Create the CSRF token on the bounded elactic scheduler

The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
This commit is contained in:
cbornet 2020-05-15 15:46:39 +02:00 committed by Rob Winch
parent 9f33ce312a
commit 21c1d98f64
1 changed files with 4 additions and 1 deletions

View File

@ -18,6 +18,7 @@ package org.springframework.security.web.server.csrf;
import org.springframework.util.Assert;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
@ -48,7 +49,9 @@ public class WebSessionServerCsrfTokenRepository
@Override
public Mono<CsrfToken> generateToken(ServerWebExchange exchange) {
return Mono.fromCallable(() -> createCsrfToken());
return Mono.just(exchange)
.publishOn(Schedulers.boundedElastic())
.fromCallable(() -> createCsrfToken());
}
@Override