diff options
author | Artur Signell <artur@vaadin.com> | 2013-04-26 17:03:45 +0300 |
---|---|---|
committer | Artur Signell <artur@vaadin.com> | 2013-04-26 19:42:57 +0300 |
commit | e847b21f2b0b202258911b7425645e46b3816ee1 (patch) | |
tree | feda4721f883e9ea695fe38959aa8bb353da0df0 | |
parent | ac6f3564c9af080af8d80dd01404909234ecd051 (diff) | |
download | vaadin-framework-e847b21f2b0b202258911b7425645e46b3816ee1.tar.gz vaadin-framework-e847b21f2b0b202258911b7425645e46b3816ee1.zip |
Fixed refresh after invalid CSRF has been received (#11635)
Change-Id: I10648c5b375efc09d3d20ffe0a620ddf01675bc1
-rw-r--r-- | server/src/com/vaadin/server/communication/PushHandler.java | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/server/src/com/vaadin/server/communication/PushHandler.java b/server/src/com/vaadin/server/communication/PushHandler.java index 387608a140..c2b0f36e2a 100644 --- a/server/src/com/vaadin/server/communication/PushHandler.java +++ b/server/src/com/vaadin/server/communication/PushHandler.java @@ -94,10 +94,7 @@ public class PushHandler implements AtmosphereHandler { resource.getRequest().getRemoteHost()); // Refresh on client side, create connection just for // sending a message - AtmospherePushConnection connection = new AtmospherePushConnection( - ui); - connection.connect(resource); - sendRefresh(connection); + sendRefreshAndDisconnect(resource); return; } @@ -144,13 +141,13 @@ public class PushHandler implements AtmosphereHandler { getLogger().log(Level.SEVERE, "Error writing JSON to response", e); // Refresh on client side - sendRefresh(connection); + sendRefreshAndDisconnect(resource); } catch (InvalidUIDLSecurityKeyException e) { getLogger().log(Level.WARNING, "Invalid security key received from {0}", resource.getRequest().getRemoteHost()); // Refresh on client side - sendRefresh(connection); + sendRefreshAndDisconnect(resource); } } }; @@ -349,9 +346,26 @@ public class PushHandler implements AtmosphereHandler { public void destroy() { } - private static void sendRefresh(AtmospherePushConnection connection) { + /** + * Sends a refresh message to the given atmosphere resource. Uses an + * AtmosphereResource instead of an AtmospherePushConnection even though it + * might be possible to look up the AtmospherePushConnection from the UI to + * ensure border cases work correctly, especially when there temporarily are + * two push connections which try to use the same UI. Using the + * AtmosphereResource directly guarantees the message goes to the correct + * recipient. + * + * @param resource + * The atmosphere resource to send refresh to + * + */ + private static void sendRefreshAndDisconnect(AtmosphereResource resource) + throws IOException { + AtmospherePushConnection connection = new AtmospherePushConnection(null); + connection.connect(resource); connection.sendMessage(VaadinService.createCriticalNotificationJSON( null, null, null, null)); + connection.disconnect(); } private static final Logger getLogger() { |