[ofbiz-framework] branch trunk updated: Improved: Prevent recurring errors block due to generateTokenForNonAjax

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new faf2827  Improved: Prevent recurring errors block due to generateTokenForNonAjax
faf2827 is described below

commit faf2827e67538854439cdd6c01a179a845a490d1
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Mon Apr 27 12:36:17 2020 +0200

    Improved: Prevent recurring errors block due to generateTokenForNonAjax
   
    (OFBIZ-11609)
   
    Fixes the if(test): toString() is not the same than getCanonicalName()
   
    Also while at it, in case of exception, uses NoCsrfDefenseStrategy as default
---
 .../src/main/java/org/apache/ofbiz/security/CsrfUtil.java         | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java b/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
index 06be440..8371df1 100644
--- a/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
+++ b/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
@@ -49,6 +49,7 @@ public final class CsrfUtil {
     private static String tokenNameNonAjax = UtilProperties.getPropertyValue("security", "csrf.tokenName.nonAjax",
             "csrf");
     private static ICsrfDefenseStrategy strategy;
+    private static String strategyCanonicalName;
     private static int cacheSize = (int) Long
             .parseLong(UtilProperties.getPropertyValue("security", "csrf.cache.size", "5000"));
     private static LinkedHashMap<String, Map<String, Map<String, String>>> csrfTokenCache =
@@ -68,10 +69,11 @@ public final class CsrfUtil {
             String className = UtilProperties.getPropertyValue("security", "csrf.defense.strategy",
                     NoCsrfDefenseStrategy.class.getCanonicalName());
             Class<?> c = Class.forName(className);
-            setStrategy((ICsrfDefenseStrategy) c.newInstance());
+            strategyCanonicalName = c.getCanonicalName();
+            setStrategy((ICsrfDefenseStrategy)c.newInstance());
         } catch (Exception e) {
             Debug.logError(e, MODULE);
-            setStrategy(new CsrfDefenseStrategy());
+            setStrategy(new NoCsrfDefenseStrategy());
         }
     }
 
@@ -199,7 +201,7 @@ public final class CsrfUtil {
             requestMap = findRequestMap(requestMapMap, pathOrRequestUri);
         }
         if (requestMap == null) {
-            if (!"org.apache.ofbiz.security.NoCsrfDefenseStrategy".equals(getStrategy().toString())) {
+            if (!"org.apache.ofbiz.security.NoCsrfDefenseStrategy".equals(strategyCanonicalName)) {
                 Debug.logWarning("Cannot find the corresponding request map for path: " + pathOrRequestUri, MODULE);
             }
         }