This is an automated email from the ASF dual-hosted git repository. juanpablo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit ccaf74ad82e94296ac2305792d8845bac887a395 Author: Juan Pablo Santos RodrÃguez <[email protected]> AuthorDate: Tue Jul 12 22:48:43 2022 +0200 Session gets new antiCsrfToken method --- jspwiki-api/src/main/java/org/apache/wiki/api/core/Session.java | 6 ++++++ jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java | 9 +++++++++ 2 files changed, 15 insertions(+) diff --git a/jspwiki-api/src/main/java/org/apache/wiki/api/core/Session.java b/jspwiki-api/src/main/java/org/apache/wiki/api/core/Session.java index 8a608609a..1a8eae6d5 100644 --- a/jspwiki-api/src/main/java/org/apache/wiki/api/core/Session.java +++ b/jspwiki-api/src/main/java/org/apache/wiki/api/core/Session.java @@ -123,6 +123,12 @@ public interface Session extends WikiEventListener { */ Principal getUserPrincipal(); + /** + * Returns the CSRF protection Token associated with this wiki session. + * @return the CSRF protection Token associated with this wiki session. + */ + String antiCsrfToken(); + /** * Returns a cached Locale object for this user. It's better to use WikiContext's corresponding getBundle() method, since that * will actually react if the user changes the locale in the middle, but if that's not available (or, for some reason, you need diff --git a/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java b/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java index 5be350b19..057adab59 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java @@ -49,6 +49,7 @@ import java.util.LinkedHashSet; import java.util.Locale; import java.util.Map; import java.util.Set; +import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; @@ -73,6 +74,7 @@ public class WikiSession implements Session { /** The Engine that created this session. */ private Engine m_engine; + private String antiCsrfToken; private String m_status = ANONYMOUS; private Principal m_userPrincipal = WikiPrincipal.GUEST; @@ -147,6 +149,12 @@ public class WikiSession implements Session { return m_userPrincipal; } + /** {@inheritDoc} */ + @Override + public String antiCsrfToken() { + return antiCsrfToken; + } + /** {@inheritDoc} */ @Override public Locale getLocale() { @@ -513,6 +521,7 @@ public class WikiSession implements Session { final WikiSession session = new WikiSession(); session.m_engine = engine; session.invalidate(); + session.antiCsrfToken = UUID.randomUUID().toString(); // Add the session as listener for GroupManager, AuthManager, UserManager events final GroupManager groupMgr = engine.getManager( GroupManager.class );
