GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Create the CSRF token on the bounded elactic scheduler 

The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
pull/8721/head
cbornet 6 years ago committed by Rob Winch
parent
66f923dab7
commit
e21ef422e7
1 changed files with 4 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java

5
web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
Unescape View File

@ -18,6 +18,7 @@ package org.springframework.security.web.server.csrf; @@ -18,6 +18,7 @@ package org.springframework.security.web.server.csrf;
import org.springframework.util.Assert;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
@ -48,7 +49,9 @@ public class WebSessionServerCsrfTokenRepository @@ -48,7 +49,9 @@ public class WebSessionServerCsrfTokenRepository
@Override
public Mono<CsrfToken> generateToken(ServerWebExchange exchange) {
return Mono.fromCallable(() -> createCsrfToken());
return Mono.just(exchange)
.publishOn(Schedulers.boundedElastic())
.fromCallable(() -> createCsrfToken());
}
@Override

Write Preview
Loading…
Cancel
Save