/** * Validates {@link XsrfToken} included with {@link RPCRequest} against XSRF * cookie. */ @Override protected void validateXsrfToken(RpcToken token, Method method) throws RpcTokenException { if (token == null) { throw new RpcTokenException("XSRF token missing"); } Cookie sessionCookie = Util.getCookie(getThreadLocalRequest(), sessionCookieName, false); if (sessionCookie == null || sessionCookie.getValue() == null || sessionCookie.getValue().length() == 0) { throw new RpcTokenException("Session cookie is missing or empty! " + "Unable to verify XSRF cookie"); } String expectedToken = StringUtils.toHexString( Md5Utils.getMd5Digest(sessionCookie.getValue().getBytes())); XsrfToken xsrfToken = (XsrfToken) token; if (!expectedToken.equals(xsrfToken.getToken())) { throw new RpcTokenException("Invalid XSRF token"); } } }
/** * Validates {@link XsrfToken} included with {@link RPCRequest} against XSRF * cookie. */ @Override protected void validateXsrfToken(RpcToken token, Method method) throws RpcTokenException { if (token == null) { throw new RpcTokenException("XSRF token missing"); } Cookie sessionCookie = Util.getCookie(getThreadLocalRequest(), sessionCookieName, false); if (sessionCookie == null || sessionCookie.getValue() == null || sessionCookie.getValue().length() == 0) { throw new RpcTokenException("Session cookie is missing or empty! " + "Unable to verify XSRF cookie"); } String expectedToken = StringUtils.toHexString( Md5Utils.getMd5Digest(sessionCookie.getValue().getBytes())); XsrfToken xsrfToken = (XsrfToken) token; if (!expectedToken.equals(xsrfToken.getToken())) { throw new RpcTokenException("Invalid XSRF token"); } } }
/** * Validates {@link XsrfToken} included with {@link RPCRequest} against XSRF * cookie. */ @Override protected void validateXsrfToken(RpcToken token, Method method) throws RpcTokenException { if (token == null) { throw new RpcTokenException("XSRF token missing"); } Cookie sessionCookie = Util.getCookie(getThreadLocalRequest(), sessionCookieName, false); if (sessionCookie == null || sessionCookie.getValue() == null || sessionCookie.getValue().length() == 0) { throw new RpcTokenException("Session cookie is missing or empty! " + "Unable to verify XSRF cookie"); } String expectedToken = StringUtils.toHexString( Md5Utils.getMd5Digest(sessionCookie.getValue().getBytes())); XsrfToken xsrfToken = (XsrfToken) token; if (!expectedToken.equals(xsrfToken.getToken())) { throw new RpcTokenException("Invalid XSRF token"); } } }