Package dev.hilla.auth
Class CsrfChecker
- java.lang.Object
-
- dev.hilla.auth.CsrfChecker
-
@Component public class CsrfChecker extends Object
Handles checking of a CSRF token in endpoint requests.
-
-
Constructor Summary
Constructors Constructor Description CsrfChecker(javax.servlet.ServletContext servletContext)Creates a new csrf checker for the given context.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description booleanisCsrfProtectionEnabled()Checks if CSRF token checking in endpoints is enabled.voidsetCsrfProtection(boolean csrfProtectionEnabled)Enable or disable CSRF token checking in endpoints.booleanvalidateCsrfTokenInRequest(javax.servlet.http.HttpServletRequest request)Validates the CSRF token that is included in the request.
-
-
-
Method Detail
-
validateCsrfTokenInRequest
public boolean validateCsrfTokenInRequest(javax.servlet.http.HttpServletRequest request)
Validates the CSRF token that is included in the request.Checks that the CSRF token in the request matches the expected one that is stored in the HTTP cookie.
Note! If CSRF protection is disabled, this method will always return
true.- Parameters:
request- the request to validate- Returns:
trueif the CSRF token is ok or checking is disabled,falseotherwise
-
setCsrfProtection
public void setCsrfProtection(boolean csrfProtectionEnabled)
Enable or disable CSRF token checking in endpoints.- Parameters:
csrfProtectionEnabled- enable or disable protection
-
isCsrfProtectionEnabled
public boolean isCsrfProtectionEnabled()
Checks if CSRF token checking in endpoints is enabled.- Returns:
trueif protection is enabled,falseotherwise
-
-