summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArtur Signell <artur@vaadin.com>2013-04-26 17:03:45 +0300
committerArtur Signell <artur@vaadin.com>2013-04-26 19:42:57 +0300
commite847b21f2b0b202258911b7425645e46b3816ee1 (patch)
treefeda4721f883e9ea695fe38959aa8bb353da0df0
parentac6f3564c9af080af8d80dd01404909234ecd051 (diff)
downloadvaadin-framework-e847b21f2b0b202258911b7425645e46b3816ee1.tar.gz
vaadin-framework-e847b21f2b0b202258911b7425645e46b3816ee1.zip
Fixed refresh after invalid CSRF has been received (#11635)
Change-Id: I10648c5b375efc09d3d20ffe0a620ddf01675bc1
-rw-r--r--server/src/com/vaadin/server/communication/PushHandler.java28
1 files changed, 21 insertions, 7 deletions
diff --git a/server/src/com/vaadin/server/communication/PushHandler.java b/server/src/com/vaadin/server/communication/PushHandler.java
index 387608a140..c2b0f36e2a 100644
--- a/server/src/com/vaadin/server/communication/PushHandler.java
+++ b/server/src/com/vaadin/server/communication/PushHandler.java
@@ -94,10 +94,7 @@ public class PushHandler implements AtmosphereHandler {
resource.getRequest().getRemoteHost());
// Refresh on client side, create connection just for
// sending a message
- AtmospherePushConnection connection = new AtmospherePushConnection(
- ui);
- connection.connect(resource);
- sendRefresh(connection);
+ sendRefreshAndDisconnect(resource);
return;
}
@@ -144,13 +141,13 @@ public class PushHandler implements AtmosphereHandler {
getLogger().log(Level.SEVERE, "Error writing JSON to response",
e);
// Refresh on client side
- sendRefresh(connection);
+ sendRefreshAndDisconnect(resource);
} catch (InvalidUIDLSecurityKeyException e) {
getLogger().log(Level.WARNING,
"Invalid security key received from {0}",
resource.getRequest().getRemoteHost());
// Refresh on client side
- sendRefresh(connection);
+ sendRefreshAndDisconnect(resource);
}
}
};
@@ -349,9 +346,26 @@ public class PushHandler implements AtmosphereHandler {
public void destroy() {
}
- private static void sendRefresh(AtmospherePushConnection connection) {
+ /**
+ * Sends a refresh message to the given atmosphere resource. Uses an
+ * AtmosphereResource instead of an AtmospherePushConnection even though it
+ * might be possible to look up the AtmospherePushConnection from the UI to
+ * ensure border cases work correctly, especially when there temporarily are
+ * two push connections which try to use the same UI. Using the
+ * AtmosphereResource directly guarantees the message goes to the correct
+ * recipient.
+ *
+ * @param resource
+ * The atmosphere resource to send refresh to
+ *
+ */
+ private static void sendRefreshAndDisconnect(AtmosphereResource resource)
+ throws IOException {
+ AtmospherePushConnection connection = new AtmospherePushConnection(null);
+ connection.connect(resource);
connection.sendMessage(VaadinService.createCriticalNotificationJSON(
null, null, null, null));
+ connection.disconnect();
}
private static final Logger getLogger() {