Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create the CSRF token on the bounded elactic scheduler 

The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
This commit is contained in:
cbornet 2020-05-15 15:46:39 +02:00 committed by Rob Winch
parent 1e211b6558
commit bfb401eeed
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
View File

@ -18,6 +18,7 @@ package org.springframework.security.web.server.csrf;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono; import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
@ -48,7 +49,9 @@ public class WebSessionServerCsrfTokenRepository
@Override @Override
public Mono<CsrfToken> generateToken(ServerWebExchange exchange) { public Mono<CsrfToken> generateToken(ServerWebExchange exchange) {
return Mono.fromCallable(() -> createCsrfToken()); return Mono.just(exchange)
.publishOn(Schedulers.boundedElastic())
.fromCallable(() -> createCsrfToken());
} }
@Override @Override