Example 1 with RpcTokenException
use of com.google.gwt.user.client.rpc.RpcTokenException in project ovirt-engine by oVirt.
the class OvirtXsrfProtectedServiceServlet method validateXsrfToken.
@Override
protected void validateXsrfToken(RpcToken token, Method method) {
if (token == null) {
// $NON-NLS-1$
throw new RpcTokenException("XSRF token missing");
}
String expectedToken;
HttpSession session = getThreadLocalRequest().getSession();
expectedToken = StringUtils.toHexString((byte[]) session.getAttribute(OvirtXsrfTokenServiceServlet.XSRF_TOKEN));
XsrfToken xsrfToken = (XsrfToken) token;
if (!expectedToken.equals(xsrfToken.getToken())) {
// $NON-NLS-1$
throw new RpcTokenException("Invalid XSRF token");
}
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
RpcTokenException(com.google.gwt.user.client.rpc.RpcTokenException)
XsrfToken(com.google.gwt.user.client.rpc.XsrfToken)
Aggregations
RpcTokenException (com.google.gwt.user.client.rpc.RpcTokenException)1
XsrfToken (com.google.gwt.user.client.rpc.XsrfToken)1
HttpSession (javax.servlet.http.HttpSession)1
