All Downloads are FREE. Search and download functionalities are using the official Maven repository.

nz.co.katatech.springboot.security.stateless.csrf.AbstractXSRFPreventionHttpServletBinder Maven / Gradle / Ivy

Go to download

Stateless security using JWT token. Includes stateless CSRF protection, integration OAuth2SSO

There is a newer version: 1.2
Show newest version
package nz.co.katatech.springboot.security.stateless.csrf;

import com.google.common.collect.ImmutableList;
import nz.co.katatech.springboot.security.stateless.HttpServletBinder;
import org.springframework.security.core.Authentication;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;


public abstract class  AbstractXSRFPreventionHttpServletBinder implements HttpServletBinder {

    private final List protectedMethods;
    private final HttpServletBinder delegate;

    public AbstractXSRFPreventionHttpServletBinder( List protectedMethods, HttpServletBinder delegate ) {
        this.protectedMethods = protectedMethods;
        this.delegate = delegate;
    }

    public AbstractXSRFPreventionHttpServletBinder( HttpServletBinder delegate ) {
        this( ImmutableList.of( "POST", "PATCH", "PUT", "DELETE" ), delegate );
    }

    @Override
    public Authentication retrieve( HttpServletRequest request ) {
        if ( requirePrevention( request.getMethod() ) && !isValidRequest( request ) ) {
            return null;
        }

        return delegate.retrieve( request );
    }

    private boolean requirePrevention( String method ) {
        return protectedMethods.contains( method );
    }

    @Override
    public void bind( HttpServletResponse response, Authentication authentication ) {
        delegate.bind( response, authentication );
    }

    protected abstract boolean isValidRequest( HttpServletRequest request );
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy