Skip to content

Commit c0154f2

Browse files
cbornetrwinch
cbornet
authored and
rwinch
committed
Create the CSRF token on the bounded elactic scheduler
The CSRF token is created with a call to UUID.randomUUID which is blocking. This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls. Fixes gh-8128
1 parent cea2b55 commit c0154f2

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
import org.springframework.util.Assert;
1919
import org.springframework.web.server.ServerWebExchange;
2020
import reactor.core.publisher.Mono;
21+
import reactor.core.scheduler.Schedulers;
2122

2223
import javax.servlet.http.HttpServletRequest;
2324
import javax.servlet.http.HttpSession;
@@ -48,7 +49,9 @@ public class WebSessionServerCsrfTokenRepository
4849

4950
@Override
5051
public Mono<CsrfToken> generateToken(ServerWebExchange exchange) {
51-
return Mono.fromCallable(() -> createCsrfToken());
52+
return Mono.just(exchange)
53+
.publishOn(Schedulers.boundedElastic())
54+
.fromCallable(() -> createCsrfToken());
5255
}
5356

5457
@Override

0 commit comments

Comments
 (0)