Search in sources :

Example 1 with RpcTokenException

use of com.google.gwt.user.client.rpc.RpcTokenException in project ovirt-engine by oVirt.

the class OvirtXsrfProtectedServiceServlet method validateXsrfToken.

@Override
protected void validateXsrfToken(RpcToken token, Method method) {
    if (token == null) {
        // $NON-NLS-1$
        throw new RpcTokenException("XSRF token missing");
    }
    String expectedToken;
    HttpSession session = getThreadLocalRequest().getSession();
    expectedToken = StringUtils.toHexString((byte[]) session.getAttribute(OvirtXsrfTokenServiceServlet.XSRF_TOKEN));
    XsrfToken xsrfToken = (XsrfToken) token;
    if (!expectedToken.equals(xsrfToken.getToken())) {
        // $NON-NLS-1$
        throw new RpcTokenException("Invalid XSRF token");
    }
}
Also used : HttpSession(javax.servlet.http.HttpSession) RpcTokenException(com.google.gwt.user.client.rpc.RpcTokenException) XsrfToken(com.google.gwt.user.client.rpc.XsrfToken)

Aggregations

RpcTokenException (com.google.gwt.user.client.rpc.RpcTokenException)1 XsrfToken (com.google.gwt.user.client.rpc.XsrfToken)1 HttpSession (javax.servlet.http.HttpSession)1