public void updateTokens(HttpServletRequest request) {
/** cannot create sessions if response already committed * */
HttpSession session = request.getSession(false);
if (session != null) {
/** create master token if it does not exist * */
updateToken(session);
/** create page specific token * */
if (isTokenPerPageEnabled()) {
@SuppressWarnings("unchecked")
Map<String, String> pageTokens =
(Map<String, String>) session.getAttribute(CsrfGuard.PAGE_TOKENS_KEY);
/** first time initialization * */
if (pageTokens == null) {
pageTokens = new HashMap<String, String>();
session.setAttribute(CsrfGuard.PAGE_TOKENS_KEY, pageTokens);
}
/** create token if it does not exist * */
if (isProtectedPageAndMethod(request)) {
createPageToken(pageTokens, request.getRequestURI());
}
}
}
}
public String getTokenValue(HttpServletRequest request, String uri) {
String tokenValue = null;
HttpSession session = request.getSession(false);
if (session != null) {
if (isTokenPerPageEnabled()) {
@SuppressWarnings("unchecked")
Map<String, String> pageTokens =
(Map<String, String>) session.getAttribute(CsrfGuard.PAGE_TOKENS_KEY);
if (pageTokens != null) {
if (isTokenPerPagePrecreate()) {
createPageToken(pageTokens, uri);
}
tokenValue = pageTokens.get(uri);
}
}
if (tokenValue == null) {
tokenValue = (String) session.getAttribute(getSessionKey());
}
}
return tokenValue;
}