Example 6 with XsrfToken
use of com.google.gwt.user.client.rpc.XsrfToken in project ovirt-engine by oVirt.
the class OvirtXsrfProtectedServiceServlet method validateXsrfToken.
@Override
protected void validateXsrfToken(RpcToken token, Method method) {
if (token == null) {
// $NON-NLS-1$
throw new RpcTokenException("XSRF token missing");
}
String expectedToken;
HttpSession session = getThreadLocalRequest().getSession();
expectedToken = StringUtils.toHexString((byte[]) session.getAttribute(OvirtXsrfTokenServiceServlet.XSRF_TOKEN));
XsrfToken xsrfToken = (XsrfToken) token;
if (!expectedToken.equals(xsrfToken.getToken())) {
// $NON-NLS-1$
throw new RpcTokenException("Invalid XSRF token");
}
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
RpcTokenException(com.google.gwt.user.client.rpc.RpcTokenException)
XsrfToken(com.google.gwt.user.client.rpc.XsrfToken)
Aggregations
XsrfToken (com.google.gwt.user.client.rpc.XsrfToken)6
Before (org.junit.Before)3
CommunicationProvider (org.ovirt.engine.ui.frontend.communication.CommunicationProvider)2
GWTRPCCommunicationProvider (org.ovirt.engine.ui.frontend.communication.GWTRPCCommunicationProvider)2
OperationProcessor (org.ovirt.engine.ui.frontend.communication.OperationProcessor)2
VdcOperationManager (org.ovirt.engine.ui.frontend.communication.VdcOperationManager)2
GenericApiGWTServiceAsync (org.ovirt.engine.ui.frontend.gwtservices.GenericApiGWTServiceAsync)2
RpcTokenException (com.google.gwt.user.client.rpc.RpcTokenException)1
ArrayList (java.util.ArrayList)1
HttpSession (javax.servlet.http.HttpSession)1
Test (org.junit.Test)1
QueryParametersBase (org.ovirt.engine.core.common.queries.QueryParametersBase)1
QueryType (org.ovirt.engine.core.common.queries.QueryType)1
