use of com.google.gwt.user.client.rpc.XsrfToken in project ovirt-engine by oVirt.
the class OvirtXsrfProtectedServiceServlet method validateXsrfToken.
@Override
protected void validateXsrfToken(RpcToken token, Method method) {
if (token == null) {
// $NON-NLS-1$
throw new RpcTokenException("XSRF token missing");
}
String expectedToken;
HttpSession session = getThreadLocalRequest().getSession();
expectedToken = StringUtils.toHexString((byte[]) session.getAttribute(OvirtXsrfTokenServiceServlet.XSRF_TOKEN));
XsrfToken xsrfToken = (XsrfToken) token;
if (!expectedToken.equals(xsrfToken.getToken())) {
// $NON-NLS-1$
throw new RpcTokenException("Invalid XSRF token");
}
}
Aggregations