我一直在尝试使用jsf中的primefaces实现一些基本的推送功能。我在那里使用了反例http://www.primefaces.org/showcase-labs/push/counter.jsf。基本上它是一个增加共享计数器的按钮。运行此示例时,我总是收到此错误:
ERROR: MAC did not verify!
我的理解是每个会话都会生成一个mac,然后检查每个传入的消息,以验证源没有改变(我认为)。我无法找到原因并查看了其他主题,例如:
ERROR: MAC did not verify! PrimeFaces
JSF: Mojarra 2.1 to 2.2 migration causing ViewExpiredException
不幸的是,这些避风港解决了我的问题。两者似乎都是由我没有得到的ViewExpiredException引起的。我发现阻止它的唯一方法是在web.xml中将状态保存方法从客户端更改为服务器:
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
然而,当这样做时,计数器不再共享,但似乎是每个用户,这不是我想要的。我的最终目标是实现一个聊天室,它大部分都在那里,但现在它使用的短轮询不是很容易扩展。看过primefaces后,我认为这将是理想的,但一直在努力使用它。
我尝试过多个Web服务器(Tomcat,Jetty和Glassfish),并尝试使用不同版本的JSF(Mojarra)和primefaces版本(3.4和4.0)。我已在多个浏览器和多台计算机上测试过它。有时我会在收到错误之前将计数器增加几次,有时它会立即发生。我没有例外或严重的错误,一切都编译。我还想提到我之前在其他项目上遇到过这个错误,但是在重新启动服务器后它已经消失了。当使用primefaces时,它总是会发生。任何帮助将不胜感激。
修改
在web.xml中将状态保存保留到服务器以避免MAC错误时,我注意到共享计数器在同一台计算机上以每个浏览器为基础工作。这意味着如果我有多个选项卡或窗口,则在所有选项卡的一个更新中更新计数器。但它并不适用于各种浏览器,firefox中的计数器更改并未反映在chrome或IE中,或其他方面。如果在两台独立的计算机上也没有反映出来。我不知道这是否有帮助,但我想我会提到它。
修改
在注意到示例中的bean是会话作用域后,我将其更改为应用程序作用域。当然,会话作用域意味着每个浏览器都有自己的副本。现在,更改将反映在浏览器和计算机上。回到我原来的问题,我仍然想知道为什么将保存状态更改为服务器修复了MAC错误,这是什么意思?我假设服务器现在必须维护每个会话的视图状态而不是客户端,可伸缩性更低/客户端 - 服务器流量更多?如果您将保存状态设置为服务器,我可以检查查看过期的异常或阻止用户创建视图(如果已经有太多,这是正确的吗?)
答案 0 :(得分:0)
似乎您的应用程序存在依赖性问题 ViewExpiredException可以轻松处理,这是没问题的 handle ViewExpiredException
完整配置的JSF项目示例JSF2.2 frontend
答案 1 :(得分:-4)
ByteArrayGuard类随机输出&#34;错误:MAC没有验证!&#34;消息到错误控制台。仅当启用了客户端视图状态加密并且多个客户端正在针对服务器运行时,才会发生这种情况。
因此,您必须使用...
在Java Server Faces引用中更改该类/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 1997-2011 Oracle and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
* or packager/legal/LICENSE.txt. See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at packager/legal/LICENSE.txt.
*
* GPL Classpath Exception:
* Oracle designates this particular file as subject to the "Classpath"
* exception as provided by Oracle in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
package com.sun.faces.renderkit;
import com.sun.faces.util.FacesLogger;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.faces.FacesException;
/**
* <p>This utility class is to provide both encryption and
* decryption <code>Ciphers</code> to <code>ResponseStateManager</code>
* implementations wishing to provide encryption support.</p>
*
* <p>The algorithm used to encrypt byte array is AES with CBC.</p>
*
* <p>Original author Inderjeet Singh, J2EE Blue Prints Team. Modified to suit JSF
* needs.</p>
*/
public final class ByteArrayGuard {
// Log instance for this class
private static final Logger LOGGER = FacesLogger.RENDERKIT.getLogger();
private static final int MAC_LENGTH = 32;
private static final int KEY_LENGTH = 128;
private static final int IV_LENGTH = 16;
private static final String KEY_ALGORITHM = "AES";
private static final String CIPHER_CODE = "AES/CBC/PKCS5Padding";
private static final String MAC_CODE = "HmacSHA256";
private SecretKey sk;
// ------------------------------------------------------------ Constructors
public ByteArrayGuard() {
try {
setupKeyAndMac();
} catch (Exception e) {
if (LOGGER.isLoggable(Level.SEVERE)) {
LOGGER.log(Level.SEVERE,
"Unexpected exception initializing encryption."
