Convert CSRF-Problems to Exceptions.

[gigi.git] / src / org / cacert / gigi / output / Form.java

diff --git a/src/org/cacert/gigi/output/Form.java b/src/org/cacert/gigi/output/Form.java
index 2ffb873171216efa91148d7798ab3b69e7029638..dd244d749afc36077bc49e55b5813268b17ddf4c 100644 (file)
--- a/src/org/cacert/gigi/output/Form.java
+++ b/src/org/cacert/gigi/output/Form.java
@@ -1,5 +1,6 @@
 package org.cacert.gigi.output;
 
+import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.Map;
 
@@ -45,29 +46,23 @@ public abstract class Form implements Outputable {
                return csrf;
        }
 
-       protected void checkCSRF(HttpServletRequest req) {
-               if (!csrf.equals(req.getParameter(CSRF_FIELD))) {
-                       throw new CSRFError();
-               }
-       }
-
-       public static <T extends Form> T getForm(HttpServletRequest req, Class<T> target) {
+       public static <T extends Form> T getForm(HttpServletRequest req, Class<T> target) throws CSRFException {
                String csrf = req.getParameter(CSRF_FIELD);
                if (csrf == null) {
-                       throw new CSRFError();
+                       throw new CSRFException();
                }
                HttpSession hs = req.getSession();
                if (hs == null) {
-                       throw new CSRFError();
+                       throw new CSRFException();
                }
                Form f = (Form) hs.getAttribute("form/" + target.getName() + "/" + csrf);
                if (f == null) {
-                       throw new CSRFError();
+                       throw new CSRFException();
                }
                return (T) f;
        }
 
-       public static class CSRFError extends Error {
+       public static class CSRFException extends IOException {
 
        }
 }