a MessageQueue

so we should not check for one when the routing flag FromPeer is set.

Fix queue session issues with distributed sessions.

The QueueSession id is now deterministically generated from

the remoteId (from the client bus) and parent id (from the HTTP session).

This means that two instances of QueueSession for the same client will equal,

preventing errors previously resulting from session passivation.

Fix queue session issues with distributed sessions.

The QueueSession id is now deterministically generated from

the remoteId (from the client bus) and parent id (from the HTTP session).

This means that two instances of QueueSession for the same client will equal,

preventing errors previously resulting from session passivation.

Force disconnect from server bus when message has no message queue.

Force disconnect from server bus when message has no message queue.

ERRAI-947+: Fix more int overflow errors.

    • -0
    • +44
    ./io/buffers/NoOpBufferFilter.java
    • -27
    • +28
    ./io/buffers/TransmissionBuffer.java
  1. … 1 more file in changeset.
ERRAI-947: TransmissionBuffer write sequence (seq) becomes negative thus leading to AIOOBE all the time.

  1. … 2 more files in changeset.
Update GWT to 2.8.0-rc1 (lots of details below).

Most of the items below were fixes for tests (which

are now production compiled by default) and dependency

issues (since gwt-user/gwt-dev now bring in transitive

dependencies instead of bundling them in fat jars).

* Upgrade jetty to version in ip-bom

* Fix errai-bus test issues.

* Remove GuardedBy and Nonnull annotations from errai-bus.

* Fix javadoc bug in errai-bus.

* Fix test failures caused by GWT type oracle behaviour change.

(This commit causes the type oracle to hide non-abstract methods

in interfaces:

https://github.com/gwtproject/gwt/commit/75382f1202bf3eaa399d60ebdba42bd7522da3bb)

* Fix AbstractErraiTest so it is usable in errai-ioc-bus-support production compiled tests.

* Fix data-binding tests (have to manually invoke event listeners because dispatchEvent does not work).

* Fixes for errai-cdi-server tests (description below).

* Upgrade Jetty version

* Add -devMode gwt.arg

* Add missing inherited modules

(This was to try and get the tests to run in prod mode,

but there appears to be a compiler bug that prevents this

-- interned value is used before being referenced)

* Use errai.devel.nocache property in Errai GWT generators.

* Fix jaxrs-client bug with Date params.

* Fix errai-ui tests (notes below).

** Fix event dispatching issue (same problem as with data-binding tests).

** Fix NPE when an empty input element fires a change event while bound

to a primitive property in a model.

* Fix errai-navigation native anchor test (same problem as data-binding tests).

* Fix Errai Security tests.

* Fix errai-jpa-client tests.

* Fix gwt-dev version in demos.

* Manage gson version in errai-bom to version required by gwt-dev.

    • -6
    • +0
    ./io/websockets/WebSocketTokenManager.java
    • -26
    • +20
    ./servlet/JettyContinuationsServlet.java
  1. … 98 more files in changeset.
Cleanup and fixes based on FindBugs analysis

    • -25
    • +33
    ./io/buffers/TransmissionBuffer.java
    • -29
    • +23
    ./service/bootstrap/LoadExtensions.java
  1. … 31 more files in changeset.
ERRAI-942: Make attributes in ErraiService.properties overridable at runtime by system properties.

    • -23
    • +29
    ./service/ErraiServiceConfiguratorImpl.java
  1. … 2 more files in changeset.
Improved JavaDocs for ShadowService

Add missing license headers and update copyright notice in existing headers.

  1. … 3042 more files in changeset.
Revert "Remove old JBoss and Red Hat license headers. Add new "Red Hat and affiliates" header."

Changes from the reverted commit did not preserve original copyright dates.

This reverts commit d8e735dfe2f6ed25fe9e06b753ae2f6154d76b02.

  1. … 3068 more files in changeset.
Remove old JBoss and Red Hat license headers. Add new "Red Hat and affiliates" header.

  1. … 3150 more files in changeset.
Reduce amount of synchronization required for MessageBusProxy.

A single MessageBusProxy is used for callbacks for all RPC services

in CDIExtensionPoints. This change enhances the MessageBusProxy so

that writes to the TransmissionBuffer are not contained within

synchronized methods.

