From e847b21f2b0b202258911b7425645e46b3816ee1 Mon Sep 17 00:00:00 2001 From: Artur Signell Date: Fri, 26 Apr 2013 17:03:45 +0300 Subject: Fixed refresh after invalid CSRF has been received (#11635) Change-Id: I10648c5b375efc09d3d20ffe0a620ddf01675bc1 --- .../vaadin/server/communication/PushHandler.java | 28 ++++++++++++++++------ 1 file changed, 21 insertions(+), 7 deletions(-) (limited to 'server/src/com/vaadin') diff --git a/server/src/com/vaadin/server/communication/PushHandler.java b/server/src/com/vaadin/server/communication/PushHandler.java index 387608a140..c2b0f36e2a 100644 --- a/server/src/com/vaadin/server/communication/PushHandler.java +++ b/server/src/com/vaadin/server/communication/PushHandler.java @@ -94,10 +94,7 @@ public class PushHandler implements AtmosphereHandler { resource.getRequest().getRemoteHost()); // Refresh on client side, create connection just for // sending a message - AtmospherePushConnection connection = new AtmospherePushConnection( - ui); - connection.connect(resource); - sendRefresh(connection); + sendRefreshAndDisconnect(resource); return; } @@ -144,13 +141,13 @@ public class PushHandler implements AtmosphereHandler { getLogger().log(Level.SEVERE, "Error writing JSON to response", e); // Refresh on client side - sendRefresh(connection); + sendRefreshAndDisconnect(resource); } catch (InvalidUIDLSecurityKeyException e) { getLogger().log(Level.WARNING, "Invalid security key received from {0}", resource.getRequest().getRemoteHost()); // Refresh on client side - sendRefresh(connection); + sendRefreshAndDisconnect(resource); } } }; @@ -349,9 +346,26 @@ public class PushHandler implements AtmosphereHandler { public void destroy() { } - private static void sendRefresh(AtmospherePushConnection connection) { + /** + * Sends a refresh message to the given atmosphere resource. Uses an + * AtmosphereResource instead of an AtmospherePushConnection even though it + * might be possible to look up the AtmospherePushConnection from the UI to + * ensure border cases work correctly, especially when there temporarily are + * two push connections which try to use the same UI. Using the + * AtmosphereResource directly guarantees the message goes to the correct + * recipient. + * + * @param resource + * The atmosphere resource to send refresh to + * + */ + private static void sendRefreshAndDisconnect(AtmosphereResource resource) + throws IOException { + AtmospherePushConnection connection = new AtmospherePushConnection(null); + connection.connect(resource); connection.sendMessage(VaadinService.createCriticalNotificationJSON( null, null, null, null)); + connection.disconnect(); } private static final Logger getLogger() { -- cgit v1.2.3