*/
public ObjectSession getVerifiedSession(HttpServletRequest req)
throws InvalidSecurityTokenException, XsrfTokenExpiredException {
String rawSessionString = AbstractHandler.requireParameter(req, Params.SESSION);
log.info("Parsing and verifying signed session " + rawSessionString);
SignedObjectSessionGsonImpl signedSession;
try {
signedSession = GsonProto.fromGson(
new SignedObjectSessionGsonImpl(), rawSessionString);
} catch (MessageException e) {
throw new BadRequestException("Failed to parse signed session", e);
}
xsrfHelper.verify(makeAction(signedSession.getSession()), signedSession.getSignature());
return objectSessionFromProto(signedSession.getSession());
}