• Home
• org.rythmengine
• spring-rythm
• 1.0
• source code
• Csrf.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.rythmengine.spring.web.Csrf Maven / Gradle / Ivy

package org.rythmengine.spring.web;

import org.rythmengine.utils.S;

import javax.servlet.http.HttpSession;
import java.util.UUID;

/**
 * Created by luog on 6/12/13.
 */
public class Csrf {
    public static final String DEFAULT_PARAMETER_NAME = "__csrf";
    public static final String DEFAULT_HEADER_NAME = "__csrf";
    public static final String SESSION_KEY = "__rythm_csrf";

    public final String parameterName;
    public final String headerName;
    public final String value;

    public Csrf(String parameterName, String headerName) {
        if (S.empty(parameterName)) {
            parameterName = DEFAULT_PARAMETER_NAME;
        }
        this.parameterName = parameterName;
        if (S.empty(headerName)) {
            headerName = DEFAULT_HEADER_NAME;
        }
        this.headerName = headerName;
        this.value = Session.current().getAuthenticityToken();
    }

    public Csrf(String parameterName, String headerName, HttpSession session) {
        if (S.empty(parameterName)) {
            parameterName = DEFAULT_PARAMETER_NAME;
        }
        this.parameterName = parameterName;
        if (S.empty(headerName)) {
            headerName = DEFAULT_HEADER_NAME;
        }
        this.headerName = headerName;
        String s = (String)session.getAttribute(SESSION_KEY);
        if (null == s) {
            s = UUID.randomUUID().toString();
            session.setAttribute(SESSION_KEY, s);
        }
        this.value = s;
    }

    public boolean check(String token) {
        return S.eq(token, value);
    }

    public void addToSession(HttpSession session) {
        session.setAttribute(SESSION_KEY, value);
    }

}