Example usage for com.vaadin.server VaadinService isCsrfTokenValid

List of usage examples for com.vaadin.server VaadinService isCsrfTokenValid

Introduction

In this page you can find the example usage for com.vaadin.server VaadinService isCsrfTokenValid.

Prototype

public static boolean isCsrfTokenValid(VaadinSession session, String requestToken) 

Source Link

Document

Verifies that the given CSRF token (aka double submit cookie) is valid for the given session.

Usage

From source file:org.semanticsoft.vaaclipse.app.servlet.VaaclipseServerRpcHandler.java

License:Open Source License

public void handleRpc(UI ui, Reader reader, VaadinRequest request)
        throws IOException, InvalidUIDLSecurityKeyException {
    ui.getSession().setLastRequestTimestamp(System.currentTimeMillis());

    String changeMessage = getMessage(reader);

    if (changeMessage == null || changeMessage.equals("")) {
        // The client sometimes sends empty messages, this is probably a bug
        return;//  w  ww  . j a  v a2s  . c o m
    }

    RpcRequest rpcRequest = new RpcRequest(changeMessage, request);
    // Security: double cookie submission pattern unless disabled by
    // property
    if (!VaadinService.isCsrfTokenValid(ui.getSession(), rpcRequest.getCsrfToken())) {
        throw new InvalidUIDLSecurityKeyException("");
    }
    handleInvocations(ui, rpcRequest.getSyncId(), rpcRequest.getRpcInvocationsData());

    ui.getConnectorTracker().cleanConcurrentlyRemovedConnectorIds(rpcRequest.getSyncId());
}