+ " No encryption will be performed.",
e);
}
System.err.println("ERROR: Initializing Ciphers");
}
}
// ---------------------------------------------------------- Public Methods
/**
* This method:
* Encrypts bytes using a cipher.
* Generates MAC for intialization vector of the cipher
* Generates MAC for encrypted data
* Returns a byte array consisting of the following concatenated together:
* |MAC for cnrypted Data | MAC for Init Vector | Encrypted Data |
* @param bytes The byte array to be encrypted.
* @return the encrypted byte array.
*/
public byte[] encrypt(byte[] bytes) {
byte[] securedata = null;
try {
// Generate IV
SecureRandom rand = new SecureRandom();
byte[] iv = new byte[16];
rand.nextBytes(iv);
IvParameterSpec ivspec = new IvParameterSpec(iv);
Cipher encryptCipher = Cipher.getInstance(CIPHER_CODE);
encryptCipher.init(Cipher.ENCRYPT_MODE, sk, ivspec);
Mac encryptMac = Mac.getInstance(MAC_CODE);
encryptMac.init(sk);
encryptMac.update(iv);
// encrypt the plaintext
byte[] encdata = encryptCipher.doFinal(bytes);
byte[] macBytes = encryptMac.doFinal(encdata);
byte[] tmp = concatBytes(macBytes, iv);
securedata = concatBytes(tmp, encdata);
} catch (Exception e) {
if (LOGGER.isLoggable(Level.SEVERE)) {
LOGGER.log(Level.SEVERE,
"Unexpected exception initializing encryption."
+ " No encryption will be performed.",
e);
}
return null;
}
return securedata;
}
/**
* This method decrypts the provided byte array.
* The decryption is only performed if the regenerated MAC
* is the same as the MAC for the received value.
* @param bytes Encrypted byte array to be decrypted.
* @return Decrypted byte array.
*/
public byte[] decrypt(byte[] bytes) {
try {
// Extract MAC
byte[] macBytes = new byte[MAC_LENGTH];
System.arraycopy(bytes, 0, macBytes, 0, macBytes.length);
// Extract IV
byte[] iv = new byte[IV_LENGTH];
System.arraycopy(bytes, macBytes.length, iv, 0, iv.length);
// Extract encrypted data
byte[] encdata = new byte[bytes.length - macBytes.length - iv.length];
System.arraycopy(bytes, macBytes.length + iv.length, encdata, 0, encdata.length);
IvParameterSpec ivspec = new IvParameterSpec(iv);
Cipher decryptCipher = Cipher.getInstance(CIPHER_CODE);
decryptCipher.init(Cipher.DECRYPT_MODE, sk, ivspec);
// verify MAC by regenerating it and comparing it with the received value
Mac decryptMac = Mac.getInstance(MAC_CODE);
decryptMac.init(sk);
decryptMac.update(iv);
decryptMac.update(encdata);
byte[] macBytesCalculated = decryptMac.doFinal();
if (Arrays.equals(macBytes, macBytesCalculated)) {
// continue only if the MAC was valid
// System.out.println("Valid MAC found!");
byte[] plaindata = decryptCipher.doFinal(encdata);
return plaindata;
} else {
System.err.println("ERROR: MAC did not verify!");
return null;
}
} catch (Exception e) {
System.err.println("ERROR: Decrypting:"+e.getCause());
return null; // Signal to JSF runtime
}
}
// --------------------------------------------------------- Private Methods
/**
* Generates secret key.
* Initializes MAC(s).
*/
private void setupKeyAndMac() {
try {
KeyGenerator kg = KeyGenerator.getInstance(KEY_ALGORITHM);
kg.init(KEY_LENGTH); // 256 if you're using the Unlimited Policy Files
sk = kg.generateKey();
} catch (Exception e) {
throw new FacesException(e);
}
}
/**
* This method concatenates two byte arrays
* @return a byte array of array1||array2
* @param array1 first byte array to be concatenated
* @param array2 second byte array to be concatenated
*/
private static byte[] concatBytes(byte[] array1, byte[] array2) {
byte[] cBytes = new byte[array1.length + array2.length];
try {
System.arraycopy(array1, 0, cBytes, 0, array1.length);
System.arraycopy(array2, 0, cBytes, array1.length, array2.length);
} catch(Exception e) {
throw new FacesException(e);
}
return cBytes;
}
}
然后重装这个罐子。 JSF_REFERENCE
