nz.co.katatech.springboot.security.stateless.csrf.AbstractXSRFPreventionHttpServletBinder Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of spring-stateless-security Show documentation
Show all versions of spring-stateless-security Show documentation
Stateless security using JWT token. Includes stateless CSRF protection, integration OAuth2SSO
package nz.co.katatech.springboot.security.stateless.csrf;
import com.google.common.collect.ImmutableList;
import nz.co.katatech.springboot.security.stateless.HttpServletBinder;
import org.springframework.security.core.Authentication;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;
public abstract class AbstractXSRFPreventionHttpServletBinder implements HttpServletBinder {
private final List protectedMethods;
private final HttpServletBinder delegate;
public AbstractXSRFPreventionHttpServletBinder( List protectedMethods, HttpServletBinder delegate ) {
this.protectedMethods = protectedMethods;
this.delegate = delegate;
}
public AbstractXSRFPreventionHttpServletBinder( HttpServletBinder delegate ) {
this( ImmutableList.of( "POST", "PATCH", "PUT", "DELETE" ), delegate );
}
@Override
public Authentication retrieve( HttpServletRequest request ) {
if ( requirePrevention( request.getMethod() ) && !isValidRequest( request ) ) {
return null;
}
return delegate.retrieve( request );
}
private boolean requirePrevention( String method ) {
return protectedMethods.contains( method );
}
@Override
public void bind( HttpServletResponse response, Authentication authentication ) {
delegate.bind( response, authentication );
}
protected abstract boolean isValidRequest( HttpServletRequest request );
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy