Revert "Removed deprecated code since 1.3"

This reverts commit ac0e9b9.

Author: meriouma

gwtp-core/gwtp-dispatch-common-client/src/main/java/com/gwtplatform/dispatch/client/OldDelegatingAsyncCallback.java

@@ -27,8 +27,6 @@
  * {@code AsyncCallback} implementation wrapping another {@link AsyncCallback} object used by a
  * {@link ClientActionHandler} to delegate the execution result.
  *
- * @deprecated Since 1.4.
- *
  * @param <A> the {@link TypedAction} type.
  * @param <R> the result type for this action.
  */

gwtp-core/gwtp-dispatch-common-client/src/main/java/com/gwtplatform/dispatch/client/actionhandler/AbstractClientActionHandler.java

@@ -20,7 +20,7 @@
  * Simple abstract super-class for {@link ClientActionHandler} implementations that forces the action class to be passed
  * in as a constructor to the handler.
  *
- * @deprecated Since 1.4. Use {@link com.gwtplatform.dispatch.rpc.client.interceptor.AbstractRpcInterceptor}
+ * @deprecated use {@link com.gwtplatform.dispatch.rpc.client.interceptor.AbstractRpcInterceptor}
  *
  * @param <A> The action type.
  * @param <R> The result type.

gwtp-core/gwtp-dispatch-common-client/src/main/java/com/gwtplatform/dispatch/client/actionhandler/ClientActionHandler.java

@@ -102,7 +102,7 @@
  * </code>
  * </pre>
  *
- * @deprecated Since 1.4. Use {@link com.gwtplatform.dispatch.client.interceptor.Interceptor}
+ * @deprecated use {@link com.gwtplatform.dispatch.client.interceptor.Interceptor}
  *
  * @param <A> The type of the action.
  * @param <R> The type of the result.

gwtp-core/gwtp-dispatch-common-client/src/main/java/com/gwtplatform/dispatch/client/actionhandler/ClientActionHandlerMismatchException.java

@@ -21,7 +21,7 @@
  * A provider was registered to provide a client-side action handler for an action, but this action was not the same
  * action as specified by {@link ClientActionHandler#getActionType()}.
  *
- * @deprecated Since 1.4. Use {@link com.gwtplatform.dispatch.client.interceptor.InterceptorMismatchException}
+ * @deprecated use {@link com.gwtplatform.dispatch.client.interceptor.InterceptorMismatchException}
  */
 @Deprecated
 public class ClientActionHandlerMismatchException extends RuntimeException {

gwtp-core/gwtp-dispatch-common-client/src/main/java/com/gwtplatform/dispatch/client/actionhandler/ClientActionHandlerRegistry.java

@@ -24,7 +24,7 @@
  * {@link com.gwtplatform.dispatch.rest.shared.RestDispatch RestDispatch} implementation to find client-side action
  * handlers.
  *
- * @deprecated Since 1.4. Use {@link com.gwtplatform.dispatch.rpc.client.interceptor.RpcInterceptorRegistry}
+ * @deprecated use {@link com.gwtplatform.dispatch.rpc.client.interceptor.RpcInterceptorRegistry}
  */
 @Deprecated
 public interface ClientActionHandlerRegistry {

gwtp-core/gwtp-dispatch-common-client/src/main/java/com/gwtplatform/dispatch/client/actionhandler/DefaultClientActionHandlerRegistry.java

@@ -67,7 +67,7 @@
  * </code>
  * </pre>
  *
- * @deprecated Since 1.4. Use {@link com.gwtplatform.dispatch.rpc.client.interceptor.DefaultRpcInterceptorRegistry}
+ * @deprecated use {@link com.gwtplatform.dispatch.rpc.client.interceptor.DefaultRpcInterceptorRegistry}
  */
 @Deprecated
 public class DefaultClientActionHandlerRegistry implements ClientActionHandlerRegistry {

gwtp-core/gwtp-dispatch-common-client/src/main/java/com/gwtplatform/dispatch/client/actionhandler/ExecuteCommand.java

@@ -22,7 +22,7 @@
 /**
  * The interface that {@link ClientActionHandler}s use to send the action to execute to the server.
  *
- * @deprecated Since 1.4. Use {@link com.gwtplatform.dispatch.client.interceptor.ExecuteCommand}
+ * @deprecated use {@link com.gwtplatform.dispatch.client.interceptor.ExecuteCommand}
  *
  * @param <A> The action type.
  * @param <R> The result type.

gwtp-core/gwtp-dispatch-common-client/src/main/java/com/gwtplatform/dispatch/client/actionhandler/UndoCommand.java

@@ -22,7 +22,7 @@
 /**
  * The interface that {@link ClientActionHandler}s use to send the action to undo to the server.
  *
- * @deprecated Since 1.4. Use {@link com.gwtplatform.dispatch.client.interceptor.UndoCommand}
+ * @deprecated use {@link com.gwtplatform.dispatch.client.interceptor.UndoCommand}
  *
  * @param <A> The action type.
  * @param <R> The result type.

gwtp-core/gwtp-dispatch-common-client/src/main/java/com/gwtplatform/dispatch/client/actionhandler/caching/AbstractCachingClientActionHandler.java

@@ -48,8 +48,7 @@
  * Flexibility of cache implementation to support custom caching
  * </li>
  * </ol>
- * @deprecated Since 1.4.
- * Use {@link com.gwtplatform.dispatch.rpc.client.interceptor.caching.AbstractCachingRpcInterceptor}
+ * @deprecated use {@link com.gwtplatform.dispatch.rpc.client.interceptor.caching.AbstractCachingRpcInterceptor}
  *
  * @param <A> The type of the action.
  * @param <R> The type of the result.

gwtp-core/gwtp-dispatch-common-client/src/main/java/com/gwtplatform/dispatch/client/actionhandler/caching/ActionCachingHandler.java

@@ -19,7 +19,7 @@
 /**
  * Default implementation of {@link AbstractCachingClientActionHandler}. It supports action caching
  *
- * @deprecated Since 1.4. Use {@link com.gwtplatform.dispatch.rpc.client.interceptor.caching.CachingInterceptor}
+ * @deprecated use {@link com.gwtplatform.dispatch.rpc.client.interceptor.caching.CachingInterceptor}
  *
  * @param <A> The type of the action.
  * @param <R> The type of the result.

gwtp-core/gwtp-dispatch-common-client/src/main/java/com/gwtplatform/dispatch/client/actionhandler/caching/Cache.java

@@ -19,7 +19,7 @@
 /**
  * Interface for client side caching.
  *
- * @deprecated Since 1.4. Use {@link com.gwtplatform.dispatch.rpc.client.interceptor.caching.Cache}
+ * @deprecated use {@link com.gwtplatform.dispatch.rpc.client.interceptor.caching.Cache}
  */
 @Deprecated
 public interface Cache {

gwtp-core/gwtp-dispatch-common-client/src/main/java/com/gwtplatform/dispatch/client/actionhandler/caching/DefaultCacheImpl.java

@@ -23,7 +23,7 @@
 /**
  * Default Implementation for {@link Cache}, backed by an {@link java.util.HashMap}.
  *
- * @deprecated Since 1.4. Use {@link com.gwtplatform.dispatch.rpc.client.interceptor.caching.DefaultCacheImpl}
+ * @deprecated use {@link com.gwtplatform.dispatch.rpc.client.interceptor.caching.DefaultCacheImpl}
  */
 @Deprecated
 public class DefaultCacheImpl implements Cache {

gwtp-core/gwtp-dispatch-rest/src/main/java/com/gwtplatform/dispatch/rest/client/gin/BaseRestDispatchModuleBuilder.java

@@ -110,7 +110,7 @@ public B requestTimeout(int timeoutMs) {
     /**
      * Specify the XSRF token header name.
      *
-     * @deprecated Since 1.4. Use {@link #xsrfTokenHeaderName(String)}
+     * @deprecated See {@link #xsrfTokenHeaderName(String)}
      */
     @Deprecated
     public B xcsrfTokenHeaderName(String xsrfTokenHeaderName) {

gwtp-core/gwtp-dispatch-rpc-client/src/main/java/com/gwtplatform/dispatch/rpc/client/RpcDispatchExecuteCall.java

@@ -115,9 +115,6 @@ public void onSuccess(R result) {
         ));
     }
 
-    /**
-     * @deprecated Since 1.4.
-     */
     @Deprecated
     private DispatchRequest findClientActionHandlerRequest() {
         DispatchRequest request = null;

gwtp-core/gwtp-dispatch-rpc-client/src/main/java/com/gwtplatform/dispatch/rpc/client/RpcDispatchUndoCall.java

@@ -114,9 +114,6 @@ public void onSuccess(Void nothing) {
         ));
     }
 
-    /**
-     * @deprecated Since 1.4.
-     */
     @Deprecated
     private DispatchRequest findClientActionHandlerRequest() {
         DispatchRequest request = null;

gwtp-core/gwtp-dispatch-rpc-client/src/main/java/com/gwtplatform/dispatch/rpc/client/gin/PhoneGapDispatchAsyncModule.java