    • -36
    • +104
    ./service/MessageBusProxy.java
  1. … 1 more file in changeset.
Reduce amount of synchronization required for MessageBusProxy.

A single MessageBusProxy is used for callbacks for all RPC services

in CDIExtensionPoints. This change enhances the MessageBusProxy so

that writes to the TransmissionBuffer are not contained within

synchronized methods.

    • -36
    • +104
    ./service/MessageBusProxy.java
  1. … 1 more file in changeset.
resolves ERRAI-873 websocket reconnect after network failure.

ERRAI-590, ERRAI-850, ERRAI-851: Implement new IOC container (more description below).

The new container uses code genererated in multiple files instead

of a single monolithic file. At compile time an implementation of

org.jboss.errai.ioc.client.container.Factory is generated for each bean.

The factory is responsible for requesting dependencies from other

factories to wire the bean, running code generated by decorators,

and cleaning up when the bean is destroyed.

The GWT.create calls for the factories are generated in the

BootstrapperImpl. The BootstrapperImpl now only registers

factories with their respective contexts.

This container has the following differences from behaviour

in the 3.x version of errai-ioc:

* Normal scoped beans must be proxiable.

* The @New qualifier is not supported.

* Normal scoped beans (except @Entrypoint or with @Startup) are lazily instatiated.

* @Alternative beans must be explicitly enabled (even if no other beans match).

* Resolution of types behaves like CDI. Some cases that worked in 3.x may now be ambiguous.

** Injecting a common supertype of multiple concrete classes is ambiguous.

* Different API for programmtically adding beans to bean manager.

  1. … 381 more files in changeset.
ERRAI-861: Activate secure websocket scheme based on X-Forwarded-Protocol header

Migrate from commons-lang2 to commons-lang3

    • -1
    • +1
    ./io/websockets/ssl/SslHandlerFactory.java
  1. … 13 more files in changeset.
Fixed formatting in RolesRequiredRule.java

    • -6
    • +6
    ./security/auth/rules/RolesRequiredRule.java
Fixed NullPointerException when sending error

Potential null pointer exception, if error was introduced without

throwable as source.

    • -1
    • +6
    ./security/auth/rules/RolesRequiredRule.java
fix for Errai-751. An Nullpointer has occurred if the sideband was configured without SSL

    • -21
    • +18
    ./io/websockets/ssl/SslHandlerFactory.java
Refactoring for ERRAI-751

    • -476
    • +367
    ./ServerMessageBusImpl.java
    • -13
    • +10
    ./io/websockets/WebSocketServer.java
    • -18
    • +8
    ./io/websockets/ssl/KeystoreFactory.java
    • -46
    • +24
    ./io/websockets/ssl/SslHandlerFactory.java
  1. … 1 more file in changeset.
    • -364
    • +477
    ./ServerMessageBusImpl.java
    • -10
    • +21
    ./io/websockets/WebSocketServer.java
    • -0
    • +44
    ./io/websockets/ssl/KeystoreFactory.java
    • -0
    • +117
    ./io/websockets/ssl/SslHandlerFactory.java
  1. … 1 more file in changeset.
Fixed ERRAI-754: Broken pipe errors on WildFly 8

    • -26
    • +43
    ./servlet/ChaosMonkeyServlet.java
    • -16
    • +39
    ./servlet/DefaultBlockingServlet.java
    • -15
    • +31
    ./servlet/JettyContinuationsServlet.java
    • -19
    • +28
    ./servlet/StandardAsyncServlet.java
Fixed ERRAI-754: Broken pipe errors on WildFly 8

    • -26
    • +43
    ./servlet/ChaosMonkeyServlet.java
    • -16
    • +39
    ./servlet/DefaultBlockingServlet.java
    • -15
    • +31
    ./servlet/JettyContinuationsServlet.java
    • -19
    • +28
    ./servlet/StandardAsyncServlet.java
Fixed ERRAI-754: Broken pipe errors on WildFly 8

    • -26
    • +43
    ./servlet/ChaosMonkeyServlet.java
    • -16
    • +39
    ./servlet/DefaultBlockingServlet.java
    • -15
    • +31
    ./servlet/JettyContinuationsServlet.java
    • -19
    • +28
    ./servlet/StandardAsyncServlet.java