List of usage examples for com.vaadin.server VaadinService isCsrfTokenValid
public static boolean isCsrfTokenValid(VaadinSession session, String requestToken)
From source file:org.semanticsoft.vaaclipse.app.servlet.VaaclipseServerRpcHandler.java
License:Open Source License
public void handleRpc(UI ui, Reader reader, VaadinRequest request) throws IOException, InvalidUIDLSecurityKeyException { ui.getSession().setLastRequestTimestamp(System.currentTimeMillis()); String changeMessage = getMessage(reader); if (changeMessage == null || changeMessage.equals("")) { // The client sometimes sends empty messages, this is probably a bug return;// w ww . j a v a2s . c o m } RpcRequest rpcRequest = new RpcRequest(changeMessage, request); // Security: double cookie submission pattern unless disabled by // property if (!VaadinService.isCsrfTokenValid(ui.getSession(), rpcRequest.getCsrfToken())) { throw new InvalidUIDLSecurityKeyException(""); } handleInvocations(ui, rpcRequest.getSyncId(), rpcRequest.getRpcInvocationsData()); ui.getConnectorTracker().cleanConcurrentlyRemovedConnectorIds(rpcRequest.getSyncId()); }