Package com.google.walkaround.wave.server.auth

Source Code of com.google.walkaround.wave.server.auth.XsrfHelper$XsrfTokenExpiredException

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
/*
* Copyright 2011 Google Inc. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.google.walkaround.wave.server.auth;

import com.google.common.base.Preconditions;
import com.google.inject.Inject;
import com.google.walkaround.util.server.auth.InvalidSecurityTokenException;
import com.google.walkaround.util.server.auth.SecurityTokenHelper;
import com.google.walkaround.util.server.servlet.BadRequestException;
import com.google.walkaround.wave.server.Flag;
import com.google.walkaround.wave.server.FlagName;

import java.util.logging.Logger;

/**
* Utility for creating and verifying XSRF tokens.
*
* @author ohler@google.com (Christian Ohler)
* @author danilatos@google.com (Daniel Danilatos)
*/
public class XsrfHelper {

  @SuppressWarnings("unused")
  private static final Logger log = Logger.getLogger(XsrfHelper.class.getName());

  public static class XsrfTokenExpiredException extends Exception {
    private static final long serialVersionUID = 467064784131563198L;

    public XsrfTokenExpiredException() {
    }

    public XsrfTokenExpiredException(String message) {
      super(message);
    }

    public XsrfTokenExpiredException(Throwable cause) {
      super(cause);
    }

    public XsrfTokenExpiredException(String message, Throwable cause) {
      super(message, cause);
    }
  }

  private final SecurityTokenHelper helper;
  private final long expiryMs;
  private final StableUserId userId;

  @Inject
  public XsrfHelper(SecurityTokenHelper helper,
      @Flag(FlagName.XSRF_TOKEN_EXPIRY_SECONDS) int expirySeconds,
      StableUserId userId) {
    Preconditions.checkArgument(!userId.getId().contains(" "),
        "userId contains spaces: %s", userId);
    this.helper = helper;
    this.expiryMs = expirySeconds * 1000;
    this.userId = userId;
  }

  private String makeHiddenPart(String action) {
    return userId.getId() + " " + action;
  }

  public String createToken(String action) {
    long timestamp = System.currentTimeMillis();
    return helper.createToken(makeHiddenPart(action), "" + timestamp);
  }

  /**
   * Verifies the token matches the current user and action and has not expired.
   */
  public void verify(String action, String token)
      throws XsrfTokenExpiredException, InvalidSecurityTokenException {
    String visiblePart = helper.verifyAndGetVisiblePart(makeHiddenPart(action), token);
    long tokenTime;
    try {
      tokenTime = Long.parseLong(visiblePart);
    } catch (NumberFormatException e) {
      throw new BadRequestException(e);
    }

    if (tokenTime + expiryMs < System.currentTimeMillis()) {
      throw new XsrfTokenExpiredException("Token expired: " + action + ", " + userId
          + ", " + token);
    }
  }

}
TOP

Related Classes of com.google.walkaround.wave.server.auth.XsrfHelper$XsrfTokenExpiredException

  • com.google.walkaround.util.server.servlet.BadRequestException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.