com.vaadin.flow.server.connect.auth

Class CsrfChecker

java.lang.Object

com.vaadin.flow.server.connect.auth.CsrfChecker

public class CsrfChecker
extends Object

Handles checking of a CSRF token in endpoint requests.

Constructor Summary

Constructors

Constructor and Description
CsrfChecker()

Method Summary

Modifier and Type	Method and Description
boolean	isCsrfProtectionEnabled() Checks if CSRF token checking in endpoints is enabled.
void	setCsrfProtection(boolean csrfProtectionEnabled) Enable or disable CSRF token checking in endpoints.
boolean	validateCsrfTokenInRequest(javax.servlet.http.HttpServletRequest request) Validates the CSRF token that is included in the request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CsrfChecker

public CsrfChecker()

Method Detail

validateCsrfTokenInRequest

public boolean validateCsrfTokenInRequest(javax.servlet.http.HttpServletRequest request)

Validates the CSRF token that is included in the request.

Checks that the CSRF token in the request matches the expected one that is stored in the HTTP session.

Note! If there is no session, this method will always return true.

Note! If CSRF protection is disabled, this method will always return true.

Parameters:

request - the request to validate

Returns:

true if the CSRF token is ok or checking is disabled or there is no HTTP session, false otherwise

setCsrfProtection

public void setCsrfProtection(boolean csrfProtectionEnabled)

Enable or disable CSRF token checking in endpoints.

Parameters:

csrfProtectionEnabled - enable or disable protection

isCsrfProtectionEnabled

public boolean isCsrfProtectionEnabled()

Checks if CSRF token checking in endpoints is enabled.

Returns:

true if protection is enabled, false otherwise