Alexander Wels has uploaded a new change for review. Change subject: userportal,webadmin: token generation fix ......................................................................
userportal,webadmin: token generation fix - Fix token generation to use session id instead of passed in jsessionid cookie, as that value might be stale. This prevents a lot of 500 errors in the log due to automatic login. Change-Id: I3e9a234bada73873f398d4220808f573810440dc Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1115918 Signed-off-by: Alexander Wels <aw...@redhat.com> --- A frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/OvirtXsrfTokenServiceServlet.java M frontend/webadmin/modules/frontend/src/main/resources/META-INF/web-fragment.xml 2 files changed, 27 insertions(+), 1 deletion(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/49/30849/1 diff --git a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/OvirtXsrfTokenServiceServlet.java b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/OvirtXsrfTokenServiceServlet.java new file mode 100644 index 0000000..82a15b2 --- /dev/null +++ b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/OvirtXsrfTokenServiceServlet.java @@ -0,0 +1,26 @@ +package org.ovirt.engine.ui.frontend.server.gwt; + +import com.google.gwt.user.client.rpc.XsrfToken; +import com.google.gwt.user.server.rpc.XsrfTokenServiceServlet; +import com.google.gwt.util.tools.shared.Md5Utils; +import com.google.gwt.util.tools.shared.StringUtils; + +public class OvirtXsrfTokenServiceServlet extends XsrfTokenServiceServlet { + + /** + * serial version UID. + */ + private static final long serialVersionUID = 1854606938563216502L; + + /** + * Generates and returns new XSRF token. + */ + public XsrfToken getNewXsrfToken() { + return new XsrfToken(generateTokenValueResponse()); + } + + private String generateTokenValueResponse() { + byte[] cookieBytes = getThreadLocalRequest().getSession().getId().getBytes(); + return StringUtils.toHexString(Md5Utils.getMd5Digest(cookieBytes)); + } +} diff --git a/frontend/webadmin/modules/frontend/src/main/resources/META-INF/web-fragment.xml b/frontend/webadmin/modules/frontend/src/main/resources/META-INF/web-fragment.xml index 193af6c..368d2e8 100644 --- a/frontend/webadmin/modules/frontend/src/main/resources/META-INF/web-fragment.xml +++ b/frontend/webadmin/modules/frontend/src/main/resources/META-INF/web-fragment.xml @@ -93,7 +93,7 @@ <servlet> <servlet-name>XsrfTokenServiceServlet</servlet-name> - <servlet-class>com.google.gwt.user.server.rpc.XsrfTokenServiceServlet</servlet-class> + <servlet-class>org.ovirt.engine.ui.frontend.server.gwt.OvirtXsrfTokenServiceServlet</servlet-class> </servlet> <!-- PageNotFound Servlet --> <servlet> -- To view, visit http://gerrit.ovirt.org/30849 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3e9a234bada73873f398d4220808f573810440dc Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alexander Wels <aw...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
