import org.cacert.gigi.output.Menu;
import org.cacert.gigi.output.MenuItem;
import org.cacert.gigi.output.Outputable;
-import org.cacert.gigi.output.Form.CSRFError;
+import org.cacert.gigi.output.Form.CSRFException;
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.pages.LoginPage;
import org.cacert.gigi.pages.MainPage;
} else {
p.doGet(req, resp);
}
- } catch (IOException e) {
- e.printStackTrace();
- } catch (CSRFError err) {
+ } catch (CSRFException err) {
try {
resp.sendError(500, "CSRF invalid");
} catch (IOException e) {
e.printStackTrace();
}
+ } catch (IOException e) {
+ e.printStackTrace();
}
}
package org.cacert.gigi.output;
+import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
return csrf;
}
- protected void checkCSRF(HttpServletRequest req) {
- if (!csrf.equals(req.getParameter(CSRF_FIELD))) {
- throw new CSRFError();
- }
- }
-
- public static <T extends Form> T getForm(HttpServletRequest req, Class<T> target) {
+ public static <T extends Form> T getForm(HttpServletRequest req, Class<T> target) throws CSRFException {
String csrf = req.getParameter(CSRF_FIELD);
if (csrf == null) {
- throw new CSRFError();
+ throw new CSRFException();
}
HttpSession hs = req.getSession();
if (hs == null) {
- throw new CSRFError();
+ throw new CSRFException();
}
Form f = (Form) hs.getAttribute("form/" + target.getName() + "/" + csrf);
if (f == null) {
- throw new CSRFError();
+ throw new CSRFException();
}
return (T) f;
}
- public static class CSRFError extends Error {
+ public static class CSRFException extends IOException {
}
}