@@ -39,7 +39,7 @@ public PhoneGapDispatchAsyncModule build() {
     }
 
     /**
-     * @deprecated Since 1.4. Use the PhoneGapDispatchAsyncModule.Builder class
+     * @deprecated Use the PhoneGapDispatchAsyncModule.Builder class
      */
     @Deprecated
     public PhoneGapDispatchAsyncModule() {

gwtp-core/gwtp-dispatch-rpc-client/src/main/java/com/gwtplatform/dispatch/rpc/client/gin/RpcDispatchAsyncModule.java

@@ -58,9 +58,6 @@ public static class Builder extends AbstractDispatchAsyncModule.Builder<Builder>
         private Class<? extends RpcDispatchHooks> dispatchHooks = DefaultRpcDispatchHooks.class;
         private Class<? extends RpcInterceptorRegistry> interceptorRegistry = DefaultRpcInterceptorRegistry.class;
 
-        /**
-         * @deprecated Since 1.4.
-         */
         @Deprecated
         private Class<? extends ClientActionHandlerRegistry> clientActionHandlerRegistryType =
                 DefaultClientActionHandlerRegistry.class;

gwtp-core/gwtp-dispatch-rpc-server-guice/src/main/java/com/gwtplatform/dispatch/rpc/server/guice/HttpSessionSecurityCookieFilter.java

@@ -0,0 +1,59 @@
+/*
+ * Copyright 2011 ArcBees Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.gwtplatform.dispatch.rpc.server.guice;
+
+import javax.inject.Inject;
+import javax.inject.Provider;
+import javax.inject.Singleton;
+import javax.servlet.http.HttpSession;
+
+import com.gwtplatform.dispatch.rpc.server.AbstractHttpSessionSecurityCookieFilter;
+import com.gwtplatform.dispatch.shared.SecurityCookie;
+
+/**
+ * This filter will automatically inject a security cookie inside the request the first time the page is loaded. This
+ * security cookie is based on the {@link HttpSession} and will only work if the session is enabled. To setup this
+ * filter, add the following line at before any other {@code serve} call in your own
+ * {@link com.google.inject.servlet.ServletModule#configureServlets}:
+ * <p/>
+ * <pre>
+ * filter(&quot;*.jsp&quot;).through(HttpSessionSecurityCookieFilter.class);
+ * </pre>
+ * <p/>
+ * You also have to use a {@code .jsp} file instead of a {@code .html} as your main GWT file.
+ *
+ * @deprecated Please use {@link com.gwtplatform.dispatch.rpc.server.guice.RandomSecurityCookieFilter}.
+ * Using the JSESSIONID like this might let an XSS attacker hijack a session. See GitHub issue #484
+ */
+@Deprecated
+@Singleton
+public class HttpSessionSecurityCookieFilter extends AbstractHttpSessionSecurityCookieFilter {
+
+    private final Provider<HttpSession> session;
+
+    @Inject
+    HttpSessionSecurityCookieFilter(@SecurityCookie String securityCookieName, Provider<HttpSession> session) {
+        super(securityCookieName);
+        this.session = session;
+    }
+
+    @Override
+    protected HttpSession getSession() {
+        return session.get();
+    }
+
+}

gwtp-core/gwtp-dispatch-rpc-server-spring/src/main/java/com/gwtplatform/dispatch/rpc/server/spring/HttpSessionSecurityCookieFilter.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2011 ArcBees Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.gwtplatform.dispatch.rpc.server.spring;
+
+import javax.servlet.http.HttpSession;
+
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.gwtplatform.dispatch.rpc.server.AbstractHttpSessionSecurityCookieFilter;
+
+/**
+ * @deprecated Please use {@link com.gwtplatform.dispatch.rpc.server.spring.RandomSecurityCookieFilter}.
+ * Using the JSESSIONID like this might let an XSS attacker hijack a session. See GitHub issue #484
+ */
+@Deprecated
+public class HttpSessionSecurityCookieFilter extends AbstractHttpSessionSecurityCookieFilter {
+    public HttpSessionSecurityCookieFilter(String securityCookieName) {
+        super(securityCookieName);
+    }
+
+    @Override
+    protected HttpSession getSession() {
+        return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest().getSession();
+    }
+}

gwtp-core/gwtp-dispatch-rpc-server-spring/src/main/java/com/gwtplatform/dispatch/rpc/server/spring/configuration/DefaultModule.java

@@ -18,7 +18,9 @@
 
 import org.springframework.context.annotation.Bean;
 
