We use cookies to serve our customers and website visitors in the best possible way. Cookies are used for the proper functioning of the website and for improving the user experience, monitoring visitor traffic and marketing purposes. By continuing to browse the site, you agree to our use of cookies. You can read more about cookies here.
com.vaadin.flow.server.connect.auth.
Class CsrfChecker
- java.lang.Object
-
- com.vaadin.flow.server.connect.auth.CsrfChecker
-
public class CsrfChecker extends ObjectHandles checking of a CSRF token in endpoint requests.
-
-
Constructor Summary
Constructors Constructor and Description CsrfChecker()
-
Method Summary
All Methods Modifier and Type Method and Description booleanisCsrfProtectionEnabled()Checks if CSRF token checking in endpoints is enabled.
voidsetCsrfProtection(boolean csrfProtectionEnabled)Enable or disable CSRF token checking in endpoints.
booleanvalidateCsrfTokenInRequest(javax.servlet.http.HttpServletRequest request)Validates the CSRF token that is included in the request.
-
-
-
Method Detail
-
validateCsrfTokenInRequest
public boolean validateCsrfTokenInRequest(javax.servlet.http.HttpServletRequest request)Validates the CSRF token that is included in the request.
Checks that the CSRF token in the request matches the expected one that is stored in the HTTP session.
Note! If there is no session, this method will always return
true.Note! If CSRF protection is disabled, this method will always return
true.Parameters:
request- the request to validateReturns:
trueif the CSRF token is ok or checking is disabled or there is no HTTP session,falseotherwise
-
setCsrfProtection
public void setCsrfProtection(boolean csrfProtectionEnabled)Enable or disable CSRF token checking in endpoints.
Parameters:
csrfProtectionEnabled- enable or disable protection
-
isCsrfProtectionEnabled
public boolean isCsrfProtectionEnabled()Checks if CSRF token checking in endpoints is enabled.
Returns:
trueif protection is enabled,falseotherwise
-
-