Create the CSRF token on the bounded elactic scheduler
The CSRF token is created with a call to UUID.randomUUID which is blocking. This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls. Fixes gh-8128
This commit is contained in:
parent
9f33ce312a
commit
21c1d98f64
|
@ -18,6 +18,7 @@ package org.springframework.security.web.server.csrf;
|
|||
import org.springframework.util.Assert;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
import reactor.core.publisher.Mono;
|
||||
import reactor.core.scheduler.Schedulers;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
@ -48,7 +49,9 @@ public class WebSessionServerCsrfTokenRepository
|
|||
|
||||
@Override
|
||||
public Mono<CsrfToken> generateToken(ServerWebExchange exchange) {
|
||||
return Mono.fromCallable(() -> createCsrfToken());
|
||||
return Mono.just(exchange)
|
||||
.publishOn(Schedulers.boundedElastic())
|
||||
.fromCallable(() -> createCsrfToken());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
Loading…
Reference in New Issue