You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ju...@apache.org on 2022/07/12 21:03:42 UTC
[jspwiki] 09/25: Session gets new antiCsrfToken method
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit ccaf74ad82e94296ac2305792d8845bac887a395
Author: Juan Pablo Santos RodrÃguez <ju...@gmail.com>
AuthorDate: Tue Jul 12 22:48:43 2022 +0200
Session gets new antiCsrfToken method
---
jspwiki-api/src/main/java/org/apache/wiki/api/core/Session.java | 6 ++++++
jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java | 9 +++++++++
2 files changed, 15 insertions(+)
diff --git a/jspwiki-api/src/main/java/org/apache/wiki/api/core/Session.java b/jspwiki-api/src/main/java/org/apache/wiki/api/core/Session.java
index 8a608609a..1a8eae6d5 100644
--- a/jspwiki-api/src/main/java/org/apache/wiki/api/core/Session.java
+++ b/jspwiki-api/src/main/java/org/apache/wiki/api/core/Session.java
@@ -123,6 +123,12 @@ public interface Session extends WikiEventListener {
*/
Principal getUserPrincipal();
+ /**
+ * Returns the CSRF protection Token associated with this wiki session.
+ * @return the CSRF protection Token associated with this wiki session.
+ */
+ String antiCsrfToken();
+
/**
* Returns a cached Locale object for this user. It's better to use WikiContext's corresponding getBundle() method, since that
* will actually react if the user changes the locale in the middle, but if that's not available (or, for some reason, you need
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java b/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java
index 5be350b19..057adab59 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java
@@ -49,6 +49,7 @@ import java.util.LinkedHashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
+import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
@@ -73,6 +74,7 @@ public class WikiSession implements Session {
/** The Engine that created this session. */
private Engine m_engine;
+ private String antiCsrfToken;
private String m_status = ANONYMOUS;
private Principal m_userPrincipal = WikiPrincipal.GUEST;
@@ -147,6 +149,12 @@ public class WikiSession implements Session {
return m_userPrincipal;
}
+ /** {@inheritDoc} */
+ @Override
+ public String antiCsrfToken() {
+ return antiCsrfToken;
+ }
+
/** {@inheritDoc} */
@Override
public Locale getLocale() {
@@ -513,6 +521,7 @@ public class WikiSession implements Session {
final WikiSession session = new WikiSession();
session.m_engine = engine;
session.invalidate();
+ session.antiCsrfToken = UUID.randomUUID().toString();
// Add the session as listener for GroupManager, AuthManager, UserManager events
final GroupManager groupMgr = engine.getManager( GroupManager.class );