[ofbiz-framework] branch trunk updated: Improved: Prevent recurring errors block due to generateTokenForNonAjax

Mon, 27 Apr 2020 03:36:47 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new faf2827  Improved: Prevent recurring errors block due to 
generateTokenForNonAjax
faf2827 is described below

commit faf2827e67538854439cdd6c01a179a845a490d1
Author: Jacques Le Roux <[email protected]>
AuthorDate: Mon Apr 27 12:36:17 2020 +0200

    Improved: Prevent recurring errors block due to generateTokenForNonAjax
    
    (OFBIZ-11609)
    
    Fixes the if(test): toString() is not the same than getCanonicalName()
    
    Also while at it, in case of exception, uses NoCsrfDefenseStrategy as 
default
---
 .../src/main/java/org/apache/ofbiz/security/CsrfUtil.java         | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git 
a/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java 
b/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
index 06be440..8371df1 100644
--- a/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
+++ b/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
@@ -49,6 +49,7 @@ public final class CsrfUtil {
     private static String tokenNameNonAjax = 
UtilProperties.getPropertyValue("security", "csrf.tokenName.nonAjax",
             "csrf");
     private static ICsrfDefenseStrategy strategy;
+    private static String strategyCanonicalName;
     private static int cacheSize = (int) Long
             .parseLong(UtilProperties.getPropertyValue("security", 
"csrf.cache.size", "5000"));
     private static LinkedHashMap<String, Map<String, Map<String, String>>> 
csrfTokenCache =
@@ -68,10 +69,11 @@ public final class CsrfUtil {
             String className = UtilProperties.getPropertyValue("security", 
"csrf.defense.strategy",
                     NoCsrfDefenseStrategy.class.getCanonicalName());
             Class<?> c = Class.forName(className);
-            setStrategy((ICsrfDefenseStrategy) c.newInstance());
+            strategyCanonicalName = c.getCanonicalName();
+            setStrategy((ICsrfDefenseStrategy)c.newInstance());
         } catch (Exception e) {
             Debug.logError(e, MODULE);
-            setStrategy(new CsrfDefenseStrategy());
+            setStrategy(new NoCsrfDefenseStrategy());
         }
     }
 
@@ -199,7 +201,7 @@ public final class CsrfUtil {
             requestMap = findRequestMap(requestMapMap, pathOrRequestUri);
         }
         if (requestMap == null) {
-            if 
(!"org.apache.ofbiz.security.NoCsrfDefenseStrategy".equals(getStrategy().toString()))
 {
+            if 
(!"org.apache.ofbiz.security.NoCsrfDefenseStrategy".equals(strategyCanonicalName))
 {
                 Debug.logWarning("Cannot find the corresponding request map 
for path: " + pathOrRequestUri, MODULE);
             }
         }

Reply via email to