Bug 1347845

Summary: [GSS](6.4.z) JAVASERVERFACES-4137 - Enable CLIENTSTATESAVINGPASSWORD By Default In JSF 1.2
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: ivassile
Component: JSFAssignee: Radovan Netuka <rnetuka>
Status: CLOSED CURRENTRELEASE QA Contact: Jan Kasik <jkasik>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4.0CC: bmaxwell, dosoudil, fgavrilo, fjuma, ivassile, jawilson, jtruhlar, maschmid, mcada, rhatlapa, rnetuka, ssilvert
Target Milestone: CR1   
Target Release: EAP 6.4.10   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-17 12:59:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1339868, 1347868    

Description ivassile 2016-06-17 20:31:35 UTC 
Backport JAVASERVERFACES-4137 to our Mojarra 2.1.28 fork for EAP 6.4.x.
Comment 1 Farah Juma 2016-06-17 22:06:01 UTC 
The commit that needs to be backported is:

https://github.com/javaserverfaces/mojarra/commit/26b8c15dcab647fe8d2026453f80d060d2ebe46c
Comment 9 Farah Juma 2016-09-02 15:43:42 UTC 
Here's a description of this issue, as requested by Ilia:

ByteArrayGuard's usage of Mac instances is not thread-safe which can randomly result in "ERROR: MAC did not verify!" messages being output. JAVASERVERFACES-4137 fixes this problem by moving Mac instantiation and initialization to the encrypt/decrypt methods in ByteArrayGuard and enabling ViewState data encryption by default.
Comment 10 Michael Cada 2016-09-06 13:43:23 UTC 
Commit successfully backported. No regressions found. Verified with EAP 6.4.10.CP.CR2
Comment 11 Petr Penicka 2017-01-17 12:59:10 UTC 
Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.