Repository: ignite Updated Branches: refs/heads/ignite-8201 3316080a6 -> bc20f7827
IGNITE-8201 Added check for token len. Project: http://git-wip-us.apache.org/repos/asf/ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/bc20f782 Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/bc20f782 Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/bc20f782 Branch: refs/heads/ignite-8201 Commit: bc20f78270591eac5661db85018c07a83c5cb28b Parents: 3316080 Author: Alexey Kuznetsov <akuznet...@apache.org> Authored: Thu Apr 12 14:56:48 2018 +0700 Committer: Alexey Kuznetsov <akuznet...@apache.org> Committed: Thu Apr 12 14:56:48 2018 +0700 ---------------------------------------------------------------------- .../rest/protocols/http/jetty/GridJettyRestHandler.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ignite/blob/bc20f782/modules/rest-http/src/main/java/org/apache/ignite/internal/processors/rest/protocols/http/jetty/GridJettyRestHandler.java ---------------------------------------------------------------------- diff --git a/modules/rest-http/src/main/java/org/apache/ignite/internal/processors/rest/protocols/http/jetty/GridJettyRestHandler.java b/modules/rest-http/src/main/java/org/apache/ignite/internal/processors/rest/protocols/http/jetty/GridJettyRestHandler.java index 1afdae1..99a8844 100644 --- a/modules/rest-http/src/main/java/org/apache/ignite/internal/processors/rest/protocols/http/jetty/GridJettyRestHandler.java +++ b/modules/rest-http/src/main/java/org/apache/ignite/internal/processors/rest/protocols/http/jetty/GridJettyRestHandler.java @@ -879,8 +879,13 @@ public class GridJettyRestHandler extends AbstractHandler { String sesTokStr = (String)params.get("sessionToken"); try { - if (sesTokStr != null) - restReq.sessionToken(U.hexString2ByteArray(sesTokStr)); + if (sesTokStr != null) { + // Token is a UUID encoded as 16 bytes as HEX. + byte[] bytes = U.hexString2ByteArray(sesTokStr); + + if (bytes.length == 16) + restReq.sessionToken(bytes); + } } catch (IllegalArgumentException ignored) { // Ignore invalid session token.