derkoe
commented
5 years ago - Increment version to 2.0.0-SNAPSHOT
- Change to Java 8
- Change to Tapestry 5.4.4
- Use Spring Security Web 5.1.5.RELEASE
Closed derkoe closed 4 years ago
derkoe
commented
5 years ago 
laetitiala
commented
5 years ago Seems ok. The only missing part from my pullRequest is the modification made in src/main/java/at/porscheinformatik/tapestry/csrfprotection/services/CsrfProtectionModule.java in method buildCsrfTokenRepository(ObjectLocator objectLocator) needed to use the CsrfTokenRepository made by Spring. ` public static CsrfTokenRepository buildCsrfTokenRepository(ObjectLocator objectLocator) {
Class<?> springCsrfTokenRepositoryClass = null;
try
{
springCsrfTokenRepositoryClass = Class.forName("org.springframework.security.web.csrf.CsrfTokenRepository");
}
catch (ClassNotFoundException e)
{
logger.debug("Spring CsrfTokenRepository not found in classpath");
}
if (springCsrfTokenRepositoryClass != null) {
Object o = null;
try {
o = objectLocator.getService(springCsrfTokenRepositoryClass);
} catch (Exception e){
logger.warn("Error looking up Spring CsrfTokenRepository Service", e);
}
if (o != null) {
logger.debug("Using Spring CsrfTokenRepository Service");
return objectLocator.autobuild(SpringCsrfTokenRepository.class);
}
}
logger.debug("Using SessionCsrfTokenRepository Service");
return objectLocator.autobuild(SessionCsrfTokenRepository.class);
}`
derkoe
commented
5 years ago Seems ok. The only missing part from my pullRequest is the modification made in src/main/java/at/porscheinformatik/tapestry/csrfprotection/services/CsrfProtectionModule.java in method buildCsrfTokenRepository(ObjectLocator objectLocator) needed to use the CsrfTokenRepository made by Spring.
I was not sure why you've changed that. The current implentation with objectlocation.proxy should work.
laetitiala
commented
5 years ago The current implementation (objectlocation.proxy) will create a new CsrfTokenRepository, instead of using the existing one created by Spring (if present).