예제 #1
0
  private void rotateTokens(HttpServletRequest request) {
    HttpSession session = request.getSession(true);

    /** rotate master token * */
    String tokenFromSession = null;

    try {
      tokenFromSession = RandomGenerator.generateRandomId(getPrng(), getTokenLength());
    } catch (Exception e) {
      throw new RuntimeException(
          String.format("unable to generate the random token - %s", e.getLocalizedMessage()), e);
    }

    session.setAttribute(getSessionKey(), tokenFromSession);

    /** rotate page token * */
    if (isTokenPerPageEnabled()) {
      @SuppressWarnings("unchecked")
      Map<String, String> pageTokens =
          (Map<String, String>) session.getAttribute(CsrfGuard.PAGE_TOKENS_KEY);

      try {
        pageTokens.put(
            request.getRequestURI(), RandomGenerator.generateRandomId(getPrng(), getTokenLength()));
      } catch (Exception e) {
        throw new RuntimeException(
            String.format("unable to generate the random token - %s", e.getLocalizedMessage()), e);
      }
    }
  }
예제 #2
0
  /**
   * Create page token if it doesn't exist.
   *
   * @param pageTokens A map of tokens. If token doesn't exist it will be added.
   * @param uri The key for the tokens.
   */
  private void createPageToken(Map<String, String> pageTokens, String uri) {

    if (pageTokens == null) return;

    /** create token if it does not exist * */
    if (pageTokens.containsKey(uri)) return;
    try {
      pageTokens.put(uri, RandomGenerator.generateRandomId(getPrng(), getTokenLength()));
    } catch (Exception e) {
      throw new RuntimeException(
          String.format("unable to generate the random token - %s", e.getLocalizedMessage()), e);
    }
  }
예제 #3
0
  public void updateToken(HttpSession session) {
    String tokenValue = (String) session.getAttribute(getSessionKey());

    /** Generate a new token and store it in the session. * */
    if (tokenValue == null) {
      try {
        tokenValue = RandomGenerator.generateRandomId(getPrng(), getTokenLength());
      } catch (Exception e) {
        throw new RuntimeException(
            String.format("unable to generate the random token - %s", e.getLocalizedMessage()), e);
      }

      session.setAttribute(getSessionKey(), tokenValue);
    }
  }