public.javadoc.org.spincast.plugins.formsprotection.csrf.SpincastFormsCsrfProtectionFilterDefault.html Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of spincast-website Show documentation
Show all versions of spincast-website Show documentation
Source code for the https://www.spincast.org website.
SpincastFormsCsrfProtectionFilterDefault (org.spincast:spincast-framework 1.0.0 API)
org.spincast.plugins.formsprotection.csrf
Class SpincastFormsCsrfProtectionFilterDefault
- java.lang.Object
-
- org.spincast.plugins.formsprotection.csrf.SpincastFormsCsrfProtectionFilterDefault
-
- All Implemented Interfaces:
- SpincastFormsCsrfProtectionFilter
public class SpincastFormsCsrfProtectionFilterDefault
extends Object
implements SpincastFormsCsrfProtectionFilter
CSRF protection filter.
Based on: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
-
-
Field Summary
Fields
Modifier and Type
Field and Description
protected org.slf4j.Logger
logger
-
Constructor Summary
Constructors
Constructor and Description
SpincastFormsCsrfProtectionFilterDefault(SpincastFormsProtectionConfig spincastFormsProtectionConfig,
SpincastCryptoUtils spincastCryptoUtils,
SpincastSessionManager spincastSessionManager,
SpincastConfig spincastConfig,
Dictionary dictionary)
-
Method Summary
All Methods Instance Methods Concrete Methods
Modifier and Type
Method and Description
protected SpincastCsrfToken
createCsrfToken()
protected void
csrfDoesntMatchAction(RequestContext<?> context,
String message)
What to do when the CSRF is not there or not valid?
By default, throw a PublicException
with
an HTTP status code of HttpStatus.SC_BAD_REQUEST
and
a public message.
SpincastCsrfToken
getCurrentCsrfToken()
Returns the current CSRF token to use
Will be taken from the user session by default.
SpincastCsrfToken
getCurrentCsrfToken(boolean createItIfNoneExists)
protected Dictionary
getDictionary()
protected SpincastConfig
getSpincastConfig()
protected SpincastCryptoUtils
getSpincastCryptoUtils()
protected SpincastFormsProtectionConfig
getSpincastFormsProtectionConfig()
protected SpincastSessionManager
getSpincastSessionManager()
void
handle(RequestContext<?> context)
Filter's handle main method.
-
-
Constructor Detail
-
SpincastFormsCsrfProtectionFilterDefault
@Inject
public SpincastFormsCsrfProtectionFilterDefault(SpincastFormsProtectionConfig spincastFormsProtectionConfig,
SpincastCryptoUtils spincastCryptoUtils,
SpincastSessionManager spincastSessionManager,
SpincastConfig spincastConfig,
Dictionary dictionary)
-
Method Detail
-
getSpincastFormsProtectionConfig
protected SpincastFormsProtectionConfig getSpincastFormsProtectionConfig()
-
getSpincastCryptoUtils
protected SpincastCryptoUtils getSpincastCryptoUtils()
-
getSpincastSessionManager
protected SpincastSessionManager getSpincastSessionManager()
-
getSpincastConfig
protected SpincastConfig getSpincastConfig()
-
getDictionary
protected Dictionary getDictionary()
-
handle
public void handle(RequestContext<?> context)
throws FormInvalidOriginException,
FormInvalidCsrfTokenException
Description copied from interface: SpincastFormsCsrfProtectionFilter
Filter's handle main method.
- Specified by:
handle
in interface SpincastFormsCsrfProtectionFilter
- Throws:
FormInvalidOriginException
- if the form was submitted
from an invalid orgine.
FormInvalidCsrfTokenException
- if the form was submitted
with an invalid CRSF token.
-
getCurrentCsrfToken
public SpincastCsrfToken getCurrentCsrfToken()
Description copied from interface: SpincastFormsCsrfProtectionFilter
Returns the current CSRF token to use
Will be taken from the user session by default.
If there is none, a new one is created and save
in the user's session! This will make the session
being dirty and saved to the database.
- Specified by:
getCurrentCsrfToken
in interface SpincastFormsCsrfProtectionFilter
-
getCurrentCsrfToken
public SpincastCsrfToken getCurrentCsrfToken(boolean createItIfNoneExists)
-
createCsrfToken
protected SpincastCsrfToken createCsrfToken()
-
csrfDoesntMatchAction
protected void csrfDoesntMatchAction(RequestContext<?> context,
String message)
throws Exception
What to do when the CSRF is not there or not valid?
By default, throw a PublicException
with
an HTTP status code of HttpStatus.SC_BAD_REQUEST
and
a public message.
- Throws:
Exception
Copyright © 2019. All rights reserved.