• Home
• org.spincast
• spincast-website
• 1.0.0
• source code
• SpincastFormsCsrfProtectionFilterDefault.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

public.javadoc.org.spincast.plugins.formsprotection.csrf.SpincastFormsCsrfProtectionFilterDefault.html Maven / Gradle / Ivy

Skip navigation links




Overview
Package
Class
Use
Tree
Deprecated
Index
Help

 Spincast Framework Javadoc



Prev Class
Next Class


Frames
No Frames


All Classes






Summary: 
Nested | 
Field | 
Constr | 
Method


Detail: 
Field | 
Constr | 
Method








org.spincast.plugins.formsprotection.csrf
Class SpincastFormsCsrfProtectionFilterDefault



java.lang.Object


org.spincast.plugins.formsprotection.csrf.SpincastFormsCsrfProtectionFilterDefault







All Implemented Interfaces:
SpincastFormsCsrfProtectionFilter




public class SpincastFormsCsrfProtectionFilterDefault
extends Object
implements SpincastFormsCsrfProtectionFilter
CSRF protection filter.
 
 Based on: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet











Field Summary

Fields 

Modifier and Type
Field and Description


protected org.slf4j.Logger
logger 









Constructor Summary

Constructors 

Constructor and Description


SpincastFormsCsrfProtectionFilterDefault(SpincastFormsProtectionConfig spincastFormsProtectionConfig,
                                        SpincastCryptoUtils spincastCryptoUtils,
                                        SpincastSessionManager spincastSessionManager,
                                        SpincastConfig spincastConfig,
                                        Dictionary dictionary) 









Method Summary

All Methods Instance Methods Concrete Methods 

Modifier and Type
Method and Description


protected SpincastCsrfToken
createCsrfToken() 


protected void
csrfDoesntMatchAction(RequestContext<?> context,
                     String message)
What to do when the CSRF is not there or not valid?
 
 By default, throw a PublicException with
 an HTTP status code of HttpStatus.SC_BAD_REQUEST and
 a public message.



SpincastCsrfToken
getCurrentCsrfToken()
Returns the current CSRF token to use 
 Will be taken from the user session by default.



SpincastCsrfToken
getCurrentCsrfToken(boolean createItIfNoneExists) 


protected Dictionary
getDictionary() 


protected SpincastConfig
getSpincastConfig() 


protected SpincastCryptoUtils
getSpincastCryptoUtils() 


protected SpincastFormsProtectionConfig
getSpincastFormsProtectionConfig() 


protected SpincastSessionManager
getSpincastSessionManager() 


void
handle(RequestContext<?> context)
Filter's handle main method.







Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait














Field Detail





logger
protected final org.slf4j.Logger logger









Constructor Detail





SpincastFormsCsrfProtectionFilterDefault
@Inject
public SpincastFormsCsrfProtectionFilterDefault(SpincastFormsProtectionConfig spincastFormsProtectionConfig,
                                                         SpincastCryptoUtils spincastCryptoUtils,
                                                         SpincastSessionManager spincastSessionManager,
                                                         SpincastConfig spincastConfig,
                                                         Dictionary dictionary)









Method Detail





getSpincastFormsProtectionConfig
protected SpincastFormsProtectionConfig getSpincastFormsProtectionConfig()







getSpincastCryptoUtils
protected SpincastCryptoUtils getSpincastCryptoUtils()







getSpincastSessionManager
protected SpincastSessionManager getSpincastSessionManager()







getSpincastConfig
protected SpincastConfig getSpincastConfig()







getDictionary
protected Dictionary getDictionary()







handle
public void handle(RequestContext<?> context)
            throws FormInvalidOriginException,
                   FormInvalidCsrfTokenException
Description copied from interface: SpincastFormsCsrfProtectionFilter
Filter's handle main method.

Specified by:
handle in interface SpincastFormsCsrfProtectionFilter
Throws:
FormInvalidOriginException - if the form was  submitted
 from an invalid orgine.
FormInvalidCsrfTokenException - if the form was  submitted
 with an invalid CRSF token.








getCurrentCsrfToken
public SpincastCsrfToken getCurrentCsrfToken()
Description copied from interface: SpincastFormsCsrfProtectionFilter
Returns the current CSRF token to use 
 Will be taken from the user session by default.
 

 If there is none, a new one is created and save 
 in the user's session! This will make the session
 being dirty and saved to the database.

Specified by:
getCurrentCsrfToken in interface SpincastFormsCsrfProtectionFilter








getCurrentCsrfToken
public SpincastCsrfToken getCurrentCsrfToken(boolean createItIfNoneExists)







createCsrfToken
protected SpincastCsrfToken createCsrfToken()







csrfDoesntMatchAction
protected void csrfDoesntMatchAction(RequestContext<?> context,
                                     String message)
                              throws Exception
What to do when the CSRF is not there or not valid?
 
 By default, throw a PublicException with
 an HTTP status code of HttpStatus.SC_BAD_REQUEST and
 a public message.

Throws:
Exception














Skip navigation links




Overview
Package
Class
Use
Tree
Deprecated
Index
Help

 Spincast Framework Javadoc



Prev Class
Next Class


Frames
No Frames


All Classes






Summary: 
Nested | 
Field | 
Constr | 
Method


Detail: 
Field | 
Constr | 
Method






Copyright © 2019. All rights reserved.