com.vaadin.fusion.auth

Class CsrfChecker

java.lang.Object

com.vaadin.fusion.auth.CsrfChecker

@Component
public class CsrfChecker
extends Object

Handles checking of a CSRF token in endpoint requests.

Constructor Summary

Constructors

Constructor and Description
CsrfChecker(javax.servlet.ServletContext servletContext) Creates a new csrf checker for the given context.

Method Summary

Modifier and Type	Method and Description
boolean	isCsrfProtectionEnabled() Checks if CSRF token checking in endpoints is enabled.
void	setCsrfProtection(boolean csrfProtectionEnabled) Enable or disable CSRF token checking in endpoints.
boolean	validateCsrfTokenInRequest(javax.servlet.http.HttpServletRequest request) Validates the CSRF token that is included in the request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CsrfChecker

public CsrfChecker(javax.servlet.ServletContext servletContext)

Creates a new csrf checker for the given context.

Parameters:

servletContext - the servlet context

Method Detail

validateCsrfTokenInRequest

public boolean validateCsrfTokenInRequest(javax.servlet.http.HttpServletRequest request)

Validates the CSRF token that is included in the request.

Checks that the CSRF token in the request matches the expected one that is stored in the HTTP cookie.

Note! If CSRF protection is disabled, this method will always return true.

Parameters:

request - the request to validate

Returns:

true if the CSRF token is ok or checking is disabled, false otherwise

setCsrfProtection

public void setCsrfProtection(boolean csrfProtectionEnabled)

Enable or disable CSRF token checking in endpoints.

Parameters:

csrfProtectionEnabled - enable or disable protection

isCsrfProtectionEnabled

public boolean isCsrfProtectionEnabled()

Checks if CSRF token checking in endpoints is enabled.

Returns:

true if protection is enabled, false otherwise