com.vaadin.fusion.auth.

Class CsrfChecker


  • @Component
public class CsrfChecker
extends Object

    Handles checking of a CSRF token in endpoint requests.

    • Constructor Detail

      • CsrfChecker

        public CsrfChecker(javax.servlet.ServletContext servletContext)

        Creates a new csrf checker for the given context.

        Parameters:

        servletContext - the servlet context

    • Method Detail

      • validateCsrfTokenInRequest

        public boolean validateCsrfTokenInRequest(javax.servlet.http.HttpServletRequest request)

        Validates the CSRF token that is included in the request.

        Checks that the CSRF token in the request matches the expected one that is stored in the HTTP cookie.

        Note! If CSRF protection is disabled, this method will always return true.

        Parameters:

        request - the request to validate

        Returns:

        true if the CSRF token is ok or checking is disabled, false otherwise

      • setCsrfProtection

        public void setCsrfProtection(boolean csrfProtectionEnabled)

        Enable or disable CSRF token checking in endpoints.

        Parameters:

        csrfProtectionEnabled - enable or disable protection

      • isCsrfProtectionEnabled

        public boolean isCsrfProtectionEnabled()

        Checks if CSRF token checking in endpoints is enabled.

        Returns:

        true if protection is enabled, false otherwise