Search in sources :

Example 6 with XsrfToken

use of com.google.gwt.user.client.rpc.XsrfToken in project ovirt-engine by oVirt.

the class OvirtXsrfProtectedServiceServlet method validateXsrfToken.

@Override
protected void validateXsrfToken(RpcToken token, Method method) {
    if (token == null) {
        // $NON-NLS-1$
        throw new RpcTokenException("XSRF token missing");
    }
    String expectedToken;
    HttpSession session = getThreadLocalRequest().getSession();
    expectedToken = StringUtils.toHexString((byte[]) session.getAttribute(OvirtXsrfTokenServiceServlet.XSRF_TOKEN));
    XsrfToken xsrfToken = (XsrfToken) token;
    if (!expectedToken.equals(xsrfToken.getToken())) {
        // $NON-NLS-1$
        throw new RpcTokenException("Invalid XSRF token");
    }
}
Also used : HttpSession(javax.servlet.http.HttpSession) RpcTokenException(com.google.gwt.user.client.rpc.RpcTokenException) XsrfToken(com.google.gwt.user.client.rpc.XsrfToken)

Aggregations

XsrfToken (com.google.gwt.user.client.rpc.XsrfToken)6 Before (org.junit.Before)3 CommunicationProvider (org.ovirt.engine.ui.frontend.communication.CommunicationProvider)2 GWTRPCCommunicationProvider (org.ovirt.engine.ui.frontend.communication.GWTRPCCommunicationProvider)2 OperationProcessor (org.ovirt.engine.ui.frontend.communication.OperationProcessor)2 VdcOperationManager (org.ovirt.engine.ui.frontend.communication.VdcOperationManager)2 GenericApiGWTServiceAsync (org.ovirt.engine.ui.frontend.gwtservices.GenericApiGWTServiceAsync)2 RpcTokenException (com.google.gwt.user.client.rpc.RpcTokenException)1 ArrayList (java.util.ArrayList)1 HttpSession (javax.servlet.http.HttpSession)1 Test (org.junit.Test)1 QueryParametersBase (org.ovirt.engine.core.common.queries.QueryParametersBase)1 QueryType (org.ovirt.engine.core.common.queries.QueryType)1