Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-11 16:05:44 +01:00
Code Issues Packages Projects Releases Activity

implemented xsrf protection, see issue #793

Browse Source
This commit is contained in:
Sebastian Sdorra
2016-01-23 22:02:25 +01:00
parent 451cd910a5
commit 488d4e3323
7 changed files with 511 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
View File

@@ -79,9 +79,11 @@ import sonia.scm.util.HttpUtil;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam;
@@ -96,6 +98,7 @@ import javax.ws.rs.core.Response;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import sonia.scm.security.XsrfCookies;
/**
*
@@ -261,6 +264,9 @@ public class AuthenticationResource
public Response logout(@Context HttpServletRequest request,
@Context HttpServletResponse response)
{
// remove xsrf token
XsrfCookies.remove(request, response);
Subject subject = SecurityUtils.getSubject();
subject.logout();