+import com.gwtplatform.dispatch.rpc.server.AbstractHttpSessionSecurityCookieFilter;
 import com.gwtplatform.dispatch.rpc.server.RequestProvider;
+import com.gwtplatform.dispatch.rpc.server.spring.HttpSessionSecurityCookieFilter;
 import com.gwtplatform.dispatch.rpc.server.spring.request.DefaultRequestProvider;
 
 /**
@@ -32,6 +34,11 @@ String getSecurityCookieName() {
         return securityCookieName;
     }
 
+    @Bean
+    AbstractHttpSessionSecurityCookieFilter getCookieFilter() {
+        return new HttpSessionSecurityCookieFilter(getSecurityCookieName());
+    }
+
     @Bean
     RequestProvider getRequestProvider() {
         return new DefaultRequestProvider();

gwtp-core/gwtp-dispatch-rpc-server/src/main/java/com/gwtplatform/dispatch/rpc/server/AbstractHttpSessionSecurityCookieFilter.java

@@ -0,0 +1,76 @@
+/*
+ * Copyright 2011 ArcBees Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.gwtplatform.dispatch.rpc.server;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+/**
+ * This filter will automatically inject a security cookie inside the request the first time the page is loaded. This
+ * security cookie is based on the {@link HttpSession} and will only work if the session is enabled. To setup this
+ * filter, add the following line at before any other {@code serve} call in your own
+ * {@link com.google.inject.servlet.ServletModule#configureServlets}:
+ * <p/>
+ * <pre>
+ * filter(&quot;*.jsp&quot;).through(HttpSessionSecurityCookieFilter.class);
+ * </pre>
+ * <p/>
+ * You also have to use a {@code .jsp} file instead of a {@code .html} as your main GWT file.
+ *
+ * @deprecated Please use {@link com.gwtplatform.dispatch.rpc.server.AbstractRandomSecurityCookieFilter}.
+ * Using the JSESSIONID like this might let an XSS attacker hijack a session. See GitHub issue #484
+ */
+@Deprecated
+public abstract class AbstractHttpSessionSecurityCookieFilter implements Filter {
+
+    private final String securityCookieName;
+
+    protected AbstractHttpSessionSecurityCookieFilter(String securityCookieName) {
+        this.securityCookieName = securityCookieName;
+    }
+
+    public void destroy() {
+    }
+
+    protected abstract HttpSession getSession();
+
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
+            ServletException {
+
+        if (request instanceof HttpServletRequest) {
+            HttpServletResponse httpResponse = (HttpServletResponse) response;
+            Cookie securityCookie = new Cookie(securityCookieName, getSession().getId());
+            securityCookie.setMaxAge(-1);
+            securityCookie.setPath("/");
+            httpResponse.addCookie(securityCookie);
+        }
+        chain.doFilter(request, response);
+    }
+
+    public void init(FilterConfig filterConfig) throws ServletException {
+    }
+}

gwtp-core/gwtp-mvp-client/src/main/java/com/gwtplatform/mvp/client/HasPopupSlot.java

@@ -56,7 +56,7 @@ public interface HasPopupSlot {
      * @param child  The popup child, a {@link PresenterWidget}.
      * @param center - has no affect.
      * @see #addToPopupSlot(PresenterWidget)
-     * @deprecated - Since 1.4. Use {@link #addToPopupSlot(PresenterWidget)} instead. Center no longer as any affect.
+     * @deprecated - Use {@link #addToPopupSlot(PresenterWidget)} instead. Center no longer as any affect.
      */
     @Deprecated
     void addToPopupSlot(final PresenterWidget<? extends PopupView> child, boolean center);

gwtp-core/gwtp-mvp-client/src/main/java/com/gwtplatform/mvp/client/PopupView.java

@@ -85,15 +85,16 @@ public interface PopupView extends View {
      *
      * @param left The left position of the top-left corner (in pixels).
      * @param top  The top position of the top-left corner (in pixels).
-     * @deprecated since 1.4. Use a {@link com.gwtplatform.mvp.client.view.PopupPositioner} instead.
+     * @deprecated use a {@link com.gwtplatform.mvp.client.view.PopupPositioner} instead.
      */
     @Deprecated
     void setPosition(int left, int top);
 
     /**
      * This method does nothing.
-     * @deprecated since 1.4. Use a {@link com.gwtplatform.mvp.client.view.PopupPositioner} instead.
+     * @deprecated use a {@link com.gwtplatform.mvp.client.view.PopupPositioner} instead.
      */
     @Deprecated
     void center();
+
 }