Contact us
Create app
com.vaadin.hilla.auth.
Package com.vaadin.hilla.auth

Class CsrfChecker

java.lang.Object
com.vaadin.hilla.auth.CsrfChecker
@Component public class CsrfChecker extends Object

Handles checking of a CSRF token in endpoint requests.

  • Constructor Details

    • CsrfChecker

      public CsrfChecker(jakarta.servlet.ServletContext servletContext)

      Creates a new csrf checker for the given context.

      Parameters:

      servletContext - the servlet context

  • Method Details

    • validateCsrfTokenInRequest

      public boolean validateCsrfTokenInRequest(jakarta.servlet.http.HttpServletRequest request)

      Validates the CSRF token that is included in the request.

      Checks that the CSRF token in the request matches the expected one that is stored in the HTTP cookie.

      Note! If CSRF protection is disabled, this method will always return true.

      Parameters:

      request - the request to validate

      Returns:

      true if the CSRF token is ok or checking is disabled, false otherwise

    • setCsrfProtection

      public void setCsrfProtection(boolean csrfProtectionEnabled)

      Enable or disable CSRF token checking in endpoints.

      Parameters:

      csrfProtectionEnabled - enable or disable protection

    • isCsrfProtectionEnabled

      public boolean isCsrfProtectionEnabled()

      Checks if CSRF token checking in endpoints is enabled.

      Returns:

      true if protection is enabled, false otherwise

Copyright © 2025. All rights reserved.