Exemplo n.º 1
0
  private void verifyAjaxToken(HttpServletRequest request) throws CsrfGuardException {
    HttpSession session = request.getSession(true);
    String tokenFromSession = (String) session.getAttribute(getSessionKey());
    String tokenFromRequest = request.getHeader(getTokenName());

    if (tokenFromRequest == null) {
      /** FAIL: token is missing from the request * */
      throw new CsrfGuardException("required token is missing from the request");
    } else if (tokenFromRequest.indexOf(tokenFromSession) == -1) {
      /** FAIL: the request token does not match the session token * */
      throw new CsrfGuardException("request token does not match session token");
    }
  }
Exemplo n.º 2
0
 private boolean isAjaxRequest(HttpServletRequest request) {
   return request.getHeader("X-Requested-With") != null;
 }