Merge pull request #130 from wtlucy/secureRandom_2.1.x
MYFACES-4373: prefer SecureRandom for token generation 2.1.x
diff --git a/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java b/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
index 52502a8..86639d0 100644
--- a/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
+++ b/impl/src/main/java/org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.java
@@ -180,12 +180,12 @@
/**
* Adds a random key to the generated view state session token.
*/
- @JSFWebConfigParam(since="2.1.9, 2.0.15", expectedValues="secureRandom, random, none",
- defaultValue="none", group="state")
+ @JSFWebConfigParam(since="2.1.9, 2.0.15", expectedValues="secureRandom, random",
+ defaultValue="secureRandom", group="state")
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM
= "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN";
public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM_DEFAULT =
- RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_NONE;
+ RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM;
/**
* Set the default length of the random key added to the view state session token.