myfaces-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lof...@apache.org
Subject svn commit: r1068432 - /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/SecretSessionListener.java
Date Tue, 08 Feb 2011 14:57:00 GMT
Author: lofwyr
Date: Tue Feb  8 14:57:00 2011
New Revision: 1068432

URL: http://svn.apache.org/viewvc?rev=1068432&view=rev
Log:
TOBAGO-972: Implement a session secret to protect against cross-side request forgery (CSRF/XSRF)
- fix: a session creation may happen outside from JSF 

Modified:
    myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/SecretSessionListener.java

Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/SecretSessionListener.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/SecretSessionListener.java?rev=1068432&r1=1068431&r2=1068432&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/SecretSessionListener.java
(original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/SecretSessionListener.java
Tue Feb  8 14:57:00 2011
@@ -19,14 +19,14 @@ package org.apache.myfaces.tobago.webapp
 
 import org.apache.myfaces.tobago.config.TobagoConfig;
 
-import javax.faces.context.FacesContext;
 import javax.servlet.http.HttpSessionEvent;
 import javax.servlet.http.HttpSessionListener;
 
 public class SecretSessionListener implements HttpSessionListener {
 
   public void sessionCreated(HttpSessionEvent sessionEvent) {
-    if (TobagoConfig.getInstance(FacesContext.getCurrentInstance()).isCheckSessionSecret())
{
+    // a session creation may happen outside from JSF 
+    if (TobagoConfig.getInstance(sessionEvent.getSession().getServletContext()).isCheckSessionSecret())
{
       Secret.create(sessionEvent.getSession());
     }
   }



Mime
View